Active "antivirus system pro"

tedgen · 2009/06/07

[Active] "antivirus system pro "

I am logged in as myself on this dell machine. My wife has a security pop up that is telling her that there is a virus and her ports are being attacked. It wants us to buy the above named program to remove the problem. I know this is a phony but I can't seem to remove it. I've run spybot and adware. I've seen forums that mention spyware hunter but I think this is a gimic also. I've added the requested info. Any help would be appreciated.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Ted at 13:43:08.18 on Sun 06/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1612 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\ycomp5_5_7_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: BHO: {5b1d95a2-f547-4e5e-8902-622b08354622} - c:\windows\system32\iehelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\ycomp5_5_7_0.dll
TB: Video Professor Stay on Top: {56879c4b-b0b1-447c-9fdf-259f70be9f76} - c:\program files\videoprofessorstayontop\VPExplorerExtensions.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - hxxp://cabs.elitemediagroup.net/cabs/mediaview.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - hxxp://mediaplayer.walmart.com/installer/install.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-7 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-25 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-25 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]

=============== Created Last 30 ================

2009-06-07 12:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-07 12:27 254 a---h--- C:\aaw7boot.cmd
2009-06-07 07:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-07 07:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 07:30 <DIR> --d----- c:\program files\Lavasoft
2009-06-06 15:03 175 a------- c:\windows\wininit.ini
2009-06-06 13:22 270,352 a------- c:\windows\sysguard.exe
2009-05-17 19:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Walgreens
2009-05-17 19:45 <DIR> --d----- c:\program files\common files\HP

==================== Find3M ====================

2009-05-10 14:43 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 14:43 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-10 14:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-12-12 19:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat

============= FINISH: 13:43:30.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/28/2004 6:52:03 PM
System Uptime: 6/7/2009 7:35:05 AM (6 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 56.205 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

==== System Restore Points ===================

RP1114: 3/10/2009 6:45:28 PM - System Checkpoint
RP1115: 3/11/2009 4:51:29 PM - Software Distribution Service 3.0
RP1116: 3/12/2009 7:01:52 PM - System Checkpoint
RP1117: 3/14/2009 3:57:45 AM - System Checkpoint
RP1118: 3/15/2009 12:54:23 PM - System Checkpoint
RP1119: 3/19/2009 5:30:00 PM - Avg8 Update
RP1120: 3/21/2009 7:22:44 PM - Software Distribution Service 3.0
RP1121: 3/22/2009 8:09:55 PM - System Checkpoint
RP1122: 3/23/2009 8:35:12 PM - System Checkpoint
RP1123: 3/24/2009 9:11:45 PM - System Checkpoint
RP1124: 3/28/2009 8:13:00 AM - Avg8 Update
RP1125: 3/29/2009 4:40:06 PM - System Checkpoint
RP1126: 3/30/2009 7:38:01 PM - System Checkpoint
RP1127: 3/31/2009 8:30:55 PM - System Checkpoint
RP1128: 4/4/2009 5:42:40 PM - System Checkpoint
RP1129: 4/5/2009 6:48:50 PM - System Checkpoint
RP1130: 4/6/2009 7:06:16 PM - System Checkpoint
RP1131: 4/8/2009 9:54:20 PM - System Checkpoint
RP1132: 4/9/2009 10:07:35 PM - System Checkpoint
RP1133: 4/10/2009 10:42:12 PM - System Checkpoint
RP1134: 4/12/2009 9:29:39 PM - System Checkpoint
RP1135: 4/13/2009 10:18:51 PM - System Checkpoint
RP1136: 4/15/2009 8:41:14 PM - Avg8 Update
RP1137: 4/17/2009 7:03:16 PM - Software Distribution Service 3.0
RP1138: 4/18/2009 7:53:48 PM - System Checkpoint
RP1139: 4/19/2009 8:29:18 PM - System Checkpoint
RP1140: 4/22/2009 6:29:45 PM - System Checkpoint
RP1141: 4/24/2009 9:58:07 PM - System Checkpoint
RP1142: 4/25/2009 11:09:11 PM - System Checkpoint
RP1143: 4/27/2009 1:17:25 PM - System Checkpoint
RP1144: 4/28/2009 1:42:06 PM - System Checkpoint
RP1145: 4/29/2009 3:43:33 PM - System Checkpoint
RP1146: 4/30/2009 3:50:58 PM - System Checkpoint
RP1147: 5/1/2009 4:02:12 PM - System Checkpoint
RP1148: 5/2/2009 4:21:56 PM - System Checkpoint
RP1149: 5/3/2009 5:26:26 PM - System Checkpoint
RP1150: 5/4/2009 7:47:04 PM - System Checkpoint
RP1151: 5/5/2009 8:03:04 PM - System Checkpoint
RP1152: 5/9/2009 9:03:55 AM - System Checkpoint
RP1153: 5/10/2009 2:41:43 PM - Avg8 Update
RP1154: 5/10/2009 2:43:34 PM - Avg8 Update
RP1155: 5/11/2009 6:56:00 PM - System Checkpoint
RP1156: 5/12/2009 6:42:56 PM - Avg8 Update
RP1157: 5/13/2009 7:28:45 PM - System Checkpoint
RP1158: 5/14/2009 12:00:25 AM - Software Distribution Service 3.0
RP1159: 5/15/2009 7:23:33 PM - System Checkpoint
RP1160: 5/16/2009 7:54:53 PM - System Checkpoint
RP1161: 5/17/2009 7:45:44 PM - Installed W Photo Studio
RP1162: 5/18/2009 8:27:50 PM - System Checkpoint
RP1163: 5/21/2009 6:14:54 PM - Avg8 Update
RP1164: 5/21/2009 6:16:16 PM - Avg8 Update
RP1165: 5/22/2009 7:19:02 PM - System Checkpoint
RP1166: 5/23/2009 7:25:10 PM - System Checkpoint
RP1167: 5/24/2009 8:05:31 PM - System Checkpoint
RP1168: 5/25/2009 8:43:20 PM - System Checkpoint
RP1169: 5/26/2009 9:01:56 PM - System Checkpoint
RP1170: 5/28/2009 6:32:11 PM - System Checkpoint
RP1171: 5/29/2009 10:27:18 PM - System Checkpoint
RP1172: 5/30/2009 10:30:55 PM - System Checkpoint
RP1173: 5/31/2009 11:18:02 PM - System Checkpoint
RP1174: 6/2/2009 9:00:34 PM - System Checkpoint
RP1175: 6/3/2009 9:47:40 PM - System Checkpoint
RP1176: 6/6/2009 2:01:15 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AVG Free 8.5
Banctec Service Agreement
CCleaner (remove only)
CLEP Sampler
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CRYSCON11
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
DellSupport
DialIdol
EarthLink setup files
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Player for Internet Explorer
MSN
Musicmatch for Windows Media Player
MUSICMATCH® Jukebox
QuickTime
RealPlayer
Rhapsody Player Engine
Samsung Music Studio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SoundMAX
Spybot - Search & Destroy 1.4
SyncBack
TuneUp Utilities 2006
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Professor Stay On Top
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
W Photo Studio
Wal-Mart Music Downloads Store
Walgreens PhotoShow Express
WeatherBug
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Live Safety Scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
YP-F1

==== End Of File ===========================

PeteC · 2009/06/07

You also need to post the contents of Attach.txt

tedgen · 2009/06/07

"attach" added

added info

PeteC · 2009/06/07

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

broni · 2009/06/07

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

tedgen · 2009/06/08

ok, here's the log from Superantispyware. The rest will follow as I get them done.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2009 at 02:48 PM

Application Version : 4.26.1004

Core Rules Database Version : 3928
Trace Rules Database Version: 1871

Scan type : Complete Scan
Total Scan Time : 01:21:27

Memory items scanned : 234
Memory threats detected : 0
Registry items scanned : 5383
Registry threats detected : 30
File items scanned : 60532
File threats detected : 4

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}
HKCR\CLSID\{5B1D95A2-F547-4E5E-8902-622B08354622}
HKCR\CLSID\{5B1D95A2-F547-4E5E-8902-622B08354622}
HKCR\CLSID\{5B1D95A2-F547-4E5E-8902-622B08354622}\InProcServer32
HKCR\CLSID\{5B1D95A2-F547-4E5E-8902-622B08354622}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IEHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B1D95A2-F547-4e5e-8902-622B08354622}
HKU\S-1-5-21-3576306649-846146614-3390930405-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B1D95A2-F547-4E5E-8902-622B08354622}

Adware.MyWay
HKU\S-1-5-21-3576306649-846146614-3390930405-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
HKU\S-1-5-21-3576306649-846146614-3390930405-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-3576306649-846146614-3390930405-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}

Adware.Elite Media
HKLM\Software\elite
HKLM\Software\elite#check
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/elite.ocx#{9AC54695-69A4-46F1-BE10-10C74F9520D5}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains\Files#C:\WINDOWS\system32\ObjSafe.tlb
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains\Files#C:\WINDOWS\Downloaded Program Files\elite.ocx
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\InstalledVersion#LastModified
HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}
HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid
HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32
C:\WINDOWS\Downloaded Program Files\elite.inf
C:\WINDOWS\elitemediagroup.ini

Adware.SysGuard/FakeAlert
C:\WINDOWS\SYSGUARD.EXE

tedgen · 2009/06/08

Here's malware bytes's

Malwarebytes' Anti-Malware 1.37
Database version: 2249
Windows 5.1.2600 Service Pack 3

6/8/2009 4:52:59 PM
mbam-log-2009-06-08 (16-52-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 146408
Time elapsed: 57 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b1d95a2-f547-4e5e-8902-622b08354622} (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1178\A0492459.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.

tedgen · 2009/06/08

GMER log here. Just got Hijackthis left

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-08 19:18:10
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76D787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76D7BFE]

---- Kernel code sections - GMER 1.0.15 ----

? kfvmsyk.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!SetWindowLongA 7E42C29D 2 Bytes JMP 40A51872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!SetWindowLongA + 3 7E42C2A0 2 Bytes [62, C2]
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!SetWindowLongW 7E42C2BB 2 Bytes JMP 40A518A3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!SetWindowLongW + 3 7E42C2BE 2 Bytes [62, C2]
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \FileSystem\Fastfat \Fat AF79CD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}\InProcServer32@ C:\WINDOWS\SYSTEM32\IEHELPER.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}

---- EOF - GMER 1.0.15 ----

tedgen · 2009/06/08

And here's hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:54 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\wc7xo18h[1].exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Susan')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9507 bytes

broni · 2009/06/08

Is the pop-up still present?

Please download [color= "#FF8C00"]JavaRa[/color] to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

tedgen · 2009/06/09

I havent seen any popup or redirects at all. Seems like it worked. I also followed your instructions and updated java.

broni · 2009/06/09

Very well....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

tedgen · 2009/06/11

Ok, all done. Here's the combofix log, followed by the hijack this log.

ComboFix 09-06-11.05 - Ted 06/11/2009 15:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1601 [GMT -4:00]
Running from: c:\documents and settings\Ted\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 19:18 . 2009-06-11 19:18 -------- d-----w- c:\windows\LastGood
2009-06-08 23:20 . 2009-06-08 23:20 -------- d-----w- c:\program files\Trend Micro
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\Ted\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 17:18 . 2009-06-08 19:36 117760 ----a-w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 17:18 . 2009-06-08 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com
2009-06-07 16:27 . 2009-06-07 11:33 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-07 11:34 . 2009-06-07 11:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-07 11:30 . 2009-06-07 11:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 11:30 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-07 11:30 . 2009-06-07 11:30 -------- d-----w- c:\program files\Lavasoft
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens
2009-05-17 23:45 . 2009-05-17 23:45 -------- d-----w- c:\program files\Common Files\HP
2009-05-17 23:40 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:30 . 2009-01-26 12:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 20:30 . 2004-11-28 23:20 -------- d-----w- c:\program files\Java
2009-06-08 19:35 . 2009-02-25 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 17:17 . 2006-07-26 13:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 11:30 . 2009-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-06 22:05 . 2007-01-27 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-17 23:45 . 2005-11-27 23:10 -------- d-----w- c:\program files\Walgreens
2009-05-10 18:43 . 2009-02-25 12:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 18:43 . 2009-02-25 12:28 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-13 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-12-23 155648]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-07 518488]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 18:43 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask "=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"igfxpers "=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE "=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/7/2009 7:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/25/2009 8:28 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/25/2009 8:28 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 21:22]

2009-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:33]

2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{4038432D-F7FC-4B5E-AF99-7CBE21255AC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5}
DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - hxxp://mediaplayer.walmart.com/installer/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 15:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}\InProcServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\SYSTEM32\\IEHELPER.DLL "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation]
@DACL=(02 0000)
"CODEBASE "= "http://cabs.elitemediagroup.net/cabs/mediaview.cab "
"INF "= "c:\\WINDOWS\\Downloaded Program Files\\elite.inf "

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\InstalledVersion]
@DACL=(02 0000)
@= "10,0,0,0 "
"LastModified "= "Thu, 01 Sep 2005 23:49 GMT "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-11 15:28
ComboFix-quarantined-files.txt 2009-06-11 19:28

Pre-Run: 60,003,201,024 bytes free
Post-Run: 60,169,805,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

172 --- E O F --- 2009-05-14 04:03

And the hijackthis log following this sentence

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:19 PM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8251 bytes

broni · 2009/06/11

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

Folder::

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
Click to expand...

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

tedgen · 2009/06/12

As last time, combofix first, followed by hijackthis.

ComboFix 09-06-11.06 - Ted 06/12/2009 10:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1560 [GMT -4:00]
Running from: c:\documents and settings\Ted\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ted\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-08 23:20 . 2009-06-08 23:20 -------- d-----w- c:\program files\Trend Micro
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\Ted\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 17:18 . 2009-06-08 19:36 117760 ----a-w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 17:18 . 2009-06-08 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com
2009-06-07 16:27 . 2009-06-07 11:33 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-07 11:34 . 2009-06-07 11:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-07 11:30 . 2009-06-07 11:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 11:30 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-07 11:30 . 2009-06-07 11:30 -------- d-----w- c:\program files\Lavasoft
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens
2009-05-17 23:45 . 2009-05-17 23:45 -------- d-----w- c:\program files\Common Files\HP
2009-05-17 23:40 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:30 . 2009-01-26 12:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 20:30 . 2004-11-28 23:20 -------- d-----w- c:\program files\Java
2009-06-08 19:35 . 2009-02-25 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 17:17 . 2006-07-26 13:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 11:30 . 2009-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-06 22:05 . 2007-01-27 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-17 23:45 . 2005-11-27 23:10 -------- d-----w- c:\program files\Walgreens
2009-05-10 18:43 . 2009-02-25 12:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 18:43 . 2009-02-25 12:28 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-11_19.26.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 14:30 . 2009-06-12 14:30 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
- 2007-10-13 23:00 . 2007-11-30 12:39 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2007-10-13 23:00 . 2008-07-09 07:38 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2006-10-27 20:09 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-10-27 20:09 . 2009-04-29 04:55 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-27 07:44 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2006-10-27 07:44 . 2009-04-28 09:05 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2004-08-04 11:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2004-08-04 11:00 . 2009-04-28 09:05 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2004-08-04 11:00 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2006-10-17 17:58 . 2009-04-29 04:55 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-10-17 17:58 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\icardie.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-05-09 23:36 . 2009-04-29 04:55 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-05-09 23:36 . 2009-02-20 18:09 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-05-10 05:22 . 2009-02-20 18:09 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2009-04-29 04:55 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-05-09 23:36 . 2009-04-28 09:05 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-05-09 23:36 . 2009-02-20 10:20 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2006-10-27 07:44 . 2009-02-20 18:09 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2006-10-27 07:44 . 2009-04-29 04:55 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2009-02-20 18:09 . 2009-04-29 04:55 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2006-10-27 07:44 . 2009-02-20 10:20 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2006-10-27 07:44 . 2009-04-28 09:05 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-12 04:01 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-12 04:01 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-12 04:01 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-12 04:01 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 233472 c:\windows\SYSTEM32\webcheck.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 105984 c:\windows\SYSTEM32\url.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 102912 c:\windows\SYSTEM32\occache.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 671232 c:\windows\SYSTEM32\mstime.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 193024 c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\msrating.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-27 20:09 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-10-27 20:09 . 2009-04-29 04:55 459264 c:\windows\SYSTEM32\msfeeds.dll
- 2006-10-17 17:57 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2006-10-17 17:57 . 2009-04-29 04:55 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 385024 c:\windows\SYSTEM32\iedkcs32.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\iedkcs32.dll
+ 2006-10-17 17:27 . 2009-04-29 04:55 383488 c:\windows\SYSTEM32\ieapfltr.dll
- 2006-10-17 17:27 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\ieapfltr.dll
+ 2004-08-04 11:00 . 2009-04-25 05:26 161792 c:\windows\SYSTEM32\ieakui.dll
- 2004-08-04 11:00 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\ieakui.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\ieaksie.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2004-08-10 19:08 . 2009-06-12 04:10 121336 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-10 19:08 . 2009-03-11 22:24 121336 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 11:00 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 827392 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-05-10 05:23 . 2009-04-29 04:56 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2009-02-20 18:09 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-05-09 23:36 . 2009-04-29 04:55 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-05-09 23:36 . 2009-02-20 18:09 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\SYSTEM32\DLLCACHE\localspl.dll
+ 2004-08-04 11:00 . 2009-04-25 05:27 636088 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-05-09 23:36 . 2009-04-29 04:55 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-05-09 23:36 . 2009-02-20 18:09 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2006-10-27 07:44 . 2009-02-20 18:09 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2006-10-27 07:44 . 2009-04-29 04:55 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-05-09 23:36 . 2009-04-29 04:55 383488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-05-09 23:36 . 2009-02-20 18:09 383488 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2006-10-27 07:42 . 2009-02-20 05:14 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-10-27 07:42 . 2009-04-25 05:26 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2006-10-27 07:44 . 2009-02-20 18:09 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-10-27 07:44 . 2009-04-29 04:55 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2006-10-27 07:44 . 2009-02-20 18:09 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2006-10-27 07:44 . 2009-04-29 04:55 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2004-08-04 11:00 . 2009-04-29 04:55 124928 c:\windows\SYSTEM32\advpack.dll
- 2004-08-04 11:00 . 2009-02-20 18:09 124928 c:\windows\SYSTEM32\advpack.dll
+ 2009-06-12 04:01 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-12 04:01 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-12 04:01 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-12 04:01 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-12 04:01 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-12 04:01 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-12 04:01 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 1159680 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 3596288 c:\windows\SYSTEM32\mshtml.dll
- 2006-10-27 20:09 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\ieframe.dll
+ 2006-10-27 20:09 . 2009-04-29 04:55 6066176 c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 01:18 . 2009-04-17 12:26 1847168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2004-08-04 11:00 . 2009-04-29 04:56 1159680 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2004-08-04 11:00 . 2009-04-29 04:56 3596288 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-09 23:36 . 2009-04-29 04:55 6066176 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-05-09 23:36 . 2009-02-20 18:09 6066176 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-12 04:01 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-12 04:01 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2005-05-11 07:00 . 2009-06-01 16:51 23635392 c:\windows\SYSTEM32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-13 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-12-23 155648]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-07 518488]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 18:43 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask "=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"igfxpers "=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE "=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/7/2009 7:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/25/2009 8:28 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/25/2009 8:28 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 21:22]

2009-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:33]

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{4038432D-F7FC-4B5E-AF99-7CBE21255AC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5}
DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - hxxp://mediaplayer.walmart.com/installer/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 10:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}\InProcServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\SYSTEM32\\IEHELPER.DLL "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\DownloadInformation]
@DACL=(02 0000)
"CODEBASE "= "http://cabs.elitemediagroup.net/cabs/mediaview.cab "
"INF "= "c:\\WINDOWS\\Downloaded Program Files\\elite.inf "

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\InstalledVersion]
@DACL=(02 0000)
@= "10,0,0,0 "
"LastModified "= "Thu, 01 Sep 2005 23:49 GMT "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2424)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(1092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-12 10:50
ComboFix-quarantined-files.txt 2009-06-12 14:50
ComboFix2.txt 2009-06-11 19:28

Pre-Run: 59,993,497,600 bytes free
Post-Run: 59,995,127,808 bytes free

330 --- E O F --- 2009-06-12 04:04

Hijackthis below this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:13 AM, on 6/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Susan')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8689 bytes

broni · 2009/06/12

I apologize. I used wrong Combofix command, and that registry key wasn't deleted.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::

Driver::

Registry::

RegLockDel::
[-HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

tedgen · 2009/06/17

Sorry for the late response. I checked this topic several times the past few days, but failed to notice that there was a second page >_<. As last time, combofix first, followed by hijackthis

ComboFix 09-06-17.02 - Ted 06/17/2009 18:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00]
Running from: c:\documents and settings\Ted\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ted\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-08 23:20 . 2009-06-08 23:20 -------- d-----w- c:\program files\Trend Micro
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\Ted\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 19:43 . 2009-06-08 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 19:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 17:18 . 2009-06-08 19:36 117760 ----a-w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 17:18 . 2009-06-08 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 17:17 . 2009-06-08 17:17 -------- d-----w- c:\documents and settings\Ted\Application Data\SUPERAntiSpyware.com
2009-06-07 16:27 . 2009-06-07 11:33 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-07 11:34 . 2009-06-07 11:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-07 11:30 . 2009-06-07 11:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-07 11:30 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-07 11:30 . 2009-06-07 11:30 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:30 . 2009-01-26 12:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 20:30 . 2004-11-28 23:20 -------- d-----w- c:\program files\Java
2009-06-08 19:35 . 2009-02-25 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 17:17 . 2006-07-26 13:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 11:30 . 2009-02-14 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-06 22:05 . 2007-01-27 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-17 23:46 . 2009-05-17 23:40 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio Viewer
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\Susan\Application Data\W Photo Studio
2009-05-17 23:46 . 2009-05-17 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens
2009-05-17 23:45 . 2009-05-17 23:45 -------- d-----w- c:\program files\Common Files\HP
2009-05-17 23:45 . 2005-11-27 23:10 -------- d-----w- c:\program files\Walgreens
2009-05-10 18:43 . 2009-02-25 12:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 18:43 . 2009-02-25 12:28 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-10 18:43 . 2009-02-25 12:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-12_14.47.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 00:20 . 2009-06-17 00:20 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-13 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-12-23 155648]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-07 518488]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 18:43 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask "=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"igfxpers "=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE "=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/7/2009 7:34 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/25/2009 8:28 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/25/2009 8:28 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/25/2009 8:28 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 21:22]

2009-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:33]

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{4038432D-F7FC-4B5E-AF99-7CBE21255AC0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5}
DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - hxxp://mediaplayer.walmart.com/installer/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}\InProcServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\SYSTEM32\\IEHELPER.DLL "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32]
@DACL=(02 0000)
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains\Files]
@DACL=(02 0000)
"c:\\WINDOWS\\system32\\ObjSafe.tlb "=" "
"c:\\WINDOWS\\Downloaded Program Files\\elite.ocx "=" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(1524)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-17 18:59
ComboFix-quarantined-files.txt 2009-06-17 22:58
ComboFix2.txt 2009-06-12 14:50
ComboFix3.txt 2009-06-11 19:28

Pre-Run: 59,878,043,648 bytes free
Post-Run: 60,001,742,848 bytes free

173 --- E O F --- 2009-06-12 04:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:58 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\ycomp5_5_7_0.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Susan')
O4 - HKUS\S-1-5-21-3576306649-846146614-3390930405-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Susan')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8758 bytes

broni · 2009/06/17

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::

Driver::

Registry::

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}\Contains\Files]
 "c:\\WINDOWS\\system32\\ObjSafe.tlb "=-
 "c:\\WINDOWS\\Downloaded Program Files\\elite.ocx "=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

==================================================================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
elite.ocx
ObjSafe.tlb
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Log in or Sign up

Active "antivirus system pro"

tedgen Well-Known Member Thread Starter

PeteC SuperGeek Staff

tedgen Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active "antivirus system pro"

tedgen Well-Known Member Thread Starter

PeteC SuperGeek Staff

tedgen Well-Known Member Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches