Solved Trojan virus/ google redirect

blue72 · 2009/06/27

[Resolved] Trojan virus/ google redirect

I have been having huge problems trying to get rid of these viruses, can anyone help? I have free version of spyware doctor and this will not remove the viruses.

Admin. · 2009/06/27

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

blue72 · 2009/06/27

dds

DDS (Ver_09-06-26.01) - NTFSx86
Run by Suzanne at 0:36:58.20 on 28/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.358 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Suzanne\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Bullseye Tool Bar: {6226ba26-c017-4007-928c-de9715c6fa67} - c:\program files\ietoolbar\bullseye tool bar\lw.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IDTSysTrayApp] sttray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\suzanne\startm~1\programs\startup\runit_32.lnk - c:\program files\runit\runit_32.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245919642796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-25 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-27 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-27 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-27 185089]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-25 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-24 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-27 55640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 a8924;a8924;c:\windows\system32\a8924.sys [2009-6-27 54624]
R3 cpuz128;cpuz128;\??\c:\docume~1\suzanne\locals~1\temp\cpuz_x32.sys --> c:\docume~1\suzanne\locals~1\temp\cpuz_x32.sys [?]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14.tmp --> c:\windows\system32\14.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-2 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-2 1095560]

=============== Created Last 30 ================

2009-06-27 23:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-27 23:51 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-06-27 22:39 <DIR> --d----- c:\program files\trend micro
2009-06-27 20:38 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-27 20:38 <DIR> --d----- c:\program files\Avira
2009-06-27 20:38 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-06-27 20:03 128,352 a------- c:\windows\system32\a8924.dll
2009-06-27 20:03 714,752 a------- c:\windows\system32\3dd25.tmp
2009-06-27 20:03 54,624 a------- c:\windows\system32\a8924.sys
2009-06-27 19:50 128,352 a------- c:\windows\system32\dfb1B.dll
2009-06-27 19:50 2,335,270 a------- c:\windows\system32\8961A.mht
2009-06-27 19:45 <DIR> --d----- c:\program files\SpyZooka
2009-06-27 19:39 <DIR> --d----- c:\program files\Sophos
2009-06-27 18:46 166 a------- c:\windows\system32\Compress.res
2009-06-27 18:46 230 a------- c:\windows\reimage.ini
2009-06-27 18:44 <DIR> --d----- c:\program files\Reimage
2009-06-27 18:39 <DIR> --d----- c:\docume~1\suzanne\applic~1\Malwarebytes
2009-06-27 18:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-06-27 18:22 8,284 a------- c:\windows\system32\eps_icon.avi
2009-06-27 18:18 116 a------- c:\windows\homeDVD-Photos4_dlx.INI
2009-06-26 13:14 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-26 13:14 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-25 21:32 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-25 21:31 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-25 21:31 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-25 21:30 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-25 21:30 <DIR> --d----- c:\docume~1\suzanne\applic~1\PC Tools
2009-06-25 21:30 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PC Tools
2009-06-25 20:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 20:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2009-06-25 20:35 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 20:35 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 20:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-06-25 20:10 <DIR> --dsh--- c:\windows\system32\lowsec
2009-06-25 20:05 217 a------- c:\windows\system32\winset.ini
2009-06-25 20:05 138,752 a------- c:\windows\rbalv1136.exe
2009-06-25 20:04 <DIR> --d----- c:\program files\runit
2009-06-25 20:04 69,697 a------- c:\windows\gubb1767.exe
2009-06-25 20:04 <DIR> --d----- c:\program files\IEToolbar
2009-06-25 20:04 889,000 a------- c:\windows\wgfp5657.exe
2009-06-25 20:01 <DIR> --d----- c:\docume~1\suzanne\applic~1\FrostWire
2009-06-25 19:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-25 19:25 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 19:25 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 19:24 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-06-25 19:18 <DIR> --dsh--- c:\documents and settings\suzanne\IECompatCache
2009-06-25 19:17 <DIR> --dsh--- c:\documents and settings\suzanne\PrivacIE
2009-06-25 19:16 <DIR> --dsh--- c:\documents and settings\suzanne\IETldCache
2009-06-25 19:07 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-25 19:07 <DIR> --d----- c:\windows\ie8updates
2009-06-25 19:07 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-25 19:07 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-25 19:07 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 19:07 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-25 19:04 60,800 ac------ c:\windows\system32\dllcache\sysaudio.sys
2009-06-25 19:04 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-06-25 19:04 7,552 ac------ c:\windows\system32\dllcache\mskssrv.sys
2009-06-25 19:04 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-06-25 19:04 4,992 ac------ c:\windows\system32\dllcache\mspqm.sys
2009-06-25 19:04 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-06-25 19:04 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2009-06-25 19:04 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-25 19:00 <DIR> --d----- c:\program files\IDT
2009-06-25 18:59 1,900,544 a------- c:\windows\system32\stlang.dll
2009-06-25 18:59 405,504 a------- c:\windows\sttray.exe
2009-06-25 18:59 204,800 a------- c:\windows\system32\stacsv.exe
2009-06-25 18:59 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-06-25 18:59 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-06-25 18:59 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-06-25 18:59 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-06-25 18:59 129,536 a------- c:\windows\system32\ksproxy.ax
2009-06-25 18:59 4,096 a------- c:\windows\system32\ksuser.dll
2009-06-25 18:59 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-06-25 18:59 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-06-25 16:31 <DIR> --d----- c:\docume~1\suzanne\applic~1\Intel
2009-06-25 16:31 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-25 16:18 307,200 a------- c:\windows\system32\BMAPI.dll
2009-06-25 16:18 172,032 a------- c:\windows\system32\NicConfigSvc.cpl
2009-06-25 16:17 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-06-25 12:10 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-25 11:08 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-25 10:11 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-06-25 10:09 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-06-25 09:25 <DIR> --d----- c:\documents and settings\suzanne\Tracing
2009-06-25 09:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-25 09:17 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-25 09:16 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-25 09:16 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-25 09:16 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-25 09:15 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-25 09:12 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-25 09:11 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-25 09:09 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-25 09:09 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-25 09:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-25 09:04 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-25 09:01 <DIR> --dsh--- c:\documents and settings\suzanne\UserData
2009-06-25 06:47 5 a------- c:\windows\system32\drivers\DELL__.MRK
2009-06-25 06:47 5 a------- c:\windows\system32\drivers\1028_DELL__.MRK
2009-06-25 06:47 666 a------- c:\windows\speed.reg
2009-06-25 06:43 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-06-25 06:43 1,064,456 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-25 06:43 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-06-25 06:43 176,128 a------- c:\windows\system32\RcdScan.dll
2009-06-25 06:43 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-06-25 06:43 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-06-25 06:43 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-06-25 06:43 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-06-25 06:43 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-25 06:43 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-06-25 06:40 <DIR> --d----- c:\documents and settings\Suzanne
2009-06-25 06:36 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-25 06:35 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-06-25 06:33 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-06-25 06:32 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-25 06:31 2,577 a------- c:\windows\system32\CONFIG.NT
2009-06-25 06:31 0 a------- c:\windows\control.ini
2009-06-25 06:31 23,392 a------- c:\windows\system32\nscompat.tlb
2009-06-25 06:31 16,832 a------- c:\windows\system32\amcompat.tlb
2009-06-25 06:31 316,640 a------- c:\windows\WMSysPr9.prx
2009-06-25 06:29 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-06-25 06:29 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-25 06:29 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-25 06:27 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-06-25 06:26 37 a------- c:\windows\vbaddin.ini
2009-06-25 06:26 36 a------- c:\windows\vb.ini
2009-06-25 06:24 185,344 a------- c:\windows\system32\cmprops.dll
2009-06-25 06:24 58,880 a------- c:\windows\system32\licwmi.dll
2009-06-25 06:24 17,408 a------- c:\windows\system32\mmfutil.dll
2009-06-25 06:24 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-06-25 06:24 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-06-24 18:44 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-06-24 18:43 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-24 18:43 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-06-24 18:42 74,240 a------- c:\windows\system32\usbui.dll
2009-06-24 18:42 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-06-24 18:42 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-06-24 18:42 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-06-24 18:42 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-06-24 18:35 <DIR> --d----- c:\program files\common files\ODBC
2009-06-24 18:35 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-06-24 18:32 261 a------- c:\windows\system32\$winnt$.inf
2009-06-24 18:24 <DIR> --d----- c:\windows\dell
2009-06-22 19:16 <DIR> --d----- c:\windows\system32\drivers\BurnProf
2009-06-22 19:16 <DIR> --d----- c:\windows\system32\BurnProf
2009-06-10 18:04 <DIR> --d----- c:\program files\FrostWire
2009-06-10 18:04 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2009-06-25 11:05 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-25 06:27 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-19 14:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 05:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2003-03-21 13:45 250,544 a------- c:\program files\common files\keyhelp.ocx

============= FINISH: 0:38:39.73 ===============

blue72 · 2009/06/27

Attach

DDS (Ver_09-06-26.01) - NTFSx86
Run by Suzanne at 0:36:58.20 on 28/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.358 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Suzanne\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Bullseye Tool Bar: {6226ba26-c017-4007-928c-de9715c6fa67} - c:\program files\ietoolbar\bullseye tool bar\lw.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IDTSysTrayApp] sttray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\suzanne\startm~1\programs\startup\runit_32.lnk - c:\program files\runit\runit_32.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245919642796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-25 130936]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-27 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-27 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-27 185089]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-25 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-24 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-27 55640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 a8924;a8924;c:\windows\system32\a8924.sys [2009-6-27 54624]
R3 cpuz128;cpuz128;\??\c:\docume~1\suzanne\locals~1\temp\cpuz_x32.sys --> c:\docume~1\suzanne\locals~1\temp\cpuz_x32.sys [?]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14.tmp --> c:\windows\system32\14.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-2 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-2 1095560]

=============== Created Last 30 ================

2009-06-27 23:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-27 23:51 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-06-27 22:39 <DIR> --d----- c:\program files\trend micro
2009-06-27 20:38 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-27 20:38 <DIR> --d----- c:\program files\Avira
2009-06-27 20:38 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-06-27 20:03 128,352 a------- c:\windows\system32\a8924.dll
2009-06-27 20:03 714,752 a------- c:\windows\system32\3dd25.tmp
2009-06-27 20:03 54,624 a------- c:\windows\system32\a8924.sys
2009-06-27 19:50 128,352 a------- c:\windows\system32\dfb1B.dll
2009-06-27 19:50 2,335,270 a------- c:\windows\system32\8961A.mht
2009-06-27 19:45 <DIR> --d----- c:\program files\SpyZooka
2009-06-27 19:39 <DIR> --d----- c:\program files\Sophos
2009-06-27 18:46 166 a------- c:\windows\system32\Compress.res
2009-06-27 18:46 230 a------- c:\windows\reimage.ini
2009-06-27 18:44 <DIR> --d----- c:\program files\Reimage
2009-06-27 18:39 <DIR> --d----- c:\docume~1\suzanne\applic~1\Malwarebytes
2009-06-27 18:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-06-27 18:22 8,284 a------- c:\windows\system32\eps_icon.avi
2009-06-27 18:18 116 a------- c:\windows\homeDVD-Photos4_dlx.INI
2009-06-26 13:14 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-26 13:14 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-25 21:32 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-25 21:31 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-25 21:31 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-25 21:30 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-25 21:30 <DIR> --d----- c:\docume~1\suzanne\applic~1\PC Tools
2009-06-25 21:30 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PC Tools
2009-06-25 20:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 20:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\AVG Security Toolbar
2009-06-25 20:35 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 20:35 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 20:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-06-25 20:10 <DIR> --dsh--- c:\windows\system32\lowsec
2009-06-25 20:05 217 a------- c:\windows\system32\winset.ini
2009-06-25 20:05 138,752 a------- c:\windows\rbalv1136.exe
2009-06-25 20:04 <DIR> --d----- c:\program files\runit
2009-06-25 20:04 69,697 a------- c:\windows\gubb1767.exe
2009-06-25 20:04 <DIR> --d----- c:\program files\IEToolbar
2009-06-25 20:04 889,000 a------- c:\windows\wgfp5657.exe
2009-06-25 20:01 <DIR> --d----- c:\docume~1\suzanne\applic~1\FrostWire
2009-06-25 19:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-25 19:25 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 19:25 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 19:24 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-06-25 19:18 <DIR> --dsh--- c:\documents and settings\suzanne\IECompatCache
2009-06-25 19:17 <DIR> --dsh--- c:\documents and settings\suzanne\PrivacIE
2009-06-25 19:16 <DIR> --dsh--- c:\documents and settings\suzanne\IETldCache
2009-06-25 19:07 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-25 19:07 <DIR> --d----- c:\windows\ie8updates
2009-06-25 19:07 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-25 19:07 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-25 19:07 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 19:07 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-25 19:04 60,800 ac------ c:\windows\system32\dllcache\sysaudio.sys
2009-06-25 19:04 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-06-25 19:04 7,552 ac------ c:\windows\system32\dllcache\mskssrv.sys
2009-06-25 19:04 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-06-25 19:04 4,992 ac------ c:\windows\system32\dllcache\mspqm.sys
2009-06-25 19:04 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-06-25 19:04 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2009-06-25 19:04 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-25 19:00 <DIR> --d----- c:\program files\IDT
2009-06-25 18:59 1,900,544 a------- c:\windows\system32\stlang.dll
2009-06-25 18:59 405,504 a------- c:\windows\sttray.exe
2009-06-25 18:59 204,800 a------- c:\windows\system32\stacsv.exe
2009-06-25 18:59 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-06-25 18:59 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-06-25 18:59 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-06-25 18:59 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-06-25 18:59 129,536 a------- c:\windows\system32\ksproxy.ax
2009-06-25 18:59 4,096 a------- c:\windows\system32\ksuser.dll
2009-06-25 18:59 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-06-25 18:59 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-06-25 16:31 <DIR> --d----- c:\docume~1\suzanne\applic~1\Intel
2009-06-25 16:31 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-25 16:18 307,200 a------- c:\windows\system32\BMAPI.dll
2009-06-25 16:18 172,032 a------- c:\windows\system32\NicConfigSvc.cpl
2009-06-25 16:17 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-06-25 12:10 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-25 11:08 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-25 10:11 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-06-25 10:09 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-06-25 09:25 <DIR> --d----- c:\documents and settings\suzanne\Tracing
2009-06-25 09:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-25 09:17 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-25 09:16 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-25 09:16 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-25 09:16 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-06-25 09:15 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-25 09:12 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-25 09:11 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-25 09:09 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-25 09:09 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-25 09:09 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-25 09:04 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-25 09:01 <DIR> --dsh--- c:\documents and settings\suzanne\UserData
2009-06-25 06:47 5 a------- c:\windows\system32\drivers\DELL__.MRK
2009-06-25 06:47 5 a------- c:\windows\system32\drivers\1028_DELL__.MRK
2009-06-25 06:47 666 a------- c:\windows\speed.reg
2009-06-25 06:43 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-06-25 06:43 1,064,456 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-25 06:43 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-06-25 06:43 176,128 a------- c:\windows\system32\RcdScan.dll
2009-06-25 06:43 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-06-25 06:43 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-06-25 06:43 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-06-25 06:43 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-06-25 06:43 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-25 06:43 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-06-25 06:40 <DIR> --d----- c:\documents and settings\Suzanne
2009-06-25 06:36 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-25 06:35 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-06-25 06:33 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-06-25 06:32 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-25 06:31 2,577 a------- c:\windows\system32\CONFIG.NT
2009-06-25 06:31 0 a------- c:\windows\control.ini
2009-06-25 06:31 23,392 a------- c:\windows\system32\nscompat.tlb
2009-06-25 06:31 16,832 a------- c:\windows\system32\amcompat.tlb
2009-06-25 06:31 316,640 a------- c:\windows\WMSysPr9.prx
2009-06-25 06:29 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-06-25 06:29 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-25 06:29 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-25 06:29 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-25 06:27 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-06-25 06:26 37 a------- c:\windows\vbaddin.ini
2009-06-25 06:26 36 a------- c:\windows\vb.ini
2009-06-25 06:24 185,344 a------- c:\windows\system32\cmprops.dll
2009-06-25 06:24 58,880 a------- c:\windows\system32\licwmi.dll
2009-06-25 06:24 17,408 a------- c:\windows\system32\mmfutil.dll
2009-06-25 06:24 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-06-25 06:24 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-06-24 18:44 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-06-24 18:43 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-24 18:43 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-06-24 18:42 74,240 a------- c:\windows\system32\usbui.dll
2009-06-24 18:42 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-06-24 18:42 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-06-24 18:42 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-06-24 18:42 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-06-24 18:35 <DIR> --d----- c:\program files\common files\ODBC
2009-06-24 18:35 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-06-24 18:32 261 a------- c:\windows\system32\$winnt$.inf
2009-06-24 18:24 <DIR> --d----- c:\windows\dell
2009-06-22 19:16 <DIR> --d----- c:\windows\system32\drivers\BurnProf
2009-06-22 19:16 <DIR> --d----- c:\windows\system32\BurnProf
2009-06-10 18:04 <DIR> --d----- c:\program files\FrostWire
2009-06-10 18:04 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2009-06-25 11:05 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-25 06:27 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-19 14:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 05:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2003-03-21 13:45 250,544 a------- c:\program files\common files\keyhelp.ocx

============= FINISH: 0:38:39.73 ===============

blue72 · 2009/06/27

Thanks ; )

broni · 2009/06/27

You're running two antivirus programs, Avira, and AVG, which is bad idea.
One of them has to go.
My suggestion - AVG goes.
If you decide to let AVG go, use AVG Remover: http://www.avg.com/download-tools

When done.....

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

blue72 · 2009/06/29

SUPER antispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2009 at 03:29 AM

Application Version : 4.26.1006

Core Rules Database Version : 3959
Trace Rules Database Version: 1901

Scan type : Complete Scan
Total Scan Time : 01:42:56

Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 3616
Registry threats detected : 0
File items scanned : 35162
File threats detected : 79

Adware.Tracking Cookie
C:\Documents and Settings\Suzanne\Cookies\suzanne@media.mtvnservices[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@2o7[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@atdmt[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@mediaplex[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.telegraph.co[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@realmedia[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@viacom.adbureau[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@zedo[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@adopt.hotbar[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@adopt.hotbar[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@adopt.hotbar[3].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ads.autotrader.co[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ads.channel4[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ads.specificclick[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ads.techtv[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@adserver.anm.co[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@adserving.autotrader[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@banner1.inet-traffic[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@bravenet[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@c2.gostats[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@centralmedia[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@counter.hitslink[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@dealtime.co[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@edge.ru4[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@edge.ru4[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@edge.ru4[4].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@edge.ru4[5].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@hg1.hitbox[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@hit.namimedia[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@hotbar[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@insightfirst[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@linksynergy[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@macromedia[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@phg.hitbox[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@servedby.advertising[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@servedby.advertising[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@servedby.advertising[3].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@servedby.advertising[4].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@server.iad.liveperson[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@summitmedia.co[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@windowsmedia[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.commission-junction[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.commission-junction[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.dgm2[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.dgm2[2].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.macromedia[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.qksrv[1].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@www.qksrv[3].txt
C:\Documents and Settings\Suzanne\My Documents\My Documents\mums old computer files\backup\Suzanne\Cookies\suzanne@z1.adserver[1].txt

Adware.Mirar/NetNucleus
C:\DOCUMENTS AND SETTINGS\SUZANNE\MY DOCUMENTS\MY DOCUMENTS\MY MUSIC\ADOBE ENCORE CS3 DVD RETAIL + SERIAL KEY 100% WORKING\SETUP.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\default.typography[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\WCAYHPTM\default.layout[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\ZW73O97P\cal[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\throwPop[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\FZ0NKCCE\default.media-all[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\N4LFG79A\default.typography[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\FZ0NKCCE\theatreCalendar[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\X5UL9PG1\basic[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\event[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\4NYHB8M2\date[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\KQME7R19\logging[1].gif
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\default.layout[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\N4LFG79A\default.skin[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\X5UL9PG1\stepsCircleBgred[1].gif
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\hitBox[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\im462.skin[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\SFF05IZO\default.typography[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\position[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\X5UL9PG1\default.skin[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\N4LFG79A\superbreak[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\SFF05IZO\the_lion_king[1].jpg
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\SFF05IZO\Scheduler[1].js
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\ZW73O97P\im462.skin[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\default[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\FZ0NKCCE\default.skin[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\FZ0NKCCE\default.layout[1].css
C:\Documents and Settings\Jodie\Local Settings\Temporary Internet Files\Content.IE5\WCAYHPTM\help[1].gif

blue72 · 2009/06/29

Malwarebytes problems

Hi
I have been running malwarebytes although it does pick up 18 infected items it seems to just turn itself off then I cannot get any log files. Is there anything else I can do?

broni · 2009/06/29

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

blue72 · 2009/06/30

Combofix log

As requested here is the combofix log

ComboFix 09-06-29.02 - Suzanne 30/06/2009 0:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.698 [GMT 1:00]
Running from: c:\documents and settings\Suzanne\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Suzanne\Start Menu\Programs\Startup\runit_32.lnk
c:\program files\Adssite Advanced Toolbar
c:\program files\IEToolbar
c:\program files\runit
c:\program files\runit\config.txt
c:\program files\runit\runitu_32.exe
c:\windows\system32\drivers\SKYNETstxmtnpe.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\SKYNETkyiplxyl.dll
c:\windows\system32\SKYNEToyxsjbop.dat
c:\windows\system32\SKYNETqjcjdvmy.dll
c:\windows\system32\SKYNETxdeuevel.dat
c:\windows\system32\SystemService32

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETykcnoobm

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-28 16:09 . 2009-06-28 16:09 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-06-28 10:04 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 10:04 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 10:04 . 2009-06-29 19:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 09:27 . 2009-06-28 09:27 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 09:26 . 2009-06-28 09:26 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\Mozilla
2009-06-28 00:01 . 2009-06-29 23:31 117760 ----a-w- c:\documents and settings\Suzanne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-06-28 00:00 . 2009-06-28 22:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\documents and settings\Suzanne\Application Data\SUPERAntiSpyware.com
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 22:51 . 2009-06-27 23:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-27 22:51 . 2009-06-27 23:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-27 21:39 . 2009-06-27 21:56 -------- d-----w- c:\program files\trend micro
2009-06-27 21:39 . 2009-06-27 21:56 -------- d-----w- C:\rsit
2009-06-27 21:31 . 2009-06-27 21:31 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\PrivacIE
2009-06-27 21:31 . 2009-06-27 21:31 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IECompatCache
2009-06-27 19:38 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-27 19:38 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-27 19:38 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-27 19:38 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-27 19:38 . 2009-06-27 19:38 -------- d-----w- c:\program files\Avira
2009-06-27 19:38 . 2009-06-27 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-06-27 19:03 . 2009-06-27 19:03 128352 ----a-w- c:\windows\system32\a8924.dll
2009-06-27 19:03 . 2009-06-27 19:03 54624 ----a-w- c:\windows\system32\a8924.sys
2009-06-27 18:50 . 2009-06-27 18:50 128352 ----a-w- c:\windows\system32\dfb1B.dll
2009-06-27 18:45 . 2009-06-27 18:51 -------- d-----w- c:\program files\SpyZooka
2009-06-27 18:39 . 2009-06-27 18:39 -------- d-----w- c:\program files\Sophos
2009-06-27 17:44 . 2009-06-27 23:11 -------- d-----w- c:\program files\Reimage
2009-06-27 17:39 . 2009-06-27 17:39 -------- d-----w- c:\documents and settings\Suzanne\Application Data\Malwarebytes
2009-06-27 17:39 . 2009-06-27 17:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-27 17:13 . 2009-06-27 17:13 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\Adobe
2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\program files\Windows Defender
2009-06-26 12:14 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-25 20:32 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-25 20:31 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-25 20:31 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-25 20:31 . 2009-06-28 16:12 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-06-25 20:30 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\Suzanne\Application Data\PC Tools
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-06-25 19:43 . 2009-06-25 19:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-06-25 19:36 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-25 19:35 . 2009-06-25 19:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-06-25 19:34 . 2009-06-28 15:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-25 19:19 . 2009-06-25 19:19 -------- d-----w- c:\documents and settings\Jodie
2009-06-25 19:06 . 2009-06-25 19:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 19:05 . 2009-06-25 19:05 138752 ----a-w- c:\windows\rbalv1136.exe
2009-06-25 19:04 . 2009-06-25 19:04 0 ----a-w- c:\documents and settings\Suzanne\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-25 18:24 . 2009-06-25 18:24 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-25 18:18 . 2009-06-25 18:18 -------- d-sh--w- c:\documents and settings\Suzanne\IECompatCache
2009-06-25 18:17 . 2009-06-25 18:17 -------- d-sh--w- c:\documents and settings\Suzanne\PrivacIE
2009-06-25 18:16 . 2009-06-25 18:16 -------- d-sh--w- c:\documents and settings\Suzanne\IETldCache
2009-06-25 18:07 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 18:07 . 2009-06-25 18:07 -------- d-----w- c:\windows\ie8updates
2009-06-25 18:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-25 18:07 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-25 18:07 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-25 18:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 18:04 . 2008-04-13 19:15 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2009-06-25 18:04 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-06-25 18:04 . 2008-04-13 18:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-06-25 18:04 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2009-06-25 18:04 . 2008-04-13 18:39 4992 -c--a-w- c:\windows\system32\dllcache\mspqm.sys
2009-06-25 18:04 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2009-06-25 18:04 . 2008-04-13 18:39 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2009-06-25 18:04 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-25 18:00 . 2009-06-25 18:00 -------- d-----w- c:\program files\IDT
2009-06-25 17:59 . 2007-09-06 04:25 204800 ----a-w- c:\windows\system32\stacsv.exe
2009-06-25 17:59 . 2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe
2009-06-25 17:59 . 2007-09-06 04:24 1900544 ----a-w- c:\windows\system32\stlang.dll
2009-06-25 17:59 . 2008-04-14 00:11 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-06-25 17:59 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-06-25 17:59 . 2008-04-13 19:19 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-06-25 17:59 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-06-25 17:59 . 2008-04-13 18:45 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-06-25 17:59 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-06-25 15:31 . 2009-06-25 15:31 -------- d-----w- c:\documents and settings\Suzanne\Application Data\Intel
2009-06-25 15:31 . 2009-06-25 15:31 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-25 15:31 . 2009-06-25 15:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intel
2009-06-25 15:30 . 2009-06-25 15:30 -------- d-----w- c:\program files\Intel
2009-06-25 15:18 . 2005-11-14 20:41 307200 ----a-w- c:\windows\system32\BMAPI.dll
2009-06-25 15:17 . 2005-08-12 23:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2009-06-25 11:10 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-25 10:08 . 2009-06-25 10:08 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-25 09:11 . 2004-08-04 05:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-06-25 09:11 . 2004-08-04 05:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-06-25 09:11 . 2004-08-04 05:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-06-25 08:25 . 2009-06-29 23:31 -------- d-----w- c:\documents and settings\Suzanne\Tracing
2009-06-25 08:21 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-25 08:20 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-25 08:20 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-25 08:20 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 08:20 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-25 08:20 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-25 08:20 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-25 08:20 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-25 08:20 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-25 08:20 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-25 08:20 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-25 08:20 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-25 08:20 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-25 08:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-25 08:16 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-25 08:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-25 08:16 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-06-25 08:15 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-25 08:12 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-25 08:11 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-25 08:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-25 08:09 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-25 08:06 . 2009-06-25 08:06 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Intel
2009-06-25 08:04 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-25 08:03 . 2009-06-27 10:54 13688 ----a-w- c:\documents and settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 08:01 . 2009-06-25 08:01 -------- d-sh--w- c:\documents and settings\Suzanne\UserData
2009-06-25 06:44 . 2009-06-25 06:44 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2009-06-25 05:50 . 2004-08-04 10:00 4096 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\USMT\iconlib.dll
2009-06-25 05:47 . 2005-09-16 04:15 666 ----a-w- c:\windows\speed.reg
2009-06-25 05:43 . 2002-01-09 00:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-06-25 05:43 . 2000-03-23 19:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-06-25 05:43 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-06-25 05:43 . 2001-08-22 15:42 13632 ------w- c:\windows\system32\drivers\omci.sys
2009-06-25 05:36 . 2009-06-27 21:31 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2009-06-25 05:33 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-06-25 05:32 . 2004-08-04 10:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 23:50 . 2009-06-25 18:00 7760 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-06-27 19:19 . 2009-06-25 19:01 -------- d-----w- c:\documents and settings\Suzanne\Application Data\FrostWire
2009-06-27 11:41 . 2007-07-07 12:15 -------- d-----w- c:\program files\Spyware Doctor
2009-06-25 20:42 . 2009-05-18 15:16 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-25 18:26 . 2006-10-18 09:28 -------- d-----w- c:\program files\Java
2009-06-25 18:24 . 2007-07-01 22:25 -------- d-----w- c:\program files\Google
2009-06-25 15:18 . 2006-10-18 09:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 15:18 . 2006-10-18 09:35 -------- d-----w- c:\program files\Dell
2009-06-25 10:05 . 2009-06-25 05:30 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-25 06:42 . 2009-06-25 05:47 5 ----a-w- c:\windows\system32\drivers\DELL__.MRK
2009-06-25 06:42 . 2009-06-25 05:47 5 ----a-w- c:\windows\system32\drivers\1028_DELL__.MRK
2009-06-25 05:27 . 2009-06-25 05:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 17:23 . 2006-11-11 10:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-06-19 14:03 . 2007-07-07 12:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 14:00 . 2008-10-17 20:57 -------- d-----w- c:\program files\Norton Security Scan
2009-06-11 14:09 . 2006-10-18 09:47 -------- d-----w- c:\program files\Microsoft Works
2009-05-23 21:19 . 2007-02-12 11:44 -------- d-----w- c:\program files\Shared
2009-05-23 14:11 . 2008-05-19 15:39 -------- d-----w- c:\program files\Marblez
2009-05-22 18:53 . 2007-02-21 00:24 -------- d-----w- c:\program files\WinAce
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-19 07:27 . 2009-05-19 07:18 -------- d-----w- c:\program files\Microsoft
2009-05-19 07:26 . 2008-02-26 10:08 -------- d-----w- c:\program files\Windows Live
2009-05-19 07:25 . 2007-05-09 17:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-05-19 07:24 . 2009-05-19 07:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-19 07:23 . 2009-05-19 07:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-19 07:18 . 2009-05-19 07:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-15 19:31 . 2009-05-15 09:28 -------- d-----w- c:\program files\NOS
2009-05-15 09:37 . 2009-05-15 09:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-15 09:35 . 2006-10-18 09:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 16:22 . 2009-05-01 16:21 -------- d-----w- c:\program files\ALDI
2009-05-01 16:13 . 2009-05-01 16:00 -------- d-----w- c:\program files\ALDI Photo Service
2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2003-03-21 12:45 . 2009-01-10 14:18 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2004-08-04 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[7] 2004-08-04 10:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2004-08-04 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie8\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp2gdr\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp2qfe\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3gdr\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3qfe\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 10:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2005-06-23 00:05 2015744 65F4B29A0793ADB5D924FB3F47F1BCA4 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2005-06-23 00:30 2136064 5611F453C6D20AB0552956F39BCDDB88 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2004-08-04 10:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 10:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[7] 2004-08-04 10:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 10:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2004-08-04 10:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll

[7] 2004-08-04 10:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl "= "1 (0x1)" [X]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IDTSysTrayApp "= "sttray.exe" - c:\windows\sttray.exe [2007-09-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/06/2009 21:31 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/06/2009 20:38 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 a8924;a8924;c:\windows\system32\a8924.sys [27/06/2009 20:03 54624]
S3 cpuz128;cpuz128;\??\c:\docume~1\Suzanne\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Suzanne\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\14.tmp --> c:\windows\system32\14.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/04/2008 12:40 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{6944C015-CE84-4F4C-B3EB-A039E514730D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\g4zxyhqy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 01:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\14.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-30 1:09
ComboFix-quarantined-files.txt 2009-06-30 00:09

Pre-Run: 3,526,266,880 bytes free
Post-Run: 5,244,170,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

441 --- E O F --- 2009-06-25 18:10

broni · 2009/06/30

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- a8924.dll, a8924.sys, dfb1B.dll files located @ c:\windows\system32
- rbalv1136.exe file located @ c:\windows
Post scan results.

blue72 · 2009/06/30

Hi I cant seem to ifnd the rbalv1136.exe file under c/windows.

Is this the right info for the other files?

File a8924.dll received on 2009.06.30 22:16:56 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 61 and 87 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.30 -
AhnLab-V3 5.0.0.2 2009.06.30 -
AntiVir 7.9.0.199 2009.06.30 -
Antiy-AVL 2.0.3.1 2009.06.30 -
Authentium 5.1.2.4 2009.06.30 -
Avast 4.8.1335.0 2009.06.30 -
AVG 8.5.0.339 2009.06.30 -
BitDefender 7.2 2009.07.01 -
CAT-QuickHeal 10.00 2009.06.29 -
ClamAV 0.94.1 2009.06.30 -
Comodo 1517 2009.07.01 -
DrWeb 5.0.0.12182 2009.06.30 -
eSafe 7.0.17.0 2009.06.29 -
eTrust-Vet 31.6.6590 2009.06.30 -
F-Prot 4.4.4.56 2009.06.30 -
F-Secure 8.0.14470.0 2009.06.30 -
Fortinet 3.117.0.0 2009.06.30 -
GData 19 2009.06.30 -
Ikarus T3.1.1.64.0 2009.06.30 -
Jiangmin 11.0.706 2009.06.30 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.30 -
McAfee 5662 2009.06.30 -
McAfee+Artemis 5662 2009.06.30 -
McAfee-GW-Edition 6.7.6 2009.06.30 -
Microsoft 1.4803 2009.06.30 -
NOD32 4201 2009.06.30 -
Norman 6.01.09 2009.06.30 -
nProtect 2009.1.8.0 2009.06.30 -
Panda 10.0.0.14 2009.06.30 -
PCTools 4.4.2.0 2009.06.30 -
Prevx 3.0 2009.07.01 -
Rising 21.36.14.00 2009.06.30 -
Sophos 4.43.0 2009.06.30 -
Sunbelt 3.2.1858.2 2009.06.30 -
Symantec 1.4.4.12 2009.06.30 -
TheHacker 6.3.4.3.358 2009.06.30 -
TrendMicro 8.950.0.1094 2009.06.30 -
VBA32 3.12.10.7 2009.06.30 -
ViRobot 2009.6.30.1812 2009.06.30 -
VirusBuster 4.6.5.0 2009.06.30 -
Additional information
File size: 128352 bytes
MD5...: 1382c758d86fb3012bdf922f1917ca16
SHA1..: 84841244b75bd2b02f1b1e98aea92cd9edf1bbe3
SHA256: 9aead59290c6051d053caa5152cdae6e211d4f13041f50bf451601ea771947e2
ssdeep: 1536:xAYcwhUGt3c2q9uaPqV/FvktPBm7SH7e05UejRR:xAY9rBq9ur0LH7e05H

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x62a1
timedatestamp.....: 0x47185745 (Fri Oct 19 07:05:41 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf255 0x10000 6.47 ad99be9365e14269e4cf8dab87c573d1
.rdata 0x11000 0x34f0 0x4000 4.30 58ef349f78c3f5266a147ca596855c1e
.data 0x15000 0x4165fc 0x5000 1.66 916bbdadad1a7632da3905b11db7cdf7
.reloc 0x42c000 0x3cca 0x4000 2.01 0d685508f20b24bfa901c24d5002e4a8

( 2 imports )
> ADVAPI32.dll: OpenProcessToken, OpenSCManagerW, OpenServiceW, LookupPrivilegeValueW, StartServiceW, AdjustTokenPrivileges, CloseServiceHandle
> KERNEL32.dll: FindFirstFileW, GetDriveTypeW, GetCurrentProcess, WaitForSingleObject, GetLogicalDrives, VirtualFree, GetSystemDirectoryW, GetModuleFileNameW, CreateFileW, FindFirstFileA, FreeLibraryAndExitThread, GetLastError, VirtualAlloc, FindClose, Process32FirstW, DeviceIoControl, Process32NextW, FindNextFileA, FindNextFileW, CreateToolhelp32Snapshot, CloseHandle, GetWindowsDirectoryW, GetCurrentProcessId, ExpandEnvironmentStringsW, MultiByteToWideChar, VirtualQuery, IsBadReadPtr, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetCurrentThreadId, GetLocalTime, FreeLibrary, GetProcAddress, LoadLibraryW, LoadLibraryExW, GetModuleHandleA, GetModuleHandleW, InterlockedExchange, HeapFree, HeapAlloc, WideCharToMultiByte, GetCommandLineA, GetVersionExA, GetProcessHeap, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, Sleep, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, HeapSize, InitializeCriticalSection, RtlUnwind, LoadLibraryA, SetFilePointer, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

File c6a1CD.sys received on 2009.06.30 12:55:11 (UTC)
Current status: finished

Result: 0/40 (0.00%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.30 -
AhnLab-V3 5.0.0.2 2009.06.30 -
AntiVir 7.9.0.199 2009.06.30 -
Antiy-AVL 2.0.3.1 2009.06.30 -
Authentium 5.1.2.4 2009.06.29 -
Avast 4.8.1335.0 2009.06.29 -
AVG 8.5.0.339 2009.06.30 -
BitDefender 7.2 2009.06.30 -
CAT-QuickHeal 10.00 2009.06.29 -
ClamAV 0.94.1 2009.06.30 -
Comodo 1506 2009.06.30 -
DrWeb 5.0.0.12182 2009.06.30 -
eSafe 7.0.17.0 2009.06.29 -
eTrust-Vet 31.6.6590 2009.06.30 -
F-Prot 4.4.4.56 2009.06.29 -
F-Secure 8.0.14470.0 2009.06.30 -
Fortinet 3.117.0.0 2009.06.30 -
GData 19 2009.06.30 -
Ikarus T3.1.1.64.0 2009.06.30 -
Jiangmin 11.0.706 2009.06.30 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.30 -
McAfee 5661 2009.06.29 -
McAfee+Artemis 5661 2009.06.29 -
McAfee-GW-Edition 6.7.6 2009.06.30 -
Microsoft 1.4803 2009.06.30 -
NOD32 4199 2009.06.30 -
Norman 6.01.09 2009.06.29 -
nProtect 2009.1.8.0 2009.06.30 -
Panda 10.0.0.14 2009.06.29 -
PCTools 4.4.2.0 2009.06.30 -
Rising 21.36.14.00 2009.06.30 -
Sophos 4.43.0 2009.06.30 -
Sunbelt 3.2.1858.2 2009.06.29 -
Symantec 1.4.4.12 2009.06.30 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.30 -
VBA32 3.12.10.7 2009.06.30 -
ViRobot 2009.6.30.1812 2009.06.30 -
VirusBuster 4.6.5.0 2009.06.29 -
Additional information
File size: 54624 bytes
MD5 : 43b0076b3ab8996b84d2cc8f990b582f
SHA1 : 97d13f87d18e1829d9af7e54cd5a0b2d68d684e7
SHA256: 5787ad3e47054ed8417522330be69c9b122d33373b960a21ac52eb2d25ad3259
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2E005
timedatestamp.....: 0x4718573F (Fri Oct 19 09:05:35 2007)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9538 0x9600 6.46 f8bb0ff0be497fd92b3101ee9b134c78
.rdata 0xB000 0x204 0x400 2.61 c48c48509a6c34a23e4128aaf530cbcc
.data 0xC000 0x21674 0xA00 0.64 dad2fd5f4c81aa5f92ab076f0ab1a792
INIT 0x2E000 0x716 0x800 5.26 5fec7edfff8b298bc03ef77519f7f86f
.reloc 0x2F000 0xEE2 0x1000 5.71 24939863336ea437d32d34528390c4bb

( 2 imports )

> hal.dll: KfRaiseIrql, KeGetCurrentIrql, KfAcquireSpinLock, KfReleaseSpinLock, KfLowerIrql
> ntoskrnl.exe: KeInitializeSpinLock, MmMapLockedPages, MmProbeAndLockPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, RtlUnicodeStringToAnsiString, RtlInitUnicodeString, ZwQuerySystemInformation, ZwClose, wcslen, wcsrchr, wcschr, IoFreeIrp, KeSetEvent, PsGetCurrentThreadId, KeInitializeEvent, KeWaitForSingleObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwCreateFile, ZwQuerySymbolicLinkObject, ZwOpenProcess, ZwQueryDirectoryFile, ObfDereferenceObject, IofCallDriver, KeGetCurrentThread, IoAllocateIrp, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, MmUnmapLockedPages, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwReadFile, ZwWriteFile, ZwQueryObject, ZwOpenSymbolicLinkObject, ObQueryNameString, strstr, IoDeleteDevice, IoDeleteSymbolicLink, PsSetCreateProcessNotifyRoutine, PsGetCurrentProcessId, KeServiceDescriptorTable, IofCompleteRequest, IoGetCurrentProcess, PsCreateSystemThread, IoCreateSymbolicLink, IoCreateDevice, PsGetVersion, ZwOpenKey, ZwQueryValueKey, ZwEnumerateValueKey, ZwEnumerateKey, KeAddSystemServiceTable, _except_handler3, KeTickCount, KeBugCheckEx, MmUnlockPages, IoFreeMdl, MmIsAddressValid, ExFreePoolWithTag, RtlFreeUnicodeString, ExAllocatePoolWithTag

( 0 exports )

TrID : File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=43b0076b3ab8996b84d2cc8f990b582f
ssdeep: 768:Xht98mhWffPd0l3V+Vdj4AGXwZONbB0/92+U48swGs47+Sv9NLzbRUh:XhTbE6VFXwkb0F2+U4nS8J7jRe
PEiD : -
packers (Kaspersky): PE_Patch
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=43b0076b3ab8996b84d2cc8f990b582f
RDS : NSRL Reference Data Set

File a8924.dll received on 2009.06.30 22:16:56 (UTC)
Current status: finished

Result: 0/41 (0.00%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.30 -
AhnLab-V3 5.0.0.2 2009.06.30 -
AntiVir 7.9.0.199 2009.06.30 -
Antiy-AVL 2.0.3.1 2009.06.30 -
Authentium 5.1.2.4 2009.06.30 -
Avast 4.8.1335.0 2009.06.30 -
AVG 8.5.0.339 2009.06.30 -
BitDefender 7.2 2009.07.01 -
CAT-QuickHeal 10.00 2009.06.29 -
ClamAV 0.94.1 2009.06.30 -
Comodo 1517 2009.07.01 -
DrWeb 5.0.0.12182 2009.06.30 -
eSafe 7.0.17.0 2009.06.29 -
eTrust-Vet 31.6.6590 2009.06.30 -
F-Prot 4.4.4.56 2009.06.30 -
F-Secure 8.0.14470.0 2009.06.30 -
Fortinet 3.117.0.0 2009.06.30 -
GData 19 2009.06.30 -
Ikarus T3.1.1.64.0 2009.06.30 -
Jiangmin 11.0.706 2009.06.30 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.30 -
McAfee 5662 2009.06.30 -
McAfee+Artemis 5662 2009.06.30 -
McAfee-GW-Edition 6.7.6 2009.06.30 -
Microsoft 1.4803 2009.06.30 -
NOD32 4201 2009.06.30 -
Norman 6.01.09 2009.06.30 -
nProtect 2009.1.8.0 2009.06.30 -
Panda 10.0.0.14 2009.06.30 -
PCTools 4.4.2.0 2009.06.30 -
Prevx 3.0 2009.07.01 -
Rising 21.36.14.00 2009.06.30 -
Sophos 4.43.0 2009.06.30 -
Sunbelt 3.2.1858.2 2009.06.30 -
Symantec 1.4.4.12 2009.06.30 -
TheHacker 6.3.4.3.358 2009.06.30 -
TrendMicro 8.950.0.1094 2009.06.30 -
VBA32 3.12.10.7 2009.06.30 -
ViRobot 2009.6.30.1812 2009.06.30 -
VirusBuster 4.6.5.0 2009.06.30 -
Additional information
File size: 128352 bytes
MD5 : 1382c758d86fb3012bdf922f1917ca16
SHA1 : 84841244b75bd2b02f1b1e98aea92cd9edf1bbe3
SHA256: 9aead59290c6051d053caa5152cdae6e211d4f13041f50bf451601ea771947e2
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x62A1
timedatestamp.....: 0x47185745 (Fri Oct 19 09:05:41 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xF255 0x10000 6.47 ad99be9365e14269e4cf8dab87c573d1
.rdata 0x11000 0x34F0 0x4000 4.30 58ef349f78c3f5266a147ca596855c1e
.data 0x15000 0x4165FC 0x5000 1.66 916bbdadad1a7632da3905b11db7cdf7
.reloc 0x42C000 0x3CCA 0x4000 2.01 0d685508f20b24bfa901c24d5002e4a8

( 2 imports )

> advapi32.dll: OpenProcessToken, OpenSCManagerW, OpenServiceW, LookupPrivilegeValueW, StartServiceW, AdjustTokenPrivileges, CloseServiceHandle
> kernel32.dll: FindFirstFileW, GetDriveTypeW, GetCurrentProcess, WaitForSingleObject, GetLogicalDrives, VirtualFree, GetSystemDirectoryW, GetModuleFileNameW, CreateFileW, FindFirstFileA, FreeLibraryAndExitThread, GetLastError, VirtualAlloc, FindClose, Process32FirstW, DeviceIoControl, Process32NextW, FindNextFileA, FindNextFileW, CreateToolhelp32Snapshot, CloseHandle, GetWindowsDirectoryW, GetCurrentProcessId, ExpandEnvironmentStringsW, MultiByteToWideChar, VirtualQuery, IsBadReadPtr, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetCurrentThreadId, GetLocalTime, FreeLibrary, GetProcAddress, LoadLibraryW, LoadLibraryExW, GetModuleHandleA, GetModuleHandleW, InterlockedExchange, HeapFree, HeapAlloc, WideCharToMultiByte, GetCommandLineA, GetVersionExA, GetProcessHeap, HeapReAlloc, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, Sleep, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, HeapSize, InitializeCriticalSection, RtlUnwind, LoadLibraryA, SetFilePointer, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers

( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 1536:xAYcwhUGt3c2q9uaPqV/FvktPBm7SH7e05UejRR:xAY9rBq9ur0LH7e05H
PEiD : -
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1382c758d86fb3012bdf922f1917ca16
RDS : NSRL Reference Data Set

broni · 2009/06/30

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\docume~1\Suzanne\LOCALS~1\Temp\cpuz_x32.sys
c:\windows\system32\14.tmp

Folder::

Driver::
cpuz128
MEMSWEEP2

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

blue72 · 2009/06/30

Combofix log

ComboFix 09-06-29.04 - Suzanne 01/07/2009 0:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.376 [GMT 1:00]
Running from: c:\documents and settings\Suzanne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suzanne\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\Suzanne\LOCALS~1\Temp\cpuz_x32.sys "
"c:\windows\system32\14.tmp "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Legacy_MEMSWEEP2
-------\Service_cpuz128
-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-06-30 00:50 . 2009-06-30 00:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2009-06-28 16:09 . 2009-06-28 16:09 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-06-28 10:04 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 10:04 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 10:04 . 2009-06-29 19:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 09:27 . 2009-06-28 09:27 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 09:26 . 2009-06-28 09:26 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\Mozilla
2009-06-28 00:01 . 2009-07-01 00:02 117760 ----a-w- c:\documents and settings\Suzanne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-06-28 00:00 . 2009-06-28 22:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\documents and settings\Suzanne\Application Data\SUPERAntiSpyware.com
2009-06-28 00:00 . 2009-06-28 00:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-27 22:51 . 2009-06-27 23:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-27 22:51 . 2009-06-27 23:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-27 21:39 . 2009-06-27 21:56 -------- d-----w- c:\program files\trend micro
2009-06-27 21:39 . 2009-06-27 21:56 -------- d-----w- C:\rsit
2009-06-27 21:31 . 2009-06-27 21:31 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\PrivacIE
2009-06-27 21:31 . 2009-06-27 21:31 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IECompatCache
2009-06-27 19:38 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-27 19:38 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-27 19:38 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-27 19:38 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-27 19:38 . 2009-06-27 19:38 -------- d-----w- c:\program files\Avira
2009-06-27 19:38 . 2009-06-27 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-06-27 19:03 . 2009-06-27 19:03 128352 ----a-w- c:\windows\system32\a8924.dll
2009-06-27 19:03 . 2009-06-27 19:03 54624 ----a-w- c:\windows\system32\a8924.sys
2009-06-27 18:50 . 2009-06-27 18:50 128352 ----a-w- c:\windows\system32\dfb1B.dll
2009-06-27 18:45 . 2009-06-27 18:51 -------- d-----w- c:\program files\SpyZooka
2009-06-27 18:39 . 2009-06-27 18:39 -------- d-----w- c:\program files\Sophos
2009-06-27 17:44 . 2009-06-27 23:11 -------- d-----w- c:\program files\Reimage
2009-06-27 17:39 . 2009-06-27 17:39 -------- d-----w- c:\documents and settings\Suzanne\Application Data\Malwarebytes
2009-06-27 17:39 . 2009-06-27 17:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-27 17:13 . 2009-06-27 17:13 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\Adobe
2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\program files\Windows Defender
2009-06-26 12:14 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-25 20:32 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-25 20:31 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-25 20:31 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-25 20:31 . 2009-07-01 00:02 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-06-25 20:30 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\Suzanne\Application Data\PC Tools
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-06-25 19:43 . 2009-06-25 19:43 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-06-25 19:36 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-25 19:35 . 2009-06-25 19:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-06-25 19:34 . 2009-06-28 15:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-06-25 19:19 . 2009-06-25 19:19 -------- d-----w- c:\documents and settings\Jodie
2009-06-25 19:06 . 2009-06-25 19:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 19:04 . 2009-06-25 19:04 0 ----a-w- c:\documents and settings\Suzanne\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-25 18:24 . 2009-06-25 18:24 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-25 18:18 . 2009-06-25 18:18 -------- d-sh--w- c:\documents and settings\Suzanne\IECompatCache
2009-06-25 18:17 . 2009-06-25 18:17 -------- d-sh--w- c:\documents and settings\Suzanne\PrivacIE
2009-06-25 18:16 . 2009-06-25 18:16 -------- d-sh--w- c:\documents and settings\Suzanne\IETldCache
2009-06-25 18:07 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 18:07 . 2009-06-25 18:07 -------- d-----w- c:\windows\ie8updates
2009-06-25 18:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-25 18:07 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-25 18:07 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-25 18:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-25 18:04 . 2008-04-13 19:15 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2009-06-25 18:04 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-06-25 18:04 . 2008-04-13 18:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-06-25 18:04 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2009-06-25 18:04 . 2008-04-13 18:39 4992 -c--a-w- c:\windows\system32\dllcache\mspqm.sys
2009-06-25 18:04 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2009-06-25 18:04 . 2008-04-13 18:39 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2009-06-25 18:04 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-25 18:00 . 2009-06-25 18:00 -------- d-----w- c:\program files\IDT
2009-06-25 17:59 . 2007-09-06 04:25 204800 ----a-w- c:\windows\system32\stacsv.exe
2009-06-25 17:59 . 2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe
2009-06-25 17:59 . 2007-09-06 04:24 1900544 ----a-w- c:\windows\system32\stlang.dll
2009-06-25 17:59 . 2008-04-14 00:11 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-06-25 17:59 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-06-25 17:59 . 2008-04-13 19:19 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-06-25 17:59 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-06-25 17:59 . 2008-04-13 18:45 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-06-25 17:59 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-06-25 15:31 . 2009-06-25 15:31 -------- d-----w- c:\documents and settings\Suzanne\Application Data\Intel
2009-06-25 15:31 . 2009-06-25 15:31 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-25 15:31 . 2009-06-25 15:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intel
2009-06-25 15:30 . 2009-06-25 15:30 -------- d-----w- c:\program files\Intel
2009-06-25 15:18 . 2005-11-14 20:41 307200 ----a-w- c:\windows\system32\BMAPI.dll
2009-06-25 15:17 . 2005-08-12 23:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2009-06-25 11:10 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-25 10:08 . 2009-06-25 10:08 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-25 09:11 . 2004-08-04 05:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-06-25 09:11 . 2004-08-04 05:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-06-25 09:11 . 2004-08-04 05:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-06-25 08:25 . 2009-07-01 00:01 -------- d-----w- c:\documents and settings\Suzanne\Tracing
2009-06-25 08:21 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-25 08:20 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-25 08:20 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-25 08:20 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 08:20 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-25 08:20 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-25 08:20 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-25 08:20 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-25 08:20 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-25 08:20 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-25 08:20 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-25 08:20 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-25 08:20 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-25 08:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-25 08:16 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-25 08:16 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-25 08:16 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-06-25 08:15 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-25 08:12 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-25 08:11 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-25 08:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-25 08:09 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-25 08:06 . 2009-06-25 08:06 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Intel
2009-06-25 08:04 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-25 08:03 . 2009-06-27 10:54 13688 ----a-w- c:\documents and settings\Suzanne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 08:01 . 2009-06-25 08:01 -------- d-sh--w- c:\documents and settings\Suzanne\UserData
2009-06-25 06:44 . 2009-06-25 06:44 -------- d-----w- c:\documents and settings\Suzanne\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2009-06-25 05:50 . 2004-08-04 10:00 4096 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\USMT\iconlib.dll
2009-06-25 05:47 . 2005-09-16 04:15 666 ----a-w- c:\windows\speed.reg
2009-06-25 05:43 . 2002-01-09 00:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-06-25 05:43 . 2000-03-23 19:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-06-25 05:43 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-06-25 05:43 . 2001-08-22 15:42 13632 ------w- c:\windows\system32\drivers\omci.sys
2009-06-25 05:36 . 2009-06-27 21:31 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2009-06-25 05:33 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-06-25 05:32 . 2004-08-04 10:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 00:00 . 2009-06-25 18:00 8924 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-06-30 23:20 . 2007-07-07 12:15 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 19:19 . 2009-06-25 19:01 -------- d-----w- c:\documents and settings\Suzanne\Application Data\FrostWire
2009-06-25 20:42 . 2009-05-18 15:16 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-25 18:26 . 2006-10-18 09:28 -------- d-----w- c:\program files\Java
2009-06-25 18:24 . 2007-07-01 22:25 -------- d-----w- c:\program files\Google
2009-06-25 15:18 . 2006-10-18 09:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 15:18 . 2006-10-18 09:35 -------- d-----w- c:\program files\Dell
2009-06-25 10:05 . 2009-06-25 05:30 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-25 06:42 . 2009-06-25 05:47 5 ----a-w- c:\windows\system32\drivers\DELL__.MRK
2009-06-25 06:42 . 2009-06-25 05:47 5 ----a-w- c:\windows\system32\drivers\1028_DELL__.MRK
2009-06-25 05:27 . 2009-06-25 05:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 17:23 . 2006-11-11 10:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-06-19 14:03 . 2007-07-07 12:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 14:00 . 2008-10-17 20:57 -------- d-----w- c:\program files\Norton Security Scan
2009-06-11 14:09 . 2006-10-18 09:47 -------- d-----w- c:\program files\Microsoft Works
2009-05-23 21:19 . 2007-02-12 11:44 -------- d-----w- c:\program files\Shared
2009-05-23 14:11 . 2008-05-19 15:39 -------- d-----w- c:\program files\Marblez
2009-05-22 18:53 . 2007-02-21 00:24 -------- d-----w- c:\program files\WinAce
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-19 07:27 . 2009-05-19 07:18 -------- d-----w- c:\program files\Microsoft
2009-05-19 07:26 . 2008-02-26 10:08 -------- d-----w- c:\program files\Windows Live
2009-05-19 07:25 . 2007-05-09 17:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-05-19 07:24 . 2009-05-19 07:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-19 07:23 . 2009-05-19 07:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-19 07:18 . 2009-05-19 07:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-15 19:31 . 2009-05-15 09:28 -------- d-----w- c:\program files\NOS
2009-05-15 09:37 . 2009-05-15 09:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-15 09:35 . 2006-10-18 09:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2003-03-21 12:45 . 2009-01-10 14:18 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl "= "1 (0x1)" [X]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISTray "= "c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"IDTSysTrayApp "= "sttray.exe" - c:\windows\sttray.exe [2007-09-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\FrostWire\\FrostWire.exe "=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/06/2009 21:31 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/06/2009 20:38 108289]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/04/2008 12:40 348752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S3 a8924;a8924;c:\windows\system32\a8924.sys [27/06/2009 20:03 54624]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{6944C015-CE84-4F4C-B3EB-A039E514730D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Suzanne\Application Data\Mozilla\Firefox\Profiles\g4zxyhqy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 01:02
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-07-01 1:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 00:10
ComboFix2.txt 2009-06-30 09:02
ComboFix3.txt 2009-06-30 00:09

Pre-Run: 5,018,910,720 bytes free
Post-Run: 5,137,866,752 bytes free

305 --- E O F --- 2009-06-30 13:49

blue72 · 2009/06/30

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 01:12:16, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245919642796
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

broni · 2009/06/30

Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

==============================================================

Try running Malwarebytes again. Post its log.

You used outdated HJT version.
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

blue72 · 2009/06/30

hijack this log

Hi Broni

As requested have downloaded hijack this an here is the log. Appreciate your help thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:16:31, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245919642796
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8229 bytes

broni · 2009/06/30

.....

Try running Malwarebytes again. Post its log.
Click to expand...

blue72 · 2009/07/01

Malwarebyte log

Should I do a full scan?

Malwarebytes' Anti-Malware 1.38
Database version: 2352
Windows 5.1.2600 Service Pack 3

01/07/2009 08:24:55
mbam-log-2009-07-01 (08-24-55).txt

Scan type: Quick Scan
Objects scanned: 107454
Time elapsed: 21 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2009/07/01

That's fine.

Please download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the Scan tab and uncheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button.
* Then click the Green Arrow Start Scanning button on the right and the scan will start.
o Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done...
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot. Leave the Dr. Web CureIt log on the desktop.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.

Log in or Sign up

Solved Trojan virus/ google redirect

blue72 Inactive Thread Starter

Admin. Administrator Administrator Staff

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Trojan virus/ google redirect

blue72 Inactive Thread Starter

Admin. Administrator Administrator Staff

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

blue72 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches