There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dell desktop drivers email error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot redirect router screen slow sound speakers spyware startup trojan usb video virus vista vundo webcam windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Malware on board (I think) causing BSOD

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 3 of 4 12 3 4
 
Thread Tools
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
01-Jul-2009, 06:09 PM #31
I could not help but notice that the avast! Antivirus.exe is back in the System32 folder after reboot and I am not even sure it has anything to do with my problem . Here is the latest hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:02:24 PM, on 7/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\Bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\bin\engine.exe
C:\Program Files\ViaVoice\Bin\engine.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dumps_startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Batch Process Handler (Microsoft Batch Process Handler For Windows) - Unknown owner - C:\WINDOWS\repair\svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 8452 bytes
Register for free to hide this ad!
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
01-Jul-2009, 06:41 PM #32
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.



  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.




  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
__________________
Microsoft MVP/Windows - Consumer Security
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
02-Jul-2009, 07:36 AM #33
Here is the ComboFix log:

ComboFix 09-07-01.01 - George's Computer 07/01/2009 23:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.599 [GMT -4:00]
Running from: c:\documents and settings\George's Computer\Desktop\ComboFix.exe
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 04:46 . 2009-07-02 04:46 36864 ----a-w- c:\windows\system32\avast!Antivirus.exe
2009-06-29 01:02 . 2009-06-29 01:02 -------- d-----w- C:\_OTS
2009-06-28 17:45 . 2009-06-28 17:45 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-20 23:18 . 2009-07-01 11:12 -------- d-----w- C:\DEBUG TECHGUY
2009-06-14 22:02 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-14 22:01 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-14 22:00 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-14 22:00 . 2009-06-14 22:00 -------- d-----w- c:\program files\Agnitum
2009-06-14 21:49 . 2009-06-14 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-14 19:57 . 2009-06-14 19:57 -------- d-----w- c:\documents and settings\Administrator.GEORGE2006.003\Application Data\SUPERAntiSpyware.com
2009-06-14 13:26 . 2009-06-14 13:26 -------- d-sh--w- c:\documents and settings\George's Computer\UserData
2009-06-14 11:34 . 2009-06-14 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-14 05:06 . 2009-06-14 05:06 -------- d-----w- c:\program files\Sun
2009-06-14 05:06 . 2009-06-14 05:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 16:17 . 2009-07-01 03:03 117760 ----a-w- c:\documents and settings\George's Computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-12 16:15 . 2009-06-12 16:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 03:17 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-11 06:02 . 2009-06-11 10:26 -------- d-----w- c:\documents and settings\George's Computer\DoctorWeb
2009-06-11 04:13 . 2009-06-11 04:13 -------- d-----w- C:\e6fde740473476fb5969f8dd620322
2009-06-11 04:12 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-06-04 02:56 . 2009-06-04 03:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 01:21 . 2009-06-29 01:31 -------- d-----w- C:\DEBUG PROBLEMS
2009-06-04 00:57 . 2009-06-04 00:57 -------- d-----w- c:\program files\Trend Micro
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\documents and settings\George's Computer\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 03:04 . 2007-09-17 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-01 10:11 . 2007-08-20 03:54 -------- d-----w- c:\program files\Debugging Tools for Windows
2009-06-30 02:07 . 2008-02-03 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-06-28 20:22 . 2007-08-26 04:18 -------- d-----w- c:\program files\Alwil Software
2009-06-28 17:46 . 2009-06-02 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 16:34 . 2007-09-17 06:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 00:11 . 2009-06-20 00:11 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-06-20 00:11 . 2009-06-20 00:11 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2007-10-20 01:14 . 2007-10-12 10:13 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-08 16:30 . 2006-12-15 00:13 56 --sh--r- c:\windows\system32\60EB632077.sys
2006-05-07 01:07 . 2006-05-07 01:07 8 --sh--r- c:\windows\system32\772063EB60.sys
2009-02-08 16:30 . 2006-05-07 01:07 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_17.49.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-02 04:43 . 2009-07-02 04:43 16384 c:\windows\temp\Perflib_Perfdata_57c.dat
+ 2009-06-02 04:42 . 2009-06-17 15:27 38160 c:\windows\system32\drivers\mbamswissarmy.sys
- 2009-06-02 04:42 . 2009-05-26 17:19 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-06-02 04:42 . 2009-06-17 15:27 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-07-01 10:11 . 2009-07-02 03:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009070120090702\index.dat
+ 2009-07-01 02:06 . 2009-07-01 02:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009063020090701\index.dat
+ 2009-06-29 12:37 . 2009-06-29 21:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009062920090630\index.dat
+ 2009-06-29 12:37 . 2009-06-29 12:35 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009062220090629\index.dat
+ 2009-06-22 04:52 . 2009-06-22 04:52 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009061520090622\index.dat
+ 2006-05-04 23:55 . 2009-07-02 03:49 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-31 17:48 . 2009-05-31 18:22 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-05-31 17:48 . 2009-07-02 03:49 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2007-09-17 06:45 . 2007-09-17 06:45 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-12 16:16 . 2009-06-12 16:16 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-12 16:16 . 2009-06-12 16:16 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2007-09-17 06:45 . 2007-09-17 06:45 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-05-05 21:56 . 2009-06-18 22:30 102284 c:\windows\system32\Restore\rstrlog.dat
+ 2009-06-14 05:06 . 2009-06-14 05:06 148888 c:\windows\system32\javaws.exe
+ 2009-06-14 05:06 . 2009-06-14 05:06 144792 c:\windows\system32\javaw.exe
+ 2009-06-14 05:06 . 2009-06-14 05:06 144792 c:\windows\system32\java.exe
+ 2006-05-04 23:55 . 2009-07-02 03:49 229376 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-15 14:23 . 2007-11-15 14:23 853280 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_sprtsync.dll
+ 2007-09-06 18:01 . 2007-09-06 18:01 377120 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_pcd.exe
+ 2008-12-24 19:38 . 2008-12-24 19:38 386048 c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 2037288 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_tglib.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 1144360 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_tgctlsi.dll
+ 2007-09-06 18:16 . 2007-09-06 18:16 1423360 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_Matrix.dll
+ 2007-09-06 18:16 . 2007-09-06 18:16 1229824 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_Dapi5.dll
+ 2006-05-05 02:26 . 2009-06-01 13:51 23635392 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Httpsole]
@="{C0E71113-E62D-4D68-A3C1-960EBA1038B6}"
[HKEY_CLASSES_ROOT\CLSID\{C0E71113-E62D-4D68-A3C1-960EBA1038B6}]
2007-04-16 15:52 1700474 ----a-w- c:\windows\system32\sndie32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"BuildBU"="c:\dell\bldbubg.exe" [2006-05-03 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.ex e" [2008-10-05 235936]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= "c:\program files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-07-08 102400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 13:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvenu Connector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvenu Connector.lnk
backup=c:\windows\pss\Avvenu Connector.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\ViaVoice\\Bin\\engine.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\smart.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\msaadmn.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\options.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\miguser.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\navcentral.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\vtdirect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\condition zero\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Eisenworld\\Alohabob\\AlohaBob.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=
"c:\\Games\\Descent3\\main.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/14/2009 06:02 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/14/2009 06:00 PM 1195008]
R2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [10/3/2008 09:44 PM 53307]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/14/2009 06:00 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/14/2009 06:01 PM 257432]
S0 vlak;vlak;c:\windows\system32\drivers\zdlrf.sys --> c:\windows\system32\drivers\zdlrf.sys [?]
S1 541eb95f;541eb95f;c:\windows\system32\drivers\541eb95f.sys --> c:\windows\system32\drivers\541eb95f.sys [?]
S2 Microsoft Batch Process Handler For Windows;Microsoft Batch Process Handler;"c:\windows\repair\svchost.exe" --> c:\windows\repair\svchost.exe [?]
S3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S4 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/26/2006 09:56 PM 29744]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [5/3/2006 11:17 AM 61529]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2007 04:54 AM 24652]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AVAST!ANTIVIRUS
.
Contents of the 'Scheduled Tasks' folder
2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-22 20:22]
2009-06-15 c:\windows\Tasks\Scheduled Checkpoint.job
- c:\program files\VCOM\Recovery Commander\RCSCHED.EXE [2007-11-24 17:20]
2009-06-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2007-08-25 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 00:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\system32\avast!Antivirus.exe 36864 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1384)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\PRISMAPI.DLL
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(5724)
c:\windows\system32\sndie32.dll
c:\windows\system32\iectl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PRISMSVR.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dllhost.exe
c:\progra~1\VCOM\Fix-It\MXTASK.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\locator.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\VCOM\Fix-It\MXTASK.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\avast!Antivirus.exe
.
**************************************************************************
.
Completion time: 2009-07-02 1:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 05:48
ComboFix2.txt 2009-06-10 19:01
Pre-Run: 41,858,310,144 bytes free
Post-Run: 41,840,373,760 bytes free
295 --- E O F --- 2009-01-09 21:01
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Jul-2009, 06:52 PM #34
Open Notepad and copy and paste the text in the code box below into it:
Code:
KILLALL::
File::
c:\windows\System32\avast!Antivirus.exe
c:\windows\system32\drivers\zdlrf.sys
c:\windows\system32\drivers\541eb95f.sys
c:\windows\repair\svchost.exe


Driver::
avast!Antivirus
vlak
541eb95f
Microsoft Batch Process Handler For Windows

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. It may ask to reboot. Post the contents of c:\Combofix.txt in your next reply.



NEXT: Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste the following:
c:\windows\system32\sndie32.dll

Then click the Submit button.

Copy the results and paste them back here in your next reply
__________________
Microsoft MVP/Windows - Consumer Security
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
03-Jul-2009, 12:34 AM #35
I did the CFScript.txt drop onto Combofix like you asked, it asked if I would like to update combofix and I said yes. It did its thing, but did not reboot (I think). Is that ok? Here is the log and the Jotti log follows:

ComboFix 09-07-02.02 - George's Computer 07/02/2009 22:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.603 [GMT -4:00]
Running from: c:\documents and settings\George's Computer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\George's Computer\Desktop\CFScript.txt
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FILE ::
"c:\windows\repair\svchost.exe"
"c:\windows\System32\avast!Antivirus.exe"
"c:\windows\system32\drivers\541eb95f.sys"
"c:\windows\system32\drivers\zdlrf.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\766bbc.msi
c:\windows\System32\avast!Antivirus.exe
c:\windows\system32\drivers\ndis.sys . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Legacy_MICROSOFT_BATCH_PROCESS_HANDLER_FOR_WINDOWS
-------\Service_541eb95f
-------\Service_avast!Antivirus
-------\Service_Microsoft Batch Process Handler For Windows
-------\Service_vlak

((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-06-29 01:02 . 2009-06-29 01:02 -------- d-----w- C:\_OTS
2009-06-28 17:45 . 2009-06-28 17:45 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-20 23:18 . 2009-07-03 02:27 -------- d-----w- C:\DEBUG TECHGUY
2009-06-14 22:02 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-14 22:01 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-14 22:00 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-14 22:00 . 2009-06-14 22:00 -------- d-----w- c:\program files\Agnitum
2009-06-14 21:49 . 2009-06-14 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-14 19:57 . 2009-06-14 19:57 -------- d-----w- c:\documents and settings\Administrator.GEORGE2006.003\Application Data\SUPERAntiSpyware.com
2009-06-14 13:26 . 2009-06-14 13:26 -------- d-sh--w- c:\documents and settings\George's Computer\UserData
2009-06-14 11:34 . 2009-06-14 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-14 05:06 . 2009-06-14 05:06 -------- d-----w- c:\program files\Sun
2009-06-14 05:06 . 2009-06-14 05:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 16:17 . 2009-07-02 16:19 117760 ----a-w- c:\documents and settings\George's Computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-12 16:15 . 2009-06-12 16:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 03:17 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-11 06:02 . 2009-06-11 10:26 -------- d-----w- c:\documents and settings\George's Computer\DoctorWeb
2009-06-11 04:13 . 2009-06-11 04:13 -------- d-----w- C:\e6fde740473476fb5969f8dd620322
2009-06-11 04:12 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-06-04 02:56 . 2009-06-04 03:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 01:21 . 2009-06-29 01:31 -------- d-----w- C:\DEBUG PROBLEMS
2009-06-04 00:57 . 2009-06-04 00:57 -------- d-----w- c:\program files\Trend Micro
2009-06-03 05:41 . 2009-06-03 05:41 -------- d-----w- c:\documents and settings\George's Computer\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 16:38 . 2007-08-20 03:54 -------- d-----w- c:\program files\Debugging Tools for Windows
2009-07-02 03:04 . 2007-09-17 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-30 02:07 . 2008-02-03 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-06-28 20:22 . 2007-08-26 04:18 -------- d-----w- c:\program files\Alwil Software
2009-06-28 17:46 . 2009-06-02 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 16:34 . 2007-09-17 06:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 00:11 . 2009-06-20 00:11 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-06-20 00:11 . 2009-06-20 00:11 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2007-10-20 01:14 . 2007-10-12 10:13 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-08 16:30 . 2006-12-15 00:13 56 --sh--r- c:\windows\system32\60EB632077.sys
2006-05-07 01:07 . 2006-05-07 01:07 8 --sh--r- c:\windows\system32\772063EB60.sys
2009-02-08 16:30 . 2006-05-07 01:07 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_17.49.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-03 03:22 . 2009-07-03 03:22 16384 c:\windows\temp\Perflib_Perfdata_548.dat
+ 2009-06-02 04:42 . 2009-06-17 15:27 38160 c:\windows\system32\drivers\mbamswissarmy.sys
- 2009-06-02 04:42 . 2009-05-26 17:19 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-06-02 04:42 . 2009-06-17 15:27 19096 c:\windows\system32\drivers\mbam.sys
+ 2009-07-03 02:25 . 2009-07-03 02:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-01 10:11 . 2009-07-02 03:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009070120090702\index.dat
+ 2009-07-01 02:06 . 2009-07-01 02:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009063020090701\index.dat
+ 2009-06-29 12:37 . 2009-06-29 21:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009062920090630\index.dat
+ 2009-06-29 12:37 . 2009-06-29 12:35 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009062220090629\index.dat
+ 2009-06-22 04:52 . 2009-06-22 04:52 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009061520090622\index.dat
+ 2006-05-04 23:55 . 2009-07-03 02:25 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-31 17:48 . 2009-07-02 03:49 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2009-05-31 17:48 . 2009-05-31 18:22 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2006-05-03 15:21 . 2006-05-03 15:21 72704 c:\windows\Installer\7ba3.msi
- 2007-09-17 06:45 . 2007-09-17 06:45 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-06-12 16:16 . 2009-06-12 16:16 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-09-17 06:45 . 2007-09-17 06:45 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-06-12 16:16 . 2009-06-12 16:16 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-05-05 21:56 . 2009-06-18 22:30 102284 c:\windows\system32\Restore\rstrlog.dat
+ 2009-06-14 05:06 . 2009-06-14 05:06 148888 c:\windows\system32\javaws.exe
+ 2009-06-14 05:06 . 2009-06-14 05:06 144792 c:\windows\system32\javaw.exe
+ 2009-06-14 05:06 . 2009-06-14 05:06 144792 c:\windows\system32\java.exe
+ 2006-05-04 23:55 . 2009-07-03 02:25 229376 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-14 22:00 . 2009-06-14 22:00 228352 c:\windows\Installer\d6db2.msi
+ 2006-05-03 15:30 . 2006-05-03 15:30 634880 c:\windows\Installer\7d2a.msi
+ 2006-05-03 15:30 . 2006-05-03 15:30 281600 c:\windows\Installer\7d21.msi
+ 2006-05-03 15:29 . 2006-05-03 15:29 219136 c:\windows\Installer\7d0d.msi
+ 2006-05-03 15:27 . 2006-05-03 15:27 259584 c:\windows\Installer\7d08.msi
+ 2006-05-03 15:26 . 2006-05-03 15:26 285696 c:\windows\Installer\7bd0.msi
+ 2006-05-03 15:24 . 2006-05-03 15:24 655360 c:\windows\Installer\7bc0.msi
+ 2006-05-03 15:22 . 2006-05-03 15:22 194048 c:\windows\Installer\7baf.msi
+ 2006-05-03 15:22 . 2006-05-03 15:22 290304 c:\windows\Installer\7bab.msi
+ 2006-05-03 15:21 . 2006-05-03 15:21 656896 c:\windows\Installer\7ba7.msi
+ 2006-05-03 15:20 . 2006-05-03 15:20 669696 c:\windows\Installer\7b9f.msi
+ 2006-05-03 15:20 . 2006-05-03 15:20 256000 c:\windows\Installer\7b9b.msi
+ 2006-05-03 15:19 . 2006-05-03 15:19 489984 c:\windows\Installer\7b88.msi
+ 2006-05-03 15:19 . 2006-05-03 15:19 398848 c:\windows\Installer\7b83.msi
+ 2006-05-03 15:19 . 2006-05-03 15:19 275968 c:\windows\Installer\7b7e.msi
+ 2006-05-03 15:17 . 2006-05-03 15:17 155136 c:\windows\Installer\7b72.msi
+ 2004-08-10 18:08 . 2004-08-10 18:08 264704 c:\windows\Installer\7506.msi
+ 2006-05-07 01:24 . 2006-05-07 01:24 171008 c:\windows\Installer\5ba3bbd.msi
+ 2007-08-20 03:54 . 2007-08-20 03:54 633344 c:\windows\Installer\5a4b5e.msi
+ 2007-02-20 00:53 . 2007-02-20 00:53 222720 c:\windows\Installer\4acd5f7.msi
+ 2009-06-14 05:06 . 2009-06-14 05:06 873472 c:\windows\Installer\36a24.msi
+ 2009-06-14 05:06 . 2009-06-14 05:06 536576 c:\windows\Installer\36a1f.msi
+ 2009-06-14 05:05 . 2009-06-14 05:05 417792 c:\windows\Installer\36a18.msi
+ 2007-08-15 20:01 . 2007-08-15 20:01 431104 c:\windows\Installer\35ce58c.msi
+ 2006-11-19 08:01 . 2006-11-19 08:01 428544 c:\windows\Installer\2de3452.msi
+ 2008-11-27 18:09 . 2008-11-27 18:09 432640 c:\windows\Installer\203e3.msi
+ 2008-03-11 23:39 . 2008-03-11 23:39 569856 c:\windows\Installer\1d4148.msp
+ 2007-11-15 14:23 . 2007-11-15 14:23 853280 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_sprtsync.dll
+ 2007-09-06 18:01 . 2007-09-06 18:01 377120 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_pcd.exe
+ 2008-12-24 19:38 . 2008-12-24 19:38 386048 c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
+ 2006-08-26 18:11 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2006-05-03 15:17 . 2006-05-03 15:17 169472 c:\windows\Downloaded Installations\{2E0EBC61-88B0-453B-9535-FF97D78018BA}\Qualxserve Service Agreement.msi
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 1326080 c:\windows\system32\webfldrs.msi
+ 2006-05-05 00:01 . 2006-05-03 15:15 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninsta ll.msp
+ 2008-02-05 01:20 . 2008-02-05 01:20 2051072 c:\windows\Installer\eda57fa.msi
+ 2009-06-12 16:16 . 2009-06-12 16:16 1516544 c:\windows\Installer\ea0b53.msi
+ 2006-08-26 19:43 . 2006-08-26 19:43 9934848 c:\windows\Installer\b9525a.msi
+ 2006-05-05 22:23 . 2006-05-05 22:23 3034112 c:\windows\Installer\a3794.msi
+ 2006-05-03 15:30 . 2006-05-03 15:30 1150464 c:\windows\Installer\7d1c.msi
+ 2006-05-03 15:30 . 2006-05-03 15:30 1144832 c:\windows\Installer\7d17.msi
+ 2006-05-03 15:30 . 2006-05-03 15:30 1142784 c:\windows\Installer\7d12.msi
+ 2006-05-03 15:24 . 2006-05-03 15:24 9649152 c:\windows\Installer\7bb7.msi
+ 2006-05-03 15:19 . 2006-05-03 15:19 1900032 c:\windows\Installer\7b77.msi
+ 2008-01-11 02:06 . 2008-01-11 02:06 1430016 c:\windows\Installer\571105.msi
+ 2004-08-10 18:09 . 2004-08-10 18:10 3443712 c:\windows\Installer\50c4.msi
+ 2006-08-27 17:46 . 2006-08-27 17:46 3282432 c:\windows\Installer\459532a.msi
+ 2005-08-22 20:54 . 2005-08-22 20:54 8068608 c:\windows\Installer\44a869d.msp
+ 2007-11-24 19:47 . 2007-11-24 19:47 5840896 c:\windows\Installer\44a869c.msi
+ 2006-05-05 00:43 . 2006-05-05 00:43 5864960 c:\windows\Installer\25b24a.msp
+ 2008-02-22 02:58 . 2008-02-22 02:58 1635328 c:\windows\Installer\1b1d53.msi
+ 2008-02-22 02:57 . 2008-02-22 02:57 8984576 c:\windows\Installer\1b1d4d.msi
+ 2008-02-22 02:55 . 2008-02-22 02:55 1539072 c:\windows\Installer\1b1cce.msi
+ 2008-02-22 02:55 . 2008-02-22 02:55 2793984 c:\windows\Installer\1b1cc8.msi
+ 2008-02-13 09:15 . 2008-02-13 09:15 2417152 c:\windows\Installer\1a639b.msp
+ 2006-05-08 02:17 . 2006-05-08 02:17 2143744 c:\windows\Installer\1a568d.msi
+ 2006-05-08 02:14 . 2006-05-08 02:14 1735168 c:\windows\Installer\1a5683.msi
+ 2007-06-20 22:43 . 2007-06-20 22:43 1392128 c:\windows\Installer\1807e5.msi
+ 2006-09-01 23:47 . 2009-06-03 06:04 3777536 c:\windows\Installer\14a394.msi
+ 2006-05-16 19:46 . 2006-05-16 19:46 3030528 c:\windows\Installer\12c9dc.msi
+ 2007-11-15 14:24 . 2007-11-15 14:24 2037288 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_tglib.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 1144360 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_tgctlsi.dll
+ 2007-09-06 18:16 . 2007-09-06 18:16 1423360 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_Matrix.dll
+ 2007-09-06 18:16 . 2007-09-06 18:16 1229824 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\ 2.0.7311\file_Dapi5.dll
+ 2006-08-26 18:11 . 2006-06-19 20:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2008-01-11 02:37 . 2008-06-10 01:03 2052608 c:\windows\Downloaded Installations\{12204855-0CB3-4EB4-ACD6-754C11685D1E}\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10.msi
+ 2006-05-05 02:26 . 2009-06-01 13:51 23635392 c:\windows\system32\MRT.exe
+ 2006-05-03 15:23 . 2006-05-03 15:23 22943232 c:\windows\Installer\7bb3.msi
+ 2006-05-08 02:15 . 2006-05-08 02:15 12983808 c:\windows\Installer\1a5688.msi
+ 2004-08-10 18:10 . 2004-08-10 18:10 19204096 c:\windows\Installer\1599f.msp
+ 2007-07-25 05:54 . 2007-07-25 05:54 15256576 c:\windows\Installer\128ed35.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Httpsole]
@="{C0E71113-E62D-4D68-A3C1-960EBA1038B6}"
[HKEY_CLASSES_ROOT\CLSID\{C0E71113-E62D-4D68-A3C1-960EBA1038B6}]
2007-04-16 15:52 1700474 ----a-w- c:\windows\system32\sndie32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"BuildBU"="c:\dell\bldbubg.exe" [2006-05-03 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.ex e" [2008-10-05 235936]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= "c:\program files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-07-08 102400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 13:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvenu Connector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvenu Connector.lnk
backup=c:\windows\pss\Avvenu Connector.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\ViaVoice\\Bin\\engine.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\smart.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\msaadmn.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\options.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\miguser.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\navcentral.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\vtdirect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\sillypiggy999\\condition zero\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Eisenworld\\Alohabob\\AlohaBob.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=
"c:\\Games\\Descent3\\main.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/14/2009 06:02 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [10/3/2008 09:44 PM 53307]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/14/2009 06:00 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/14/2009 06:01 PM 257432]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/14/2009 06:00 PM 1195008]
S3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S4 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/26/2006 09:56 PM 29744]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [5/3/2006 11:17 AM 61529]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/19/2007 04:54 AM 24652]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AVAST!ANTIVIRUS
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-22 20:22]
2009-06-15 c:\windows\Tasks\Scheduled Checkpoint.job
- c:\program files\VCOM\Recovery Commander\RCSCHED.EXE [2007-11-24 17:20]
2009-06-28 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2007-08-25 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 23:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\PRISMAPI.DLL
c:\windows\system32\DNSAPI.dll
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\sndie32.dll
c:\windows\system32\iectl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PRISMSVR.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dllhost.exe
c:\progra~1\VCOM\Fix-It\MXTASK.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\locator.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\VCOM\Fix-It\MXTASK.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\avast!Antivirus.exe
.
**************************************************************************
.
Completion time: 2009-07-03 0:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 04:26
ComboFix2.txt 2009-07-02 05:48
ComboFix3.txt 2009-06-10 19:01
Pre-Run: 41,815,834,624 bytes free
Post-Run: 41,777,684,480 bytes free
363 --- E O F --- 2009-01-09 21:01

Filename: sndie32.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 3 Jul 2009 04:25:16 (CET) Permalink
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Jul-2009, 09:12 AM #36
This file is infected, and we need to replace it with a non-infected file:
C:\WINDOWS\system32\drivers\ndis.sys

Do you have your XP CD handy?
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
03-Jul-2009, 03:52 PM #37
My Dell reinstallation CD for window xp Home is missing, but I have my Dell reistallation CD for windows xp Professional. Is that ok? I found
ndis.sy_ in the I386 folder on the disk, but how to extract the proper file from the CD? Is there a clean backup of ndis.sys somewhere on my hard drive?
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
03-Jul-2009, 06:38 PM #38
What a nice pick-up Cybertech... there are two copies of ndis.sys in my system32 folder:

C:\WINDOWS\system32\drivers\ndis(2).sys 178kb created 8-4-04 and
C:\WINDOWS\system32\drivers\ndis.sys 207kb created 5-30-09.

I can scan ndis(2).sys with Jotti and VirusTotal (both scanner show clean), but can not scan the ndis.sys file (loads into scanners, but won't run).

Is this significant or am I way off? Can I rename and copy-over or will that just make for a bigger mess?
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Jul-2009, 07:40 PM #39
If you delete C:\WINDOWS\system32\drivers\ndis.sys Windows should find a new copy to replace it, likely from the I386 folder. The one dated 5-30-09 is infected. This one looks to be ok: C:\WINDOWS\system32\drivers\ndis(2).sys
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
03-Jul-2009, 11:38 PM #40
The ndis(2).sys would not allow a name change, but I found another good copy of ndis.sys on the hard drive and copied it to the driver folder, overwriting the bad file. Rebooted and tested it in Jotti and it was clean.. Ran full scan of SASW and found Trojans/ also Avast!exe back on the the system32 folder. Ran the scanner with the following log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/03/2009 at 10:59 PM
Application Version : 4.26.1006
Core Rules Database Version : 3971
Trace Rules Database Version: 1911
Scan type : Complete Scan
Total Scan Time : 00:32:51
Memory items scanned : 272
Memory threats detected : 0
Registry items scanned : 6313
Registry threats detected : 6
File items scanned : 20907
File threats detected : 1
Trojan.Agent/Gen-AvastFake
HKLM\System\ControlSet002\Services\avast!Antivirus
C:\WINDOWS\SYSTEM32\AVAST!ANTIVIRUS.EXE
HKLM\System\ControlSet002\Enum\Root\LEGACY_avast!Antivirus
HKLM\System\ControlSet004\Services\avast!Antivirus
HKLM\System\ControlSet004\Enum\Root\LEGACY_avast!Antivirus
HKLM\System\CurrentControlSet\Services\avast!Antivirus
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_avast!Antivirus

Am I clean now or is there still some rootkit hanging around (I am worried that I will not be able to download any resident antiviral scanners, as I had to delete Kaspersky because of BSOD in normal mode)? Again, thanks for all your help.
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
04-Jul-2009, 12:56 PM #41
Did SUPERAntiSpyware fix those items?
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
04-Jul-2009, 05:15 PM #42
Your amazing! I re-ran the SAS and MBAM and they are both clean. Thank you so much. Was this piece of malware the problem why I kept getting BSOD's when running avira, avg, avast, bit defender, kaspersky...(I had to uninstall them all)?
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
05-Jul-2009, 12:35 PM #43
The malware could have caused the BSOD. Have you reinstalled an anti-virus program? If not you should do that ASAP.




Please post your hijackthis log again.
flash247's Avatar
Member with 30 posts.
  
Join Date: Jun 2009
06-Jul-2009, 09:25 PM #44
Hi. The system has been great for 24 hours. I installed SASW Pro and it shows nothing. I installed Avira (I have it on my oth computers) and full scan only turned up the Trojan in the quarantine Qoobox- which it renamed and moved to its quaantine. But I get BSOD when running SASW now, with avgntflt.sys causing the dump (SASW runs fine in safe mode). Should I just let things be as both programs are protecting me in realtime? The Antivir runs fine in Normal mode and the SASW runs fine in Safe Mode. Here is my latest hjt log if it helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:58 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackboard.ftl.pinecrest.edu/...l/frameset.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dumps_startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 8786 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,016 posts.
  
Join Date: Apr 2002
Location: Washington State
07-Jul-2009, 11:38 AM #45
If SASW Pro is causing problems I would uninstall it and use Malwarebytes.
Closed Thread Bookmark and Share
Page 3 of 4 12 3 4

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:02 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.