System Freeze After Failed Sp3 Install

Just bought BitFender AntiVirus 2009 and installed on 3 computers and all ran well. MS auto-update tried to install SP3 (o one computer) and failed with BSOD, then rolled back. Since then BitFender locks up entire computer each time I try to launch "BitFender AntiVirus 2009" user interface. Runiing Windows XP+SP2+all critical updates+2Gb ram and PC Tools Firewall Plus with BitFender granted full access to everyything. Have been using Norton products for years with no problems ever. Very disappointed. Please find Hijack this log below.


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 11:31:06, on 08/10/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16705)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Intel\Wireless\Bin\EvtEng.exe


C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


C:\WINDOWS\system32\spoolsv.exe


C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe


C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe


C:\WINDOWS\system32\inetsrv\inetinfo.exe


C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe


C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe


C:\WINDOWS\system32\nvsvc32.exe


C:\Program Files\PC Tools Firewall Plus\FWService.exe


C:\WINDOWS\system32\HPZipm12.exe


C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe


C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe


C:\WINDOWS\System32\snmp.exe


C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe


C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe


C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe


C:\Program Files\Synaptics\SynTP\Toshiba.exe


C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe


C:\WINDOWS\System32\DLA\DLACTRLW.EXE


C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe


C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\WINDOWS\system32\taskswitch.exe


C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe


C:\Program Files\PowerISO\PWRISOVM.EXE


C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe


C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe


C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe


C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe


C:\Program Files\Messenger\msmsgs.exe


C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Microsoft ActiveSync\Wcescomm.exe


C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe


C:\PROGRA~1\MICROS~3\rapimgr.exe


C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe


C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe


C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe


C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe


C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe


C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll


O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll


O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll


O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe


O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [ToshibaApp] C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe


O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe


O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe


O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE


O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en


O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"


O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless


O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe


O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"


O4 - HKLM\..\Run: [scanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"


O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto


O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"


O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"


O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe


O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O4 - Global Startup: Bluetooth Manager.lnk = ?


O4 - Global Startup: PATGuard e-Manager.lnk = C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe


O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll


O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll


O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll


O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222381615468


O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rapidclimatecontrol.com


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rapidclimatecontrol.com


O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe


O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)


O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe


O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe


O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


--


End of file - 13672 bytes

Comments

  • rootkit
    rootkit ✭✭✭

    Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Run the program....


    Then post the resultant log here.

  • Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Run the program....


    Then post the resultant log here.


    Here it is as requested...


    ComboFix 08-10-07.06 - Paul.Camilleri 2008-10-08 15:50:36.1 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1270 [GMT 1:00]


    Running from: C:\Documents and Settings\Paul.Camilleri\Desktop\BitFender-2009\ComboFix.exe


    * Created a new restore point


    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML


    C:\Documents and Settings\Paul.Camilleri\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML


    C:\Documents and Settings\WS5\ASPNET\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML


    C:\WINDOWS\IE4 Error Log.txt


    C:\WINDOWS\system32\Cache


    C:\WINDOWS\system32\Cfx32.lic


    C:\WINDOWS\system32\cfx32.ocx


    C:\WINDOWS\system32\mdm.exe


    C:\WINDOWS\system32\rtl60.bpl


    .


    ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))


    .


    2008-10-08 11:28 . 2008-10-08 11:28 <DIR> d-------- C:\Program Files\Trend Micro


    2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\system32\scripting


    2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\system32\en


    2008-10-07 22:53 . 2008-10-07 22:56 <DIR> d-------- C:\WINDOWS\system32\bits


    2008-10-07 22:53 . 2008-10-07 22:53 <DIR> d-------- C:\WINDOWS\l2schemas


    2008-10-07 22:48 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe


    2008-10-07 22:44 . 2007-02-28 10:53 2,137,600 --a------ C:\WINDOWS\system32\ntoskrnl.exe


    2008-10-07 22:30 . 2008-04-14 01:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe


    2008-10-07 22:29 . 2006-12-28 20:01 19,569 --a------ C:\WINDOWS\003046_.tmp


    2008-10-07 22:16 . 2008-10-08 09:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak


    2008-10-07 14:29 . 2008-10-07 14:29 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\PCToolsFirewallPlus


    2008-10-07 14:22 . 2008-10-08 16:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP


    2008-10-07 14:21 . 2008-10-07 14:35 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus


    2008-10-07 14:21 . 2008-10-07 14:21 <DIR> d-------- C:\Program Files\Common Files\PC Tools


    2008-10-07 14:21 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys


    2008-10-07 14:21 . 2008-07-17 16:53 93,952 --a------ C:\WINDOWS\system32\drivers\pctfw.sys


    2008-10-07 14:21 . 2008-08-05 15:58 58,136 --a------ C:\WINDOWS\system32\drivers\FWAuthdriver.sys


    2008-10-07 13:56 . 2008-10-07 13:56 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml


    2008-10-07 13:56 . 2008-10-07 13:56 385 --a------ C:\WINDOWS\system32\user_gensett.xml


    2008-10-07 13:52 . 2008-10-07 13:52 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\BitDefender


    2008-10-07 13:51 . 2008-10-07 13:51 <DIR> d-------- C:\Program Files\BitDefender


    2008-10-07 13:51 . 2008-10-07 13:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender


    2008-10-07 13:49 . 2008-10-07 13:52 <DIR> d-------- C:\Program Files\Common Files\BitDefender


    2008-10-05 14:07 . 2008-10-05 14:07 61,208 --a------ C:\WINDOWS\system32\x264vfw-uninstall.exe


    2008-10-05 04:31 . 2008-10-05 04:31 <DIR> d-------- C:\Program Files\AVSMedia


    2008-09-27 03:48 . 2008-09-27 03:48 414 --a------ C:\AVSAudioDXfilters.xml


    2008-09-26 11:53 . 2008-09-26 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU


    2008-09-26 10:43 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll


    2008-09-26 10:43 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui


    2008-09-26 09:58 . 2008-09-26 09:58 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\CyberLink


    2008-09-26 09:41 . 2008-09-26 11:15 <DIR> d-------- C:\Program Files\CyberLink


    2008-09-26 02:41 . 2008-09-26 02:41 <DIR> d-------- C:\Documents and Settings\Paul.Camilleri\Application Data\AVSMedia


    2008-09-26 00:24 . 2008-09-26 00:24 <DIR> d-------- C:\WINDOWS\SQLTools9_KB954606_ENU


    2008-09-26 00:23 . 2008-09-26 00:23 <DIR> d-------- C:\WINDOWS\DTS9_KB954606_ENU


    2008-09-26 00:22 . 2008-09-26 00:22 <DIR> d-------- C:\WINDOWS\NS9_KB954606_ENU


    2008-09-26 00:19 . 2008-09-26 00:19 <DIR> d-------- C:\WINDOWS\RS9_KB954606_ENU


    2008-09-26 00:14 . 2008-09-26 02:41 <DIR> d-------- C:\Program Files\Common Files\AVSMedia


    2008-09-26 00:14 . 2003-05-22 12:26 638,976 --a------ C:\WINDOWS\system32\divx.dll


    2008-09-26 00:14 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll


    2008-09-26 00:14 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll


    2008-09-26 00:14 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax


    2008-09-26 00:14 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx


    2008-09-26 00:14 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm


    2008-09-26 00:14 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm


    2008-09-26 00:14 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm


    2008-09-26 00:14 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm


    2008-09-26 00:13 . 2008-09-26 00:13 <DIR> d-------- C:\WINDOWS\SQL9_KB954606_ENU


    2008-09-25 21:08 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys


    2008-09-25 20:54 . 2008-09-25 20:54 <DIR> d-------- C:\Drivers


    2008-09-25 20:54 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys


    2008-09-25 20:54 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys


    2008-09-25 20:54 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL


    2008-09-25 20:54 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys


    2008-09-25 20:54 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys


    2008-09-25 20:54 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll


    2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\Sonic Foundry


    2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\Pure Motion


    2008-09-18 14:58 . 2008-09-18 14:58 <DIR> d-------- C:\Program Files\DebugMode


    2008-09-08 14:40 . 2008-09-08 14:40 <DIR> d-------- C:\Program Files\AmbulantPlayer-1.8


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-10-07 12:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared


    2008-10-07 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec


    2008-10-07 12:41 --------- d-----w C:\Program Files\Symantec


    2008-10-06 10:51 --------- d-----w C:\Program Files\Microsoft ActiveSync


    2008-10-03 03:21 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\AltiumDesigner6


    2008-09-26 10:49 --------- d--h--w C:\Program Files\InstallShield Installation Information


    2008-09-25 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help


    2008-09-25 23:26 --------- d-----w C:\Program Files\Microsoft SQL Server


    2008-09-25 23:10 --------- d-----w C:\Program Files\Microsoft Works


    2008-09-24 13:36 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\SolidWorks


    2008-09-19 17:28 --------- d-----w C:\Program Files\SolidWorks


    2008-09-09 11:31 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\DBDesigner4


    2008-08-25 13:39 --------- d-----w C:\Program Files\Total Uninstall


    2008-08-12 20:57 --------- d-----w C:\Documents and Settings\Paul.Camilleri\Application Data\DevelCor


    2008-08-12 20:56 --------- d-----w C:\Program Files\DevelCor


    2008-08-12 17:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys


    2008-08-12 17:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys


    2008-08-08 01:58 --------- d-----w C:\Program Files\Sun


    2008-08-08 01:58 --------- d-----w C:\Program Files\Java


    2008-08-08 00:37 --------- d-----w C:\Program Files\SQLXML 4.0


    2008-08-08 00:36 --------- d-----w C:\Program Files\Microsoft.NET


    2008-08-08 00:25 --------- d-----w C:\Program Files\Microsoft Analysis Services


    2008-08-07 21:21 27,136 ----a-w C:\WINDOWS\~GLH0001.TMP


    2008-08-07 21:18 27,136 ----a-w C:\WINDOWS\~GLH0000.TMP


    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll


    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe


    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll


    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll


    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll


    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll


    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll


    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll


    2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll


    2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll


    2008-05-20 02:05 4,500,672 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]


    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]


    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]


    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]


    "1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-02-27 1540096]


    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 68856]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 7557120]


    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]


    "ToshibaApp"="C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe" [2006-01-31 110592]


    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]


    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]


    "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-04-07 1773568]


    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]


    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]


    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]


    "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]


    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]


    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]


    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]


    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]


    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]


    "StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]


    "TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-08 716800]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]


    "00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]


    "nwiz"="nwiz.exe" [2006-02-16 C:\WINDOWS\system32\nwiz.exe]


    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]


    "NDSTray.exe"="NDSTray.exe" [bU]


    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]


    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]


    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]


    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]


    PATGuard e-Manager.lnk - C:\Program Files\Seaward\PATGuard Elite\eManagerNR.exe [2006-03-07 73728]


    SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 6395464]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "SENTINEL"= snti386.dll


    "vidc.x264"= x264vfw.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]


    "DisableMonitoring"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]


    "DisableMonitoring"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


    "DisableMonitoring"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=


    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=


    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=


    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager


    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager


    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


    R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]


    R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 40928]


    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 27776]


    R2 altio;altio;C:\WINDOWS\system32\altio.sys [2004-05-26 3200]


    R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2006-03-24 1294336]


    R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-08-05 205840]


    R2 msftesql$MSSQL2005;SQL Server FullText Search (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 92952]


    R2 MSSQL$MSSQL2005;SQL Server (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]


    R2 ReportServer$MSSQL2005;SQL Server Reporting Services (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-08-05 16912]


    R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]


    R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]


    R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 58136]


    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]


    R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]


    R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys [2006-01-17 15744]


    S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]


    S3 DTV_Capture_2X0;DVB-T Receiver;C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432]


    S3 DTV_Loader_2X1;DVB-T Loader;C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 19328]


    S3 SQLAgent$MSSQL2005;SQL Server Agent (MSSQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2007-02-10 344944]


    S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-12-29 47584]


    S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    .


    - - - - ORPHANS REMOVED - - - -


    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    HKLM-Run-ScanSoft OmniPage 15.0-reminder - C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe


    Notify-dimsntfy - (no file)


    .


    ------- Supplementary Scan -------


    .


    FireFox -: Profile - C:\Documents and Settings\Paul.Camilleri\Application Data\Mozilla\Firefox\Profiles\0prxd5dz.default\


    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll


    .


    **************************************************************************


    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-10-08 16:04:45


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$MSSQL2005]


    "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQL2005"


    .


    ------------------------ Other Running Processes ------------------------


    .


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe


    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe


    C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\intel\ansyslmd.exe


    C:\WINDOWS\system32\inetsrv\inetinfo.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE


    C:\WINDOWS\system32\nvsvc32.exe


    C:\Program Files\PC Tools Firewall Plus\FWService.exe


    C:\WINDOWS\system32\HPZipm12.exe


    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe


    C:\WINDOWS\system32\snmp.exe


    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe


    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe


    C:\Program Files\Synaptics\SynTP\Toshiba.exe


    C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


    C:\PROGRA~1\MICROS~3\rapimgr.exe


    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe


    C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe


    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe


    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe


    .


    **************************************************************************


    .


    Completion time: 2008-10-08 16:13:54 - machine was rebooted


    ComboFix-quarantined-files.txt 2008-10-08 15:13:48


    Pre-Run: 1,614,143,488 bytes free


    Post-Run: 3,801,489,408 bytes free


    281 --- E O F --- 2008-10-08 08:17:10

  • Hello bflogon,


    I can still see some leftovers of Norton on your computer:


    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


    That can cause conflicts please follow the instructions that I gave in this topic. To remove Norton completely.


    Please do this open wordpad and write this:


    File::


    C:\WINDOWS\003046_.tmp


    C:\Program Files\FLV PlayerRCATSetup.exe


    C:\WINDOWS\~GLH0001.TMP


    C:\WINDOWS\~GLH0000.TMP


    and save it as CFscript. Now drag and drop CFscript on the Combofix icon.


    Can you please do this click on start,my computer,double click on the icon of your hard disk/partition were you have installed software. You should see a folder called QooBox. Open that folder. Now you will see the quarantine folder please open that also,C (if you hard drive is called so),windows, system 32. You should also find a subfolder called Program files. Now right click on each item and rename the files that looks like blabla.exe.vir to blabla.exe. You just need to remove the .vir.First you need to show file extensions to do that go to the tools menu,folder options,display/view tab uncheck hide known file extensions press on apply and ok. Confirm the windows warning. Now archive these files by following the instructions in the 2nd post of this topic.


    You need to split the archives because there is a 2mb file upload limit. Upload the attachment(s) here in this topic. When you are in the screen for creating a reply please scroll down there you will see the Attachments section press on browse now you need to navigate on your computer to the location of your attachment of the infected files that you have archived press on open to upload here on the forum you need to press on the upload button. Wait till the update is complete.


    Kind regards,


    Niels