Solved A slightly different Generic Host Process Issue

[Resolved] A slightly different Generic Host Process Issue

I read through a few other threads already about Generic Host Process for Win32 errors, but mine seems to happen differently. At somewhat random intervals between 30 and 90 minutes after using the internet I recieve the standard error saying Generic Host Process must close due to an error. But clicking either Send Erorr Message or closing the text box results in a 60 second countdown until the computer turns off.

If I just move the Generic Host Process window to the corner I can continue to use the internet or other programs, but after 5-10 minutes the Generic Host Process window closes and I recieve the shutdown notification.

I saw other people posting Hijack this files so I figured I would start there. I would greatly appreciate some help with this issue. Thank you.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:55 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe "
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: StumbleUpon - {75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fcccyVpN - fcccyVpN.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8568 bytes

 

And here are the other 2 reports.


DDS (Ver_09-01-19.01) - NTFSx86
Run by FettyG at 14:50:15.45 on Fri 01/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1532 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\java.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FettyG\Desktop\dds.scr
C:\Documents and Settings\FettyG\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe "
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: fcccyVpN - fcccyVpN.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R4 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-9-4 82696]
R4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-6 24652]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S4 Student Backup;Student Backup;c:\program files\student backup\rbackup.exe --> c:\program files\student backup\rbackup.exe [?]

=============== Created Last 30 ================

2009-01-19 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-19 00:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-19 00:20 <DIR> --d----- c:\docume~1\fettyg\applic~1\SUPERAntiSpyware.com
2009-01-19 00:20 <DIR> --d----- c:\docume~1\fettyg\applic~1\VersionTracker Pro
2009-01-19 00:20 <DIR> --d----- c:\program files\TechTracker
2009-01-18 23:40 <DIR> --d----- c:\program files\Trend Micro
2009-01-16 15:29 41,984 a------- c:\windows\system32\chert5-998.exe
2009-01-15 16:16 132 a------- C:\httpdwl.dat
2009-01-15 16:16 81,984 a------- c:\windows\system32\bdod.bin
2009-01-14 09:50 1,982 a------- c:\windows\system32\log.exe
2009-01-14 01:41 1 a------- c:\windows\system32\uniq.tll
2009-01-13 21:20 127 a------- c:\windows\system32\MRT.INI
2009-01-12 16:48 260 a------- c:\windows\system32\BDUpdateV1.xml
2009-01-05 12:05 <DIR> --d----- C:\3f2f0ccfad2806e3c841c85ee17c5fcf

==================== Find3M ====================

2009-01-23 14:14 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-01-23 14:14 47,104 a------- c:\windows\system32\rpcnet.dll
2009-01-23 00:32 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-01-15 13:39 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-01-15 13:39 82,696 a------- c:\windows\system32\drivers\BDVEDISK.sys
2008-12-30 11:52 169,950 a------- c:\windows\system32\nvModes.dat
2008-12-12 23:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 03:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 03:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-05 13:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2007-09-29 00:45 162 ----h--- c:\program files\common files\client.lcs
2007-09-10 16:40 88 ---shr-- c:\windows\system32\9BD87B0088.sys
2007-09-10 16:40 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:50:28.70 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2007 11:37:14 AM
System Uptime: 1/23/2009 2:13:38 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 18.454 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Service: w39n51

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader 8.1.3
Advanced Decoder Patch
AIM 6
AIO_Scan
AOLIcon
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BitDefender Total Security 2009
Bonjour
Broadcom Management Programs
BufferChm
C7200
C7200_Help
Canon MP600 User Registration
Cards_Calendar_OrderGift_DoMorePlugout
Computrace
Conexant HDA D110 MDC V.92 Modem
Consumer Complete Care Services Agreement
Copy
Creative Audio Pack
Creative MediaSource 5
CustomerResearchQFolder
Dell Game Console
Dell Support 3.2.1
Dell System Restore
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
Documentation & Support Launcher
EA Download Manager
EarthLink Setup Files
Easy-WebPrint
eSupportQFolder
Fax
GoToAssist 8.0.0.514
GPBaseService
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) PROSet/Wireless Software
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
LimeWire 4.18.8
Linksys EasyLink Advisor
Linksys Updater
MarketResearch
MBSS Gravity Wells 2.1
mCore
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Netflix Movie Viewer
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
Octoshape add-in for Adobe Flash Player
Otto
OutlookAddinSetup
PanoStandAlone
PCFriendly
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
Pure Networks Platform
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
ScanSoft OmniPage SE 4.0
SearchAssist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPOREâ„¢
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
Trojan Remover 6.7.4
UnloadSupport
Unreal Tournament
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
VersionTracker Pro Windows
VideoToolkit01
Viewpoint Media Player
ViewSonic Monitor Drivers
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
World of Warcraft Public Test
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/19/2009 1:17:36 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/19/2009 12:16:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2009 12:15:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/18/2009 10:06:47 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
1/18/2009 8:08:51 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/18/2009 8:08:51 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/19/2009 3:23:59 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).

==== End Of File ===========================

 

In addition to the generic host process I also have 2 other issues now. Google redirects me to the wrong site, usually an ad for something unless I choose to open the link in a new tab in which case it works fine.

Also, when I start up the computer it freezes at the Welcome screen just after it says "windows is starting up." After rebooting I get to the desktop just fine. But the first time I start up, after the computer is off, it freezes at the same Welcome screen.

The requested logs are posted above, but please let me know if there is anything else I need to post.

Thanks

 

Hi FettyG,

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

I ran combofix and here is the log!



ComboFix 09-01-21.04 - FettyG 2009-01-26 0:46:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1583 [GMT -7:00]
Running from: c:\documents and settings\FettyG\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\FettyG\Application Data\Google\T-Scan
c:\documents and settings\FettyG\Application Data\Google\T-Scan\n.gif
c:\documents and settings\FettyG\Application Data\Google\T-Scan\t.gif
c:\documents and settings\FettyG\Application Data\Google\T-Scan\y.gif
c:\temp\DIV55
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekawykmrgsn.sys
c:\windows\system32\log.exe
c:\windows\system32\senekapkinexmo.dll
c:\windows\system32\senekasrngxyxj.dat
c:\windows\system32\senekathkdqlts.dll
c:\windows\system32\uniq.tll
c:\windows\system32\uXPi02

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-19 00:21 . 2009-01-19 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\program files\TechTracker
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-19 00:20 . 2009-01-24 13:24 <DIR> d-------- c:\documents and settings\FettyG\Application Data\VersionTracker Pro
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\documents and settings\FettyG\Application Data\SUPERAntiSpyware.com
2009-01-18 23:40 . 2009-01-18 23:40 <DIR> d-------- c:\program files\Trend Micro
2009-01-15 16:24 . 2009-01-15 16:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2009-01-15 16:16 . 2009-01-26 00:49 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-15 16:16 . 2009-01-15 16:16 132 --a------ C:\httpdwl.dat
2009-01-13 21:20 . 2009-01-13 21:20 127 --a------ c:\windows\system32\MRT.INI
2009-01-12 16:48 . 2009-01-15 14:09 260 --a------ c:\windows\system32\BDUpdateV1.xml
2009-01-05 12:05 . 2009-01-05 12:05 <DIR> d-------- C:\3f2f0ccfad2806e3c841c85ee17c5fcf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 23:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-22 17:09 --------- d-----w c:\documents and settings\FettyG\Application Data\Move Networks
2009-01-20 23:39 --------- d-----w c:\program files\World of Warcraft
2009-01-19 07:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 03:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 20:39 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-01-15 20:39 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-01-13 02:27 --------- d-----w c:\documents and settings\FettyG\Application Data\LimeWire
2008-12-19 00:36 --------- d-----w c:\program files\LimeWire
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-12-11 00:53 --------- d-----w c:\documents and settings\FettyG\Application Data\BitDefender
2008-12-11 00:52 --------- d-----w c:\program files\Common Files\BitDefender
2008-12-11 00:52 --------- d-----w c:\program files\BitDefender
2008-12-06 23:31 --------- d-----w c:\documents and settings\FettyG\Application Data\Simply Super Software
2008-12-06 23:07 --------- d-----w c:\program files\Trojan Remover
2008-12-06 23:07 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-06 23:07 --------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-12-06 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2008-12-06 22:15 --------- d-----w c:\program files\Citrix
2008-12-06 21:08 --------- d-----w c:\documents and settings\FettyG\Application Data\StumbleUpon
2008-12-05 23:49 --------- d-----w c:\documents and settings\FettyG\Application Data\HPAppData
2007-09-29 07:45 162 ---h--w c:\program files\Common Files\client.lcs
2007-09-10 23:40 88 --sh--r c:\windows\system32\9BD87B0088.sys
2007-09-10 23:40 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 81,920 2005-02-16 22:15:20 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 22:50:42 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 57,344 2005-10-31 16:51:52 c:\program files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe

----a-w 184,320 2006-08-22 21:32:18 c:\program files\Dell\MediaDirect\bak\PCMService.exe

----a-w 602,182 2006-05-01 15:28:26 c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 667,718 2006-05-01 15:28:06 c:\program files\Intel\Wireless\Bin\bak\ZCfgSvc.exe

----a-w 217,088 2005-03-23 23:26:09 c:\program files\Microsoft IntelliPoint\bak\point32.exe

----a-w 196,608 2005-03-15 09:46:45 c:\program files\Microsoft IntelliType Pro\bak\type32.exe

----a-w 286,720 2007-10-20 04:16:26 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 21:09:14 c:\program files\QuickTime\QTTask.exe

----a-w 761,947 2006-03-08 17:48:02 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 67,584 2005-09-29 20:01:14 c:\windows\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 12:04:42 c:\windows\ehome\ehtray.exe

----a-w 15,360 2004-08-10 11:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

----a-w 122,940 2005-09-08 11:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BDAgent "= "c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-15 741376]
"BitDefender Antiphishing Helper "= "c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-06 15:15 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
c:\program files\Canon\MyPrinter\BJMyPrt.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 05:04 59392 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 20:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 15:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhunefube]
c:\windows\Fhananarigapuq.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
--a------ 2008-09-04 09:31 159744 c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
c:\program files\NetWaiting\netWaiting.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-17 03:03 8495104 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-17 03:03 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyDefender Shield]
c:\program files\SpyDefender Pro\SpyDefender.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-22 11:05 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Framework Windows]
frmwrk32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-28 22:12 1355042 c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2007-11-17 03:03 86016 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-17 03:03 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Student Backup "=2 (0x2)
"rpcnetp "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
"c:\\WINDOWS\\system32\\ctmweb.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"67:UDP "= 67:UDPHCP Discovery Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R4 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82696]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-06 24652]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S4 Student Backup;Student Backup;c:\program files\Student Backup\rbackup.exe --> c:\program files\Student Backup\rbackup.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-fcccyVpN - fcccyVpN.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 00:52:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1910889623-3642591572-3793038160-1005\Software\SecuROM\License information*]
"datasecu "=hex:54,a1,22,a3,23,68,98,7a,f9,70,f9,b1,a3,a7,d4,8f,7f,22,51,fe,ad,
23,76,85,81,e3,88,dc,d6,a8,fb,db,09,6d,a0,be,05,d6,25,27,8e,f2,5b,dd,5b,04,\
"rkeysecu "=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\java.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\stacsv.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-26 0:57:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 07:57:11

Pre-Run: 19,813,539,840 bytes free
Post-Run: 20,186,873,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

300 --- E O F --- 2009-01-25 18:09:44

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

AWF::
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\Creative\SBAudigy\Surround Mixer\bak\CTSysVol.exe
c:\program files\Dell\MediaDirect\bak\PCMService.exe
c:\program files\Intel\Wireless\Bin\bak\ifrmewrk.exe
c:\program files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
c:\program files\Microsoft IntelliPoint\bak\point32.exe
c:\program files\Microsoft IntelliType Pro\bak\type32.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
c:\windows\system32\DLA\bak\DLACTRLW.EXE
Folder::
c:\windows\ehome\bak
c:\program files\QuickTime\bak
c:\windows\system32\bak
Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
 "NoSetActiveDesktop "=-
 "NoActiveDesktopChanges "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhunefube]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyDefender Shield]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

 

Here is the combofix log!



ComboFix 09-01-21.04 - FettyG 2009-01-27 0:15:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1498 [GMT -7:00]
Running from: c:\documents and settings\FettyG\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\FettyG\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
c:\windows\ehome\bak
c:\windows\ehome\bak\ehtray.exe
c:\windows\system32\bak
c:\windows\system32\bak\ctfmon.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-19 00:21 . 2009-01-19 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\program files\TechTracker
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-19 00:20 . 2009-01-24 13:24 <DIR> d-------- c:\documents and settings\FettyG\Application Data\VersionTracker Pro
2009-01-19 00:20 . 2009-01-19 00:20 <DIR> d-------- c:\documents and settings\FettyG\Application Data\SUPERAntiSpyware.com
2009-01-18 23:40 . 2009-01-18 23:40 <DIR> d-------- c:\program files\Trend Micro
2009-01-15 16:24 . 2009-01-15 16:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitDefender
2009-01-15 16:16 . 2009-01-27 00:18 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-15 16:16 . 2009-01-15 16:16 132 --a------ C:\httpdwl.dat
2009-01-13 21:20 . 2009-01-13 21:20 127 --a------ c:\windows\system32\MRT.INI
2009-01-12 16:48 . 2009-01-15 14:09 260 --a------ c:\windows\system32\BDUpdateV1.xml
2009-01-05 12:05 . 2009-01-05 12:05 <DIR> d-------- C:\3f2f0ccfad2806e3c841c85ee17c5fcf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 07:18 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-01-27 07:18 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-01-27 07:16 --------- d-----w c:\program files\QuickTime
2009-01-27 07:13 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2009-01-27 00:42 --------- d-----w c:\program files\World of Warcraft
2009-01-26 21:57 --------- d-----w c:\documents and settings\FettyG\Application Data\Move Networks
2009-01-26 16:09 47,104 ----a-w c:\windows\system32\rpcnet.dll
2009-01-26 03:20 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2009-01-22 23:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-19 07:18 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-19 03:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 20:39 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-01-15 20:39 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-01-13 02:27 --------- d-----w c:\documents and settings\FettyG\Application Data\LimeWire
2008-12-19 00:36 --------- d-----w c:\program files\LimeWire
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-12-11 00:53 --------- d-----w c:\documents and settings\FettyG\Application Data\BitDefender
2008-12-11 00:52 --------- d-----w c:\program files\Common Files\BitDefender
2008-12-11 00:52 --------- d-----w c:\program files\BitDefender
2008-12-06 23:31 --------- d-----w c:\documents and settings\FettyG\Application Data\Simply Super Software
2008-12-06 23:07 --------- d-----w c:\program files\Trojan Remover
2008-12-06 23:07 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-06 23:07 --------- d-----w c:\documents and settings\Administrator\Application Data\Simply Super Software
2008-12-06 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2008-12-06 22:15 --------- d-----w c:\program files\Citrix
2008-12-06 21:08 --------- d-----w c:\documents and settings\FettyG\Application Data\StumbleUpon
2008-12-05 23:49 --------- d-----w c:\documents and settings\FettyG\Application Data\HPAppData
2008-11-05 20:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2007-09-29 07:45 162 ---h--w c:\program files\Common Files\client.lcs
2007-09-10 23:40 88 --sh--r c:\windows\system32\9BD87B0088.sys
2007-09-10 23:40 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-26_ 0.55.49.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-08 11:20:00 122,940 ----a-w c:\windows\system32\DLA\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SetDefaultMIDI "= "MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BDAgent "= "c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-15 741376]
"BitDefender Antiphishing Helper "= "c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-06 15:15 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 20:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 05:04 59392 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 20:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 15:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
--a------ 2008-09-04 09:31 159744 c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-11-17 03:03 8495104 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-17 03:03 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-22 11:05 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-28 22:12 1355042 c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2007-11-17 03:03 86016 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-17 03:03 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Student Backup "=2 (0x2)
"rpcnetp "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
"c:\\WINDOWS\\system32\\ctmweb.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"67:UDP "= 67:UDPHCP Discovery Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R4 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82696]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-06 24652]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S4 Student Backup;Student Backup;c:\program files\Student Backup\rbackup.exe --> c:\program files\Student Backup\rbackup.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-Framework Windows - frmwrk32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 00:18:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1910889623-3642591572-3793038160-1005\Software\SecuROM\License information*]
"datasecu "=hex:54,a1,22,a3,23,68,98,7a,f9,70,f9,b1,a3,a7,d4,8f,7f,22,51,fe,ad,
23,76,85,81,e3,88,dc,d6,a8,fb,db,09,6d,a0,be,05,d6,25,27,8e,f2,5b,dd,5b,04,\
"rkeysecu "=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-01-27 0:20:39
ComboFix-quarantined-files.txt 2009-01-27 07:20:36
ComboFix2.txt 2009-01-26 07:57:16

Pre-Run: 20,037,439,488 bytes free
Post-Run: 20,073,824,256 bytes free

238 --- E O F --- 2009-01-27 01:22:29

 

Lets run 1 more tool to be sure the AWF infection is completely removed. Please download FindAWF
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, awf.txt will open. Please post it's contents here.

 

Here is the report. Thanks!



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 01/27/2009
The current time is: 21:13:42.64


bak folders found
~~~~~~~~~~~


Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\QUICKT~1\BAK

10/19/2007 09:16 PM 286,720 qttask.exe.vir
1 File(s) 286,720 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\EHOME\BAK

09/29/2005 01:01 PM 67,584 ehtray.exe.vir
1 File(s) 67,584 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\BAK

08/10/2004 04:00 AM 15,360 ctfmon.exe.vir
1 File(s) 15,360 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

286720 Oct 19 2007 "C:\Qoobox\Quarantine\C\Program Files\QuickTime\bak\qttask.exe.vir "
67584 Sep 29 2005 "C:\Qoobox\Quarantine\C\WINDOWS\ehome\bak\ehtray.exe.vir "
15360 Aug 10 2004 "C:\Qoobox\Quarantine\C\WINDOWS\system32\bak\ctfmon.exe.vir "


end of report

 

Great! You can delete FindAWF.

Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

I can't seem to download the scanner. The accept agreement button is grayed out and I cannot click on it. I updated the java using the link on the scanner page, but I still recieve a message that says "You must have version 1.5 or more recent" if I leave the page open for more than about a minute. There is also a red message above the agreement that says:

Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other antivirus program is running. If you have another antivirus program installed, please turn it off before running Kaspersky Online Scanner 7.0.

But I cannot seem to disable my BitDefender program completely. I tried looking up a way to turn it off, but didn't find anything. Any ideas?

 

Lets go another route then. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

 

Here is the log.


data002\32788R22FWJFW\C.bat;C:\Documents and Settings\FettyG\Desktop\ComboFix.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\List-C.bat;C:\Documents and Settings\FettyG\Desktop\ComboFix.exe\data002;Probably BATCH.Virus;;
data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\FettyG\Desktop\ComboFix.exe\data002;Program.PsExec.171;;
data002;C:\Documents and Settings\FettyG\Desktop\ComboFix.exe;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\FettyG\Desktop;Archive contains infected objects;;
A0000019.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0;Probably BATCH.Virus;;
A0000029.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0;Probably BATCH.Virus;;
A0000045.EXE;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP0;Program.PsExec.170;;
A0000138.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4;Probably BATCH.Virus;;
A0000140.bat;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4;Probably BATCH.Virus;;
A0000275.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP9;Probably DLOADER.Trojan;;

 

Looks good. Lets clean up now. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.scr from the desktop.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.


Uninstall the following Java components via Add/Remove Programs.

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 7

Then, install the latest version from here

That should finish things up. Things working normally again?

 

Everything seems to be back to normal. Thanks so much!

 

Glad I could help. You're most welcome. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!