Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Need logs reviewed, help appreciated  (Read 4273 times)

0 Members and 1 Guest are viewing this topic.

bpilgrim93

    Topic Starter


    Rookie

    Need logs reviewed, help appreciated
    « on: January 24, 2010, 10:05:31 PM »
    My mom let me have her old laptop and I began having problems with it recently.  Antivirus live had been popping up along with various pop ups telling me my computer was at risk or being attacked.  For a while whenever I would click on a program and try to run it, it would give me a message along the lines of "So and so cant be executed because...... is infected"  I couldnt connect to the internet using internet explorer so i used FireFox instead and that worked.  I used the post telling me how to get rid of malware, spyware etc. It seems to of gotten better although i still cant connect to the internet using internet explorer but FireFox still works fine.  Anyway, here are my logs for review.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/24/2010 at 09:27 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4446
    Trace Rules Database Version: 1978

    Scan type       : Complete Scan
    Total Scan Time : 01:55:52

    Memory items scanned      : 505
    Memory threats detected   : 0
    Registry items scanned    : 8971
    Registry threats detected : 38
    File items scanned        : 66821
    File threats detected     : 1

    Rogue.Agent/Gen
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#knkd
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#aazalirt
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#skaaanret
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#jungertab
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#zibaglertz
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#iddqdops
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#ronitfst
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#tobmygers
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#jikglond
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#tobykke
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#klopnidret
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#jiklagka
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#salrtybek
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#seeukluba
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#jrjakdsd
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#krkdkdkee
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#dkewiizkjdks
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#dkekkrkska
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#rkaskssd
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#kuruhccdsdd
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#krujmmwlrra
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#kkwknrbsggeg
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#ktknamwerr
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#iqmcnoeqz
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#ienotas
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#krkmahejdk
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#otpeppggq
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#krtawefg
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#oranerkka
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#kitiiwhaas
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#otowjdseww
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#otnnbektre
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#oropbbsee
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#irprokwks
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#ooorjaas
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#id
       HKU\S-1-5-21-266565469-3488264558-1019732330-1003\SOFTWARE\AVSCAN#ready

    Rogue.Agent/Gen-Nullo[DLL]
       C:\WINNT\MSKNWRD.DLL


    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    1/24/2010 10:54:41 PM
    mbam-log-2010-01-24 (22-54-41).txt

    Scan type: Quick Scan
    Objects scanned: 126194
    Time elapsed: 11 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anti_troj (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\frvbqqkd (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINNT\system32\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINNT\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:53:49 PM, on 1/24/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINNT\GWMDMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\GWHotKey.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\sniper.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [B2BMC_STARTER] "C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe" CLT=AHL
    O4 - HKLM\..\Run: [Cleanup] c:\program files\mcafee.com\shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} (AHLDSync.ctlDataSync) - https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {61093F1C-B4E6-4CC4-AC44-8EE32A22DD86} (FipFiller Class) - http://localhost:25684/Forms/Control/AHLNetCl.cab
    O16 - DPF: {71D2E2B7-3DEA-11D7-A722-00C0F02CC8EE} - http://localhost:25684/reports/control/ahlrptview.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222782789466&h=867582b51a3b40442bcaf098477940b1/&filename=jinstall-6u7-windows-i586-jc.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
    O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

    --
    End of file - 11399 bytes
    Logged

    bpilgrim93

      Topic Starter


      Rookie

      Re: Need logs reviewed, help appreciated
      « Reply #1 on: January 24, 2010, 10:09:11 PM »
      By the way, if it helps any i use AVG 8.5 as my anti-virus
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Need logs reviewed, help appreciated
      « Reply #2 on: January 25, 2010, 01:14:27 PM »
      Hello bpilgrim93 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

      Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

      Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

      Exit out of MessengerDisable then delete the two files that were put on the desktop.

      ------------------------------------------------------------------------------------------------

      You have Viewpoint installed.

      Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

      More information:

      * ViewMgr.exe - Useless
      * Viewpoint to Plunge Into Adware

      It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

      * Viewpoint
      * Viewpoint Manager
      * Viewpoint Media Player
      * Viewpoint Toolbar
      * Viewpoint Experience Technology

      ------------------------------------------------------------------------------------------------

      Also uninstall Aim or Aim Toolbar

      -------------------------------------------------------------------------------------------------

      Click Start. My Computer.
      Select the Tools menu Folder Options. Select the View Tab.
      Under the Hidden files and folders heading select "Show hidden files and folders".
      Uncheck the "Hide protected operating system files (recommended)" option.
      Uncheck the "Hide file extensions for known file types" option.
      Click Yes to confirm. Click OK.

      Click Start, Search, select All Files and Folders. Copy and paste
      Code: [Select]
      C:\freescan and click search. Delete this folder.

      -------------------------------------------------------------------------------------------------

      Open HijackThis and select Do a system scan only

      Place a check mark next to the following entries: (if there)

      R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
      O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
      O4 - Startup: PowerReg SchedulerV2.exe
      O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
      O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} (AHLDSync.ctlDataSync) - https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
      O16 - DPF: {61093F1C-B4E6-4CC4-AC44-8EE32A22DD86} (FipFiller Class) - http://localhost:25684/Forms/Control/AHLNetCl.cab
      O16 - DPF: {71D2E2B7-3DEA-11D7-A722-00C0F02CC8EE} - http://localhost:25684/reports/control/ahlrptview.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

      Important: Close all open windows except for HijackThis and then click Fix checked.

      Once completed, exit HijackThis.

      -------------------------------------------------------------------------------------------

      Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

      link # 1
      link #2

      Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
      Double-click combofix.exe and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix log and a new HijackThis log in your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      bpilgrim93

        Topic Starter


        Rookie

        Re: Need logs reviewed, help appreciated
        « Reply #3 on: January 25, 2010, 03:20:28 PM »
        here are the logs you requested


        ComboFix 10-01-25.01 - Owner 01/25/2010  16:57:58.1.1 - x86
        Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.167 [GMT -5:00]
        Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
        AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\program files\NavExcel
        c:\program files\NavExcel\NavHelper\v2.0.4d\NHelper.htm
        c:\winnt\exefld
        c:\winnt\system32\AutoRun.inf
        c:\winnt\system32\twain_32.dll

        .
        (((((((((((((((((((((((((   Files Created from 2009-12-25 to 2010-01-25  )))))))))))))))))))))))))))))))
        .

        2010-01-25 04:47 . 2010-01-25 04:47   --------   d-----w-   c:\program files\Trend Micro
        2010-01-25 04:35 . 2010-01-25 04:40   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
        2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
        2010-01-25 03:31 . 2010-01-07 21:07   38224   ----a-w-   c:\winnt\system32\drivers\mbamswissarmy.sys
        2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
        2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-01-25 03:31 . 2010-01-07 21:07   19160   ----a-w-   c:\winnt\system32\drivers\mbam.sys
        2010-01-25 00:24 . 2010-01-25 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
        2010-01-24 06:34 . 2010-01-24 06:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
        2010-01-24 06:31 . 2010-01-24 06:31   --------   d-----w-   c:\program files\CCleaner
        2010-01-24 06:22 . 2010-01-24 06:22   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
        2010-01-22 05:21 . 2010-01-24 19:07   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\mbncaa
        2010-01-17 19:43 . 2010-01-17 19:43   --------   d-sh--w-   c:\documents and settings\Owner\IECompatCache
        2010-01-13 02:48 . 2009-11-21 16:36   470528   ------w-   c:\winnt\system32\dllcache\aclayers.dll
        2010-01-13 02:47 . 2010-01-13 02:47   --------   d-sh--w-   c:\documents and settings\Owner\PrivacIE
        2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
        2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\Owner\IETldCache
        2010-01-12 22:32 . 2009-12-21 19:14   12800   ------w-   c:\winnt\system32\dllcache\xpshims.dll
        2010-01-12 22:32 . 2009-12-21 19:14   246272   ------w-   c:\winnt\system32\dllcache\ieproxy.dll
        2010-01-12 22:32 . 2010-01-14 08:02   --------   d-----w-   c:\winnt\ie8updates
        2010-01-12 22:29 . 2009-10-02 04:44   92160   ------w-   c:\winnt\system32\dllcache\iecompat.dll
        2010-01-12 22:25 . 2010-01-12 22:29   --------   dc-h--w-   c:\winnt\ie8
        2010-01-03 05:48 . 2010-01-03 05:48   2560   ----a-w-   c:\winnt\_MSRSTRT.EXE
        2009-12-28 01:57 . 2010-01-24 20:33   --------   d-----w-   C:\$AVG8.VAULT$
        2009-12-28 01:27 . 2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll
        2009-12-28 01:27 . 2009-12-28 01:27   108552   ----a-w-   c:\winnt\system32\drivers\avgtdix.sys
        2009-12-28 01:27 . 2009-12-28 01:27   335240   ----a-w-   c:\winnt\system32\drivers\avgldx86.sys
        2009-12-28 01:27 . 2010-01-25 21:25   --------   d-----w-   c:\winnt\system32\drivers\Avg
        2009-12-28 01:27 . 2010-01-13 02:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
        2009-12-28 01:26 . 2009-12-28 01:26   --------   d-----w-   c:\program files\AVG
        2009-12-28 01:26 . 2010-01-17 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-01-25 21:29 . 2004-07-02 18:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
        2010-01-25 21:29 . 2004-06-12 01:02   --------   d-----w-   c:\program files\Viewpoint
        2010-01-25 00:24 . 2010-01-25 00:24   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
        2010-01-25 00:24 . 2010-01-25 00:24   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
        2010-01-03 09:37 . 2002-11-08 00:52   --------   d-----w-   c:\program files\QUICKENW
        2010-01-03 09:35 . 2008-06-16 20:02   --------   d-----w-   c:\program files\Coupons
        2010-01-03 06:16 . 2004-07-02 18:14   --------   d-----w-   c:\program files\Pure Networks
        2010-01-03 06:12 . 2004-09-07 22:58   --------   d-----w-   c:\program files\Visioneer OneTouch
        2010-01-03 06:12 . 2009-07-29 22:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
        2010-01-03 06:00 . 2008-10-16 17:51   --------   d-----w-   c:\program files\Citrix
        2010-01-03 05:50 . 2004-09-07 22:58   --------   d-----w-   c:\program files\BMCentral
        2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\Common Files\aolshare
        2010-01-03 05:46 . 2004-12-06 02:14   --------   d-----w-   c:\program files\Ares
        2010-01-03 05:46 . 2004-07-02 18:09   --------   d-----w-   c:\program files\America Online 9.0
        2010-01-03 05:46 . 2004-06-12 01:00   --------   d-----w-   c:\program files\America Online 7.0a
        2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\America Online 7.0
        2010-01-03 05:41 . 2005-02-25 04:52   --------   d-----w-   c:\documents and settings\Owner\Application Data\Aim
        2010-01-03 05:40 . 2004-07-02 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL
        2010-01-03 05:40 . 2004-07-02 16:25   --------   d-----w-   c:\program files\Common Files\AOL
        2010-01-03 05:21 . 2004-08-31 15:57   --------   d-----w-   c:\documents and settings\Owner\Application Data\Lavasoft
        2009-12-28 01:27 . 2007-11-02 18:50   27784   ----a-w-   c:\winnt\system32\drivers\avgmfx86.sys
        2009-12-28 01:10 . 2005-02-25 15:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\WeatherBug
        2009-12-21 19:14 . 2006-06-23 15:33   916480   ----a-w-   c:\winnt\system32\wininet.dll
        2009-11-21 16:36 . 1980-01-01 06:00   470528   ----a-w-   c:\winnt\AppPatch\aclayers.dll
        2004-08-04 05:56 . 2006-12-20 16:31   561179   ----a-w-   c:\program files\Common Files\dao360.dll
        1998-04-27 03:00 . 2004-06-10 13:01   570128   ----a-w-   c:\program files\Common Files\DAO350.DLL
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
        "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

        [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
        "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

        [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
        "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

        [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
        "PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-09-06 40960]
        "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ATIModeChange"="Ati2mdxx.exe" [2002-08-29 28672]
        "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-11-14 110592]
        "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-11-14 413696]
        "GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 65536]
        "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 290816]
        "GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-06-12 27648]
        "Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 98361]
        "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
        "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
        "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-06-12 26112]
        "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-02 98304]
        "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
        "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
        "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-28 2043160]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-2 156784]
        EPSON Status Monitor 3 Environment Check 2.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-10-4 121856]
        HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
        Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-11-2 36864]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
        2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\America Online 9.0\\waol.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Ares\\Ares.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
        "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

        R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [12/27/2009 8:27 PM 335240]
        R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [12/27/2009 8:27 PM 108552]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
        R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2009 8:26 PM 297752]
        R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/7/2002 7:54 PM 6736]
        S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [6/11/2004 8:04 PM 19140]
        S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
        S3 TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver;c:\winnt\system32\drivers\TopazUsb.sys [10/28/2004 8:31 AM 33821]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
        hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
        HPService   REG_MULTI_SZ      HPSLPSVC
        .
        .
        ------- Supplementary Scan -------
        .
        uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
        uInternet Connection Wizard,ShellNext = iexplore
        uInternet Settings,ProxyServer = http=127.0.0.1:5555
        uInternet Settings,ProxyOverride = <local>
        uSearchAssistant = hxxp://www.google.com/ie
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
        IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
        DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
        DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
        FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9hykob.default\
        FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
        FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
        FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
        FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
        FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
        FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
        FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
        .
        - - - - ORPHANS REMOVED - - - -

        HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
        HKLM-Run-B2BMC_STARTER - c:\fipsco life portraits\AHL\B2BMC-Starter.exe
        AddRemove-GTW V.92 Voicemodem - c:\winnt\GWMDMU.exe
        AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-01-25 17:07
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        HKCU\Software\Microsoft\Windows\CurrentVersion\Run
          EPSON Stylus C64 Series = c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"?????????????p,-?????F???????????*>?w????????????????????????????????????e>?w????????????????8???????????qo?w?????????????o?w????????????5N?w???????

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(916)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        c:\winnt\system32\WININET.dll
        .
        Completion time: 2010-01-25  17:13:46
        ComboFix-quarantined-files.txt  2010-01-25 22:13

        Pre-Run: 14,398,386,176 bytes free
        Post-Run: 14,422,589,440 bytes free

        WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
        [boot loader]
        timeout=2
        default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
        [operating systems]
        c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
        multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

        - - End Of File - - 7505F9201881A73198E93CC1B3E37351





        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 5:17:03 PM, on 1/25/2010
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINNT\System32\smss.exe
        C:\WINNT\system32\winlogon.exe
        C:\WINNT\system32\services.exe
        C:\WINNT\system32\lsass.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\system32\spoolsv.exe
        C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        C:\WINNT\System32\Ati2evxx.exe
        C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\System32\tcpsvcs.exe
        C:\WINNT\System32\snmp.exe
        C:\WINNT\System32\svchost.exe
        C:\WINNT\wanmpsvc.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINNT\GWMDMMSG.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINNT\GWHotKey.exe
        C:\Program Files\Real\RealPlayer\RealPlay.exe
        C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINNT\system32\svchost.exe
        C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\PROGRA~1\AVG\AVG8\avgtray.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\WINNT\system32\ctfmon.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
        C:\PROGRA~1\AVG\AVG8\avgrsx.exe
        C:\WINNT\System32\svchost.exe
        C:\PROGRA~1\AVG\AVG8\avgnsx.exe
        C:\WINNT\system32\wuauclt.exe
        C:\WINNT\explorer.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Trend Micro\HijackThis\sniper.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
        R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
        R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
        O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
        O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
        O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
        O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
        O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
        O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
        O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
        O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
        O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
        O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
        O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
        O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
        O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
        O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"
        O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
        O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
        O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
        O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222782789466&h=867582b51a3b40442bcaf098477940b1/&filename=jinstall-6u7-windows-i586-jc.cab
        O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
        O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
        O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
        O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
        O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
        O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
        O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
        O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

        --
        End of file - 9455 bytes
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Need logs reviewed, help appreciated
        « Reply #4 on: January 25, 2010, 08:04:59 PM »
        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        Folder::
        c:\program files\Viewpoint


        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

        -------------------------------------------------------------------------------------------

        ESET Online Scan

        Scan your computer with the ESET FREE Online Virus Scan

        * Click the ESET Online Scanner button.

        * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
        * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
        * Place a check mark next to YES, I accept the Terms of Use.

        * Click the Start button.
        * Accept any security warnings from your browser.
        * Leave the check mark next to Remove found threats and place a check next to Scan archives.
        * Click the Start button.
        * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
        * When the scan completes, click List of found threats.
        * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
        * Click the <<Back button then click Finish.

        In your next reply please include the ESET Online Scan Log

        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        bpilgrim93

          Topic Starter


          Rookie

          Re: Need logs reviewed, help appreciated
          « Reply #5 on: January 26, 2010, 02:15:21 PM »
          The ESET Scan didn't find any threats during its scan so I couldn't create a log, but here is the Combofix log.


          ComboFix 10-01-25.02 - Owner 01/26/2010   0:41.2.1 - x86
          Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.123 [GMT -5:00]
          Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
          Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
          AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\program files\Viewpoint
          c:\program files\Viewpoint\Viewpoint Toolbar\del7.tmp\del8.tmp
          c:\program files\Viewpoint\Viewpoint Toolbar\del7.tmp\del9.tmp

          .
          (((((((((((((((((((((((((   Files Created from 2009-12-26 to 2010-01-26  )))))))))))))))))))))))))))))))
          .

          2010-01-25 04:47 . 2010-01-25 04:47   --------   d-----w-   c:\program files\Trend Micro
          2010-01-25 04:35 . 2010-01-25 04:40   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
          2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
          2010-01-25 03:31 . 2010-01-07 21:07   38224   ----a-w-   c:\winnt\system32\drivers\mbamswissarmy.sys
          2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
          2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          2010-01-25 03:31 . 2010-01-07 21:07   19160   ----a-w-   c:\winnt\system32\drivers\mbam.sys
          2010-01-25 00:24 . 2010-01-25 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
          2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
          2010-01-24 06:34 . 2010-01-24 06:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
          2010-01-24 06:31 . 2010-01-24 06:31   --------   d-----w-   c:\program files\CCleaner
          2010-01-24 06:22 . 2010-01-24 06:22   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
          2010-01-22 05:21 . 2010-01-24 19:07   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\mbncaa
          2010-01-17 19:43 . 2010-01-17 19:43   --------   d-sh--w-   c:\documents and settings\Owner\IECompatCache
          2010-01-13 02:48 . 2009-11-21 16:36   470528   ------w-   c:\winnt\system32\dllcache\aclayers.dll
          2010-01-13 02:47 . 2010-01-13 02:47   --------   d-sh--w-   c:\documents and settings\Owner\PrivacIE
          2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
          2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\Owner\IETldCache
          2010-01-12 22:32 . 2009-12-21 19:14   12800   ------w-   c:\winnt\system32\dllcache\xpshims.dll
          2010-01-12 22:32 . 2009-12-21 19:14   246272   ------w-   c:\winnt\system32\dllcache\ieproxy.dll
          2010-01-12 22:32 . 2010-01-14 08:02   --------   d-----w-   c:\winnt\ie8updates
          2010-01-12 22:29 . 2009-10-02 04:44   92160   ------w-   c:\winnt\system32\dllcache\iecompat.dll
          2010-01-12 22:25 . 2010-01-12 22:29   --------   dc-h--w-   c:\winnt\ie8
          2010-01-03 05:48 . 2010-01-03 05:48   2560   ----a-w-   c:\winnt\_MSRSTRT.EXE
          2009-12-28 01:57 . 2010-01-26 02:30   --------   d-----w-   C:\$AVG8.VAULT$
          2009-12-28 01:27 . 2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll
          2009-12-28 01:27 . 2009-12-28 01:27   108552   ----a-w-   c:\winnt\system32\drivers\avgtdix.sys
          2009-12-28 01:27 . 2009-12-28 01:27   335240   ----a-w-   c:\winnt\system32\drivers\avgldx86.sys
          2009-12-28 01:27 . 2010-01-25 23:47   --------   d-----w-   c:\winnt\system32\drivers\Avg
          2009-12-28 01:27 . 2010-01-13 02:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
          2009-12-28 01:26 . 2009-12-28 01:26   --------   d-----w-   c:\program files\AVG
          2009-12-28 01:26 . 2010-01-17 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-01-25 21:29 . 2004-07-02 18:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
          2010-01-25 00:24 . 2010-01-25 00:24   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
          2010-01-25 00:24 . 2010-01-25 00:24   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
          2010-01-03 09:37 . 2002-11-08 00:52   --------   d-----w-   c:\program files\QUICKENW
          2010-01-03 09:35 . 2008-06-16 20:02   --------   d-----w-   c:\program files\Coupons
          2010-01-03 06:16 . 2004-07-02 18:14   --------   d-----w-   c:\program files\Pure Networks
          2010-01-03 06:12 . 2004-09-07 22:58   --------   d-----w-   c:\program files\Visioneer OneTouch
          2010-01-03 06:12 . 2009-07-29 22:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
          2010-01-03 06:00 . 2008-10-16 17:51   --------   d-----w-   c:\program files\Citrix
          2010-01-03 05:50 . 2004-09-07 22:58   --------   d-----w-   c:\program files\BMCentral
          2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\Common Files\aolshare
          2010-01-03 05:46 . 2004-12-06 02:14   --------   d-----w-   c:\program files\Ares
          2010-01-03 05:46 . 2004-07-02 18:09   --------   d-----w-   c:\program files\America Online 9.0
          2010-01-03 05:46 . 2004-06-12 01:00   --------   d-----w-   c:\program files\America Online 7.0a
          2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\America Online 7.0
          2010-01-03 05:41 . 2005-02-25 04:52   --------   d-----w-   c:\documents and settings\Owner\Application Data\Aim
          2010-01-03 05:40 . 2004-07-02 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL
          2010-01-03 05:40 . 2004-07-02 16:25   --------   d-----w-   c:\program files\Common Files\AOL
          2010-01-03 05:21 . 2004-08-31 15:57   --------   d-----w-   c:\documents and settings\Owner\Application Data\Lavasoft
          2009-12-28 01:27 . 2007-11-02 18:50   27784   ----a-w-   c:\winnt\system32\drivers\avgmfx86.sys
          2009-12-28 01:10 . 2005-02-25 15:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\WeatherBug
          2009-12-21 19:14 . 2006-06-23 15:33   916480   ------w-   c:\winnt\system32\wininet.dll
          2009-11-21 16:36 . 1980-01-01 06:00   470528   ----a-w-   c:\winnt\AppPatch\aclayers.dll
          2004-08-04 05:56 . 2006-12-20 16:31   561179   ----a-w-   c:\program files\Common Files\dao360.dll
          1998-04-27 03:00 . 2004-06-10 13:01   570128   ----a-w-   c:\program files\Common Files\DAO350.DLL
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
          "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

          [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

          [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
          "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

          [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
          "PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-09-06 40960]
          "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
          "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ATIModeChange"="Ati2mdxx.exe" [2002-08-29 28672]
          "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-11-14 110592]
          "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-11-14 413696]
          "GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 65536]
          "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 290816]
          "GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-06-12 27648]
          "Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 98361]
          "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
          "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
          "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-06-12 26112]
          "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
          "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-02 98304]
          "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
          "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
          "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-28 2043160]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-2 156784]
          EPSON Status Monitor 3 Environment Check 2.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-10-4 121856]
          HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
          Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-11-2 36864]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
          2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\America Online 9.0\\waol.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Ares\\Ares.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
          "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

          R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [12/27/2009 8:27 PM 335240]
          R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [12/27/2009 8:27 PM 108552]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
          R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2009 8:26 PM 297752]
          R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/7/2002 7:54 PM 6736]
          S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [6/11/2004 8:04 PM 19140]
          S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
          S3 TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver;c:\winnt\system32\drivers\TopazUsb.sys [10/28/2004 8:31 AM 33821]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
          hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
          HPService   REG_MULTI_SZ      HPSLPSVC
          .
          .
          ------- Supplementary Scan -------
          .
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uInternet Connection Wizard,ShellNext = iexplore
          uInternet Settings,ProxyServer = http=127.0.0.1:5555
          uInternet Settings,ProxyOverride = <local>
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
          IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
          DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
          DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
          FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9hykob.default\
          FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
          FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
          FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
          FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
          FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
          FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
          FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
          .

          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2010-01-26 00:54
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          HKCU\Software\Microsoft\Windows\CurrentVersion\Run
            EPSON Stylus C64 Series = c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"?????????????p,-?????F???????????*>?w????????????????????????????????????e>?w????????????????8???????????qo?w?????????????o?w????????????5N?w???????

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(912)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          c:\winnt\system32\WININET.dll

          - - - - - - - > 'explorer.exe'(2716)
          c:\winnt\system32\WININET.dll
          c:\progra~1\MI1933~1\OFFICE11\OLKFSTUB.DLL
          c:\winnt\system32\ieframe.dll
          c:\winnt\system32\webcheck.dll
          c:\winnt\system32\WPDShServiceObj.dll
          c:\winnt\system32\PortableDeviceTypes.dll
          c:\winnt\system32\PortableDeviceApi.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
          c:\winnt\System32\Ati2evxx.exe
          c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
          c:\winnt\System32\tcpsvcs.exe
          c:\winnt\System32\snmp.exe
          c:\winnt\wanmpsvc.exe
          c:\progra~1\AVG\AVG8\avgrsx.exe
          c:\progra~1\AVG\AVG8\avgnsx.exe
          c:\winnt\system32\wscntfy.exe
          c:\winnt\GWMDMMSG.exe
          c:\winnt\GWHotKey.exe
          c:\program files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
          .
          **************************************************************************
          .
          Completion time: 2010-01-26  01:02:14 - machine was rebooted
          ComboFix-quarantined-files.txt  2010-01-26 06:02
          ComboFix2.txt  2010-01-25 22:13

          Pre-Run: 14,426,648,576 bytes free
          Post-Run: 14,388,195,328 bytes free

          - - End Of File - - 7F13D554961012614021B47141DA2D35
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Need logs reviewed, help appreciated
          « Reply #6 on: January 26, 2010, 04:50:46 PM »
          Oops! Forgot this one.

          1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
          It must be Notepad, not Wordpad.
          2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

          Code: [Select]
          KillAll::

          File::
          c:\documents and settings\All Users\Application Data\Viewpoint

          Folder::
          c:\documents and settings\All Users\Application Data\Viewpoint


          3. Go to the Notepad window and click Edit > Paste
          4. Then click File > Save
          5. Name the file CFScript.txt - Save the file to your Desktop
          6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



          ComboFix will begin to execute, just follow the prompts.
          After reboot (in case it asks to reboot), it will produce a log for you.
          Post that log (Combofix.txt) in your next reply.

          Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          bpilgrim93

            Topic Starter


            Rookie

            Re: Need logs reviewed, help appreciated
            « Reply #7 on: January 26, 2010, 07:55:45 PM »
            ComboFix 10-01-25.02 - Owner 01/26/2010  21:30:09.3.1 - x86
            Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.87 [GMT -5:00]
            Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
            Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
            AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

            FILE ::
            "c:\documents and settings\All Users\Application Data\Viewpoint"
            .

            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            c:\documents and settings\All Users\Application Data\Viewpoint
            c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml
            c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\masteralerts.xml

            .
            (((((((((((((((((((((((((   Files Created from 2009-12-27 to 2010-01-27  )))))))))))))))))))))))))))))))
            .

            2010-01-26 06:17 . 2010-01-26 06:16   411368   ----a-w-   c:\winnt\system32\deploytk.dll
            2010-01-26 06:06 . 2010-01-26 06:06   --------   d-----w-   c:\program files\ESET
            2010-01-25 04:47 . 2010-01-25 04:47   --------   d-----w-   c:\program files\Trend Micro
            2010-01-25 04:35 . 2010-01-25 04:40   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
            2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
            2010-01-25 03:31 . 2010-01-07 21:07   38224   ----a-w-   c:\winnt\system32\drivers\mbamswissarmy.sys
            2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
            2010-01-25 03:31 . 2010-01-25 03:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
            2010-01-25 03:31 . 2010-01-07 21:07   19160   ----a-w-   c:\winnt\system32\drivers\mbam.sys
            2010-01-25 00:24 . 2010-01-25 00:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
            2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
            2010-01-25 00:23 . 2010-01-25 00:23   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
            2010-01-24 06:34 . 2010-01-24 06:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
            2010-01-24 06:31 . 2010-01-24 06:31   --------   d-----w-   c:\program files\CCleaner
            2010-01-24 06:22 . 2010-01-24 06:22   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
            2010-01-22 05:21 . 2010-01-24 19:07   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\mbncaa
            2010-01-17 19:43 . 2010-01-17 19:43   --------   d-sh--w-   c:\documents and settings\Owner\IECompatCache
            2010-01-13 02:48 . 2009-11-21 16:36   470528   ------w-   c:\winnt\system32\dllcache\aclayers.dll
            2010-01-13 02:47 . 2010-01-13 02:47   --------   d-sh--w-   c:\documents and settings\Owner\PrivacIE
            2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
            2010-01-13 02:44 . 2010-01-13 02:44   --------   d-sh--w-   c:\documents and settings\Owner\IETldCache
            2010-01-12 22:32 . 2009-12-21 19:14   12800   ------w-   c:\winnt\system32\dllcache\xpshims.dll
            2010-01-12 22:32 . 2009-12-21 19:14   246272   ------w-   c:\winnt\system32\dllcache\ieproxy.dll
            2010-01-12 22:32 . 2010-01-14 08:02   --------   d-----w-   c:\winnt\ie8updates
            2010-01-12 22:29 . 2009-10-02 04:44   92160   ------w-   c:\winnt\system32\dllcache\iecompat.dll
            2010-01-12 22:25 . 2010-01-12 22:29   --------   dc-h--w-   c:\winnt\ie8
            2010-01-03 05:48 . 2010-01-03 05:48   2560   ----a-w-   c:\winnt\_MSRSTRT.EXE

            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2010-01-26 06:17 . 2010-01-26 06:17   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-120e68d8-n\msvcr71.dll
            2010-01-26 06:17 . 2010-01-26 06:17   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-120e68d8-n\msvcp71.dll
            2010-01-26 06:17 . 2010-01-26 06:17   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-120e68d8-n\jmc.dll
            2010-01-26 06:17 . 2008-09-30 13:53   --------   d-----w-   c:\program files\Common Files\Java
            2010-01-26 06:17 . 2010-01-26 06:17   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6aa98767-n\decora-sse.dll
            2010-01-26 06:17 . 2010-01-26 06:17   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6aa98767-n\decora-d3d.dll
            2010-01-26 06:16 . 2008-09-30 13:55   --------   d-----w-   c:\program files\Java
            2010-01-25 00:24 . 2010-01-25 00:24   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
            2010-01-25 00:24 . 2010-01-25 00:24   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
            2010-01-17 17:35 . 2009-12-28 01:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
            2010-01-13 02:47 . 2009-12-28 01:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
            2010-01-03 09:37 . 2002-11-08 00:52   --------   d-----w-   c:\program files\QUICKENW
            2010-01-03 09:35 . 2008-06-16 20:02   --------   d-----w-   c:\program files\Coupons
            2010-01-03 06:16 . 2004-07-02 18:14   --------   d-----w-   c:\program files\Pure Networks
            2010-01-03 06:12 . 2004-09-07 22:58   --------   d-----w-   c:\program files\Visioneer OneTouch
            2010-01-03 06:12 . 2009-07-29 22:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
            2010-01-03 06:00 . 2008-10-16 17:51   --------   d-----w-   c:\program files\Citrix
            2010-01-03 05:50 . 2004-09-07 22:58   --------   d-----w-   c:\program files\BMCentral
            2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\Common Files\aolshare
            2010-01-03 05:46 . 2004-12-06 02:14   --------   d-----w-   c:\program files\Ares
            2010-01-03 05:46 . 2004-07-02 18:09   --------   d-----w-   c:\program files\America Online 9.0
            2010-01-03 05:46 . 2004-06-12 01:00   --------   d-----w-   c:\program files\America Online 7.0a
            2010-01-03 05:46 . 2002-11-08 00:46   --------   d-----w-   c:\program files\America Online 7.0
            2010-01-03 05:41 . 2005-02-25 04:52   --------   d-----w-   c:\documents and settings\Owner\Application Data\Aim
            2010-01-03 05:40 . 2004-07-02 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL
            2010-01-03 05:40 . 2004-07-02 16:25   --------   d-----w-   c:\program files\Common Files\AOL
            2010-01-03 05:21 . 2004-08-31 15:57   --------   d-----w-   c:\documents and settings\Owner\Application Data\Lavasoft
            2009-12-28 01:27 . 2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll
            2009-12-28 01:27 . 2009-12-28 01:27   108552   ----a-w-   c:\winnt\system32\drivers\avgtdix.sys
            2009-12-28 01:27 . 2009-12-28 01:27   335240   ----a-w-   c:\winnt\system32\drivers\avgldx86.sys
            2009-12-28 01:27 . 2007-11-02 18:50   27784   ----a-w-   c:\winnt\system32\drivers\avgmfx86.sys
            2009-12-28 01:26 . 2009-12-28 01:26   --------   d-----w-   c:\program files\AVG
            2009-12-28 01:10 . 2005-02-25 15:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\WeatherBug
            2009-12-21 19:14 . 2006-06-23 15:33   916480   ------w-   c:\winnt\system32\wininet.dll
            2009-11-21 16:36 . 1980-01-01 06:00   470528   ----a-w-   c:\winnt\AppPatch\aclayers.dll
            2004-08-04 05:56 . 2006-12-20 16:31   561179   ----a-w-   c:\program files\Common Files\dao360.dll
            1998-04-27 03:00 . 2004-06-10 13:01   570128   ----a-w-   c:\program files\Common Files\DAO350.DLL
            .

            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
            "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

            [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
            "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

            [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
            "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

            [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
            "PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-09-06 40960]
            "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
            "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
            "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ATIModeChange"="Ati2mdxx.exe" [2002-08-29 28672]
            "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2001-11-14 110592]
            "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2001-11-14 413696]
            "GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 65536]
            "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-22 290816]
            "GWMDMpi"="c:\winnt\GWMDMpi.exe" [2002-06-12 27648]
            "Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 98361]
            "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
            "EPSON Stylus C64 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
            "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-06-12 26112]
            "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-02 98304]
            "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
            "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
            "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-28 2043160]
            "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

            c:\documents and settings\All Users\Start Menu\Programs\Startup\
            America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-2 156784]
            EPSON Status Monitor 3 Environment Check 2.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2004-10-4 121856]
            HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
            Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-11-2 36864]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
            2009-12-28 01:27   11952   ----a-w-   c:\winnt\system32\avgrsstx.dll

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "c:\\Program Files\\America Online 9.0\\waol.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "c:\\Program Files\\Ares\\Ares.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
            "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
            "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
            "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

            R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [12/27/2009 8:27 PM 335240]
            R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [12/27/2009 8:27 PM 108552]
            R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
            R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
            R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/27/2009 8:26 PM 297752]
            R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/7/2002 7:54 PM 6736]
            S3 ATWPKT;ATWPKT;c:\winnt\system32\drivers\atwpkt.sys [6/11/2004 8:04 PM 19140]
            S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
            S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
            S3 TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver;c:\winnt\system32\drivers\TopazUsb.sys [10/28/2004 8:31 AM 33821]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
            HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
            hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
            HPService   REG_MULTI_SZ      HPSLPSVC
            .
            .
            ------- Supplementary Scan -------
            .
            uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
            uInternet Connection Wizard,ShellNext = iexplore
            uInternet Settings,ProxyServer = http=127.0.0.1:5555
            uInternet Settings,ProxyOverride = <local>
            uSearchAssistant = hxxp://www.google.com/ie
            uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
            IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
            IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
            DPF: {E5238271-D692-408F-A625-275DF49EE4E3} - hxxps://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
            DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} - hxxp://localhost:25684/Sessionctl/control/SessionCtl.cab
            FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fq9hykob.default\
            FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
            FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
            FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
            FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
            FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
            FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
            FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
            .

            **************************************************************************

            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2010-01-26 21:42
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ... 

            scanning hidden autostart entries ...

            HKCU\Software\Microsoft\Windows\CurrentVersion\Run
              EPSON Stylus C64 Series = c:\winnt\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU"?????????????p,-?????F???????????*>?w????????????????????????????????????e>?w????????????????8???????????qo?w?????????????o?w????????????5N?w???????

            scanning hidden files ... 

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            - - - - - - - > 'winlogon.exe'(916)
            c:\program files\SUPERAntiSpyware\SASWINLO.dll
            c:\winnt\system32\WININET.dll

            - - - - - - - > 'explorer.exe'(588)
            c:\winnt\system32\WININET.dll
            c:\progra~1\MI1933~1\OFFICE11\OLKFSTUB.DLL
            c:\winnt\system32\ieframe.dll
            c:\winnt\system32\webcheck.dll
            c:\winnt\system32\WPDShServiceObj.dll
            c:\winnt\system32\PortableDeviceTypes.dll
            c:\winnt\system32\PortableDeviceApi.dll
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
            c:\winnt\System32\Ati2evxx.exe
            c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
            c:\program files\Java\jre6\bin\jqs.exe
            c:\progra~1\AVG\AVG8\avgrsx.exe
            c:\progra~1\AVG\AVG8\avgnsx.exe
            c:\winnt\System32\tcpsvcs.exe
            c:\winnt\System32\snmp.exe
            c:\winnt\wanmpsvc.exe
            c:\winnt\system32\wscntfy.exe
            c:\winnt\GWMDMMSG.exe
            c:\winnt\GWHotKey.exe
            c:\program files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
            .
            **************************************************************************
            .
            Completion time: 2010-01-26  21:50:28 - machine was rebooted
            ComboFix-quarantined-files.txt  2010-01-27 02:50
            ComboFix2.txt  2010-01-26 06:02
            ComboFix3.txt  2010-01-25 22:13

            Pre-Run: 14,198,075,392 bytes free
            Post-Run: 14,165,262,336 bytes free

            - - End Of File - - E2F8ACCB0C1B4BFEE9E3E4113F249725
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Need logs reviewed, help appreciated
            « Reply #8 on: January 27, 2010, 07:29:44 AM »
            Ok. That's looks good. If there are no other issues, it's time for some clean-up. You can uninstall HJT and ESET but you may keep SAS and MBAM. Update them and run them every so often depending on your internet activity.

            Download OTC by OldTimer and save it to your desktop.

            1. Double-click OTC to run it.
            2. Click the CleanUp! button.
            3. Select Yes when the "Begin cleanup Process?" prompt appears.
            4. If you are prompted to Reboot during the cleanup, select Yes
            5. OTC should delete itself once it finishes, if not delete it yourself.

            -------------------------------------------------------------------------

            Clean out your temporary internet files and temp files.

            Download TFC by OldTimer to your desktop.

            Double-click TFC.exe to run it.

            Note: If you are running on Vista, right-click on the file and choose Run As Administrator

            TFC will close all programs when run, so make sure you have saved all your work before you begin.

            * Click the Start button to begin the cleaning process.
            * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
            * Please let TFC run uninterrupted until it is finished.

            Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

            -------------------------------------------------------------------------

            * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
            * Now type Combofix /uninstall in the runbox
            * Make sure there's a space between Combofix and /Uninstall
            * Then hit Enter

            * The above procedure will:
            * Delete the following:
            * ComboFix and its associated files and folders.
            * Reset the clock settings.
            * Hide file extensions, if required.
            * Hide System/Hidden files, if required.
            * Set a new, clean Restore Point.

            -------------------------------------------------------------------------

            Looking over your log it seems you don't have any evidence of a third party firewall.

            Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

            Remember only install ONE firewall

            1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
            2) Online Armor
            3) Agnitum Outpost
            4) PC Tools Firewall Plus

            If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

            -------------------------------------------------------------------------------

            Use the Secunia Software Inspector to check for out of date software.

            •Click Start Now

            •Check the box next to Enable thorough system inspection.

            •Click Start

            •Allow the scan to finish and scroll down to see if any updates are needed.
            •Update anything listed.
            .
            ----------

            Go to Microsoft Windows Update and get all critical updates.

            ----------

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
            Safe Surfing! ;D
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            bpilgrim93

              Topic Starter


              Rookie

              Re: Need logs reviewed, help appreciated
              « Reply #9 on: January 27, 2010, 07:28:23 PM »
              Thanks SuperDave, all the help is much appreciated.
              Logged
              Pages: [1]   Go Up
              « previous next »