Computer Hope
Software => Computer viruses and spyware => Topic started by: The Bubba on April 23, 2011, 04:01:48 PM
-
It's trojan agent_r.XJ and I can't get rid of it with AVG. Thanks in advance.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. Second Warning! Once more and you will be banned. Dave
-
Ignore the above post
-
OK, I think I have everything. Here goes.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/24/2011 at 07:19 PM
Application Version : 4.51.1000
Core Rules Database Version : 6911
Trace Rules Database Version: 4723
Scan type : Complete Scan
Total Scan Time : 01:25:13
Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 6913
Registry threats detected : 2
File items scanned : 58167
File threats detected : 104
Adware.Gamevance
HKU\S-1-5-21-1960408961-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
Rogue.AntiMalwareDoctor
C:\Documents and Settings\John\Application Data\49635A3E2A995D37D5F86BBA45632884
Adware.Tracking Cookie
cdn.insights.gravity.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
.bravenet.com [ C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xh8t7iiq.default\cookies.sqlite ]
C:\Documents and Settings\John\Cookies\john@bravenet[10].txt
C:\Documents and Settings\John\Cookies\john@bravenet[11].txt
C:\Documents and Settings\John\Cookies\john@bravenet[1].txt
C:\Documents and Settings\John\Cookies\john@bravenet[2].txt
C:\Documents and Settings\John\Cookies\john@bravenet[3].txt
C:\Documents and Settings\John\Cookies\john@bravenet[4].txt
C:\Documents and Settings\John\Cookies\john@bravenet[5].txt
C:\Documents and Settings\John\Cookies\john@bravenet[6].txt
C:\Documents and Settings\John\Cookies\john@bravenet[7].txt
C:\Documents and Settings\John\Cookies\john@bravenet[8].txt
C:\Documents and Settings\John\Cookies\john@bravenet[9].txt
C:\Documents and Settings\John\Cookies\[email protected][1].txt
C:\Documents and Settings\John\Cookies\[email protected][2].txt
C:\Documents and Settings\John\Cookies\[email protected][3].txt
C:\Documents and Settings\John\Cookies\[email protected][4].txt
interclick.com [ C:\Documents and Settings\Kathy\Application Data\Macromedia\Flash Player\#SharedObjects\JULVMYMC ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3V8WCCL7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3V8WCCL7 ]
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 3
4/24/2011 8:53:12 PM
mbam-log-2011-04-24 (20-53-12).txt
Scan type: Quick Scan
Objects scanned: 57801
Time elapsed: 5 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:23 PM, on 4/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\sniper.exe\hijackthis\hijackthis.exe\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigblueheaven.proboards.com/index.cgi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {8c49a3d1-585b-4eab-985d-6ad480b4f23d} - C:\Program Files\Kentucky Wildcats Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Funchester Toolbar - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {2A118156-5307-4BFB-9548-B423FDF368A8} - C:\Program Files\Kentucky Wildcats Toolbar\Toolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Funchester - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Kentucky Wildcats Toolbar - {7EF32AD9-C8AC-44E3-A39F-913E777ADEEE} - C:\Program Files\Kentucky Wildcats Toolbar\Toolbar.dll
O3 - Toolbar: Funchester Toolbar - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
--
End of file - 8925 bytes
-
This morning the computer wouldn't let me on the internet or even call up anything on my desktop. I booted in safe mode and it still wouldn't tie on. I eventually did a system restore to Friday and from the looks of it, undone everything I had done yesterday.
-
I'm really desperate for help. I know a lot of folks on here do and am not trying to be pushy. I know you guys are volunteers but it's been almost two days now and this Trojan is driving me nuts.
-
I think I may have stumbled on why after quarantining the threats found in Superantispyware is that two of the threats listed as adware are in the registry. After deleting them, I can't open anything on the desktop or get on the internet. I can't even get on the internet in safe mode.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*********************************************************
threats listed as adware are in the registry. After deleting them, I can't open anything on the desktop or get on the internet. I can't even get on the internet in safe mode.
Sorry for the delay. By removing those two entries in the Registry you may have rendered your computer unfixable. Please stay away from the Registry. Even the experts don't like going there.
Let's try this. Please download MBAM on another computer and transfer it to the infected computer using the above method.
Boot in Safe Mode and try to run the MBAM scan. Now boot in Normal and try running it again. Let me know what happens
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
I'm able to access the internet now so I may not need the advice offered. Please continue your instructions.
-
Ok. Please run MBAM as well as these other scans and post the logs.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
I ran Malwarebytes ans Superspyware but had trouble with the first link on the dds program. When trying to open it, it wanted to open as a screen saver. I tried the second link and when opening it all I got was an empty black prompt page?
-
OK, I couldn't get dds to work so I ran all of the files that Allen suggested (Patio's guidelines) and here are the files.
Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 3
4/27/2011 2:49:35 PM
mbam-log-2011-04-27 (14-49-35).txt
Scan type: Quick Scan
Objects scanned: 61704
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/27/2011 at 08:09 PM
Application Version : 4.51.1000
Core Rules Database Version : 6911
Trace Rules Database Version: 4723
Scan type : Complete Scan
Total Scan Time : 02:41:20
Memory items scanned : 414
Memory threats detected : 0
Registry items scanned : 6945
Registry threats detected : 2
File items scanned : 66645
File threats detected : 75
Adware.Gamevance
HKU\S-1-5-21-1960408961-1532298954-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
Adware.Tracking Cookie
C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt
C:\Documents and Settings\John\Cookies\john@ru4[1].txt
C:\Documents and Settings\John\Cookies\john@adbrite[1].txt
C:\Documents and Settings\John\Cookies\john@questionmarket[2].txt
C:\Documents and Settings\John\Cookies\john@bravenet[2].txt
C:\Documents and Settings\John\Cookies\john@realmedia[1].txt
C:\Documents and Settings\John\Cookies\john@atdmt[2].txt
C:\Documents and Settings\John\Cookies\[email protected][2].txt
2mdn.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
adsatt.espn.go.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
cache.specificmedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
cdn.eyewonder.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
cdn.insights.gravity.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
cdn2.invitemedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
cdn4.specificclick.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
content.oddcast.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
core.insightexpressai.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
ds.serving-sys.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
fuckedhard18.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
gw.callingbanners.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
ia.media-imdb.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
img-cdn.mediaplex.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
indieclick.3janecdn.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
input.insights.gravity.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
interclick.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
m1.2mdn.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
macromedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media-0.phonezoo.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.cnbc.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.easy2.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.expedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.king5.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.kyte.tv [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.mtvnservices.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.oprah.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.resulthost.org [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.scanscout.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media.tattomedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media1.break.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
media10.washingtonpost.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
msnbcmedia.msn.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
multimedia.msn.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
naiadsystems.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
objects.tremormedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
oddcast.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
*censored*.dreammovies.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
rmd.atdmt.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
s0.2mdn.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
secure-us.imrworldwide.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
serving-sys.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
spe.atdmt.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
speed.pointroll.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
static.2mdn.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
static.cdn.360.sorensonmedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
static.discoverymedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
udn.specificclick.net [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
video.pornorama.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
video.redorbit.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
vidii.hardsextube.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
vidii2.hardsextube.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.crackle.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.hentaimedia.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.naiadsystems.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.oddcast.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.pornhub.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www.webhostrevenue.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
www2.jumpstartmediavault.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
wwwstatic.megaporn.com [ C:\Documents and Settings\John\Application Data\Macromedia\Flash Player\#SharedObjects\LL2GRT6H ]
interclick.com [ C:\Documents and Settings\Kathy\Application Data\Macromedia\Flash Player\#SharedObjects\JULVMYMC ]
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
Malware.Trace
C:\WINDOWS\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:53 AM, on 4/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\sniper.exe\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigblueheaven.proboards.com/index.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {8c49a3d1-585b-4eab-985d-6ad480b4f23d} - C:\Program Files\Kentucky Wildcats Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Funchester Toolbar - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {2A118156-5307-4BFB-9548-B423FDF368A8} - C:\Program Files\Kentucky Wildcats Toolbar\Toolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Funchester - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Kentucky Wildcats Toolbar - {7EF32AD9-C8AC-44E3-A39F-913E777ADEEE} - C:\Program Files\Kentucky Wildcats Toolbar\Toolbar.dll
O3 - Toolbar: Funchester Toolbar - {6fe46bf4-267f-4d8c-89b9-6c7947823145} - C:\Program Files\Funchester\prxtbFun2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
--
End of file - 10352 bytes
I hope this is OK.
-
I finally got the DDS to run, here are the files.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 10:10:30.03 on Thu 04/28/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.480 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\John\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bigblueheaven.proboards.com/index.cgi
uURLSearchHooks: FCToolbarURLSearchHook Class: {8c49a3d1-585b-4eab-985d-6ad480b4f23d} - c:\program files\kentucky wildcats toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Kentucky Wildcats Toolbar BHO: {2a118156-5307-4bfb-9548-b423fdf368a8} - c:\program files\kentucky wildcats toolbar\Toolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Kentucky Wildcats Toolbar: {7ef32ad9-c8ac-44e3-a39f-913e777adeee} - c:\program files\kentucky wildcats toolbar\Toolbar.dll
TB: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
mRun: [BOC-426] c:\progra~1\comodo\cboclean\BOC426.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-26 207280]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 296400]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-4-26 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-4-26 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-4-26 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-4-26 29464]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-4-26 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-10-21 73464]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-4-26 381512]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-4-26 4326472]
R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2007-6-27 10240]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-26 947528]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\msi\dualcorecenter\ntglm7x.sys --> c:\program files\msi\dualcorecenter\NTGLM7X.sys [?]
S3 MsibiosDevice;MsibiosDevice;c:\program files\msi\live update 4\lu4\msibios.sys [2009-9-14 18432]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-4-26 70408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-04-28 03:56:11 388096 ----a-r- c:\docume~1\john\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-26 17:33:25 -------- d-----w- c:\docume~1\john\applic~1\OnlineArmor
2011-04-26 17:33:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-04-26 17:32:10 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-26 17:32:10 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-26 17:32:10 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-26 17:32:08 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-04-26 17:32:01 -------- d-----w- c:\program files\Online Armor
2011-04-26 15:44:59 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-26 15:44:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-26 15:44:33 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-26 15:44:20 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-26 15:44:10 -------- d-----w- c:\program files\Spyware Doctor
2011-04-26 15:44:10 -------- d-----w- c:\docume~1\john\applic~1\PC Tools
2011-04-26 15:44:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-26 15:42:41 -------- d-----w- c:\docume~1\john\applic~1\GetRightToGo
2011-04-26 15:20:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-26 15:20:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 15:07:27 -------- d-----w- c:\program files\Xvid
2011-04-26 14:46:01 -------- d-----w- c:\program files\PC Tools Firewall Plus(4)
2011-04-26 12:11:32 -------- d-----w- c:\program files\PC Tools Firewall Plus(3)
2011-04-25 20:22:36 -------- d-----w- c:\program files\PC Tools Firewall Plus(2)
2011-04-25 01:05:41 -------- d-----w- c:\program files\Java(2)
2011-04-25 00:40:23 -------- d-----w- c:\docume~1\john\applic~1\PCToolsFirewallPlus
2011-04-25 00:38:59 -------- d-----w- c:\program files\common files\PC Tools
2011-04-24 21:44:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-23 20:32:03 -------- d-----w- c:\program files\Enigma Software Group
2011-04-23 19:30:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-23 01:42:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
.
==================== Find3M ====================
.
2011-03-19 13:21:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x872E1730]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x872e7a10]; MOV EAX, [0x872e7a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x87381AB8]
3 CLASSPNP[0xF77EFFD7] -> nt!IofCallDriver[0x804E37D5] -> [0x87323920]
5 PCTCore[0xF76BB88F] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000064[0x87383F18]
7 ACPI[0xF7746620] -> nt!IofCallDriver[0x804E37D5] -> [0x87326D98]
\Driver\atapi[0x87377A10] -> IRP_MJ_CREATE -> 0x872E1730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x872E157B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:12:47.81 ===============
-
When trying to open it, it wanted to open as a screen saver. I tried the second link and when opening it all I got was an empty black prompt page?
Must be just a hiccup. I tried them and they both work. The main thing is that your were able to run the scan and it show a rootkit which could be causing this.
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*******************************************************
You may have problems running this tool entirely. If that happens, please let me know. I will know what's causing it.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
I removed an ask toolbar in add and remove. There was nothing in my program files. The TDSSKILLER program will not install past 80%, it then gets an error and says it needs to close. I've tried it multiple times.
-
Besides TDSSKILLER not fully loading, I've got two dump warnings/messages. It states that my computer has made a serious error and had to dump. Below are the things dumped. The message comes from emisoft which is unknown by me.
Name: MINI042811-02.DMP
Path: C:\WINDOWS\MINIDUMP\
Result: Failed to submit
Name: MINI042811-01.DMP
Path: C:\WINDOWS\MINIDUMP\
Result: Failed to submit
Name: MINI042811-01.DMP
Path: C:\WINDOWS\MINIDUMP\
Result: Failed to submit
-
There was nothing in my program files. The TDSSKILLER program will not install past 80%, it then gets an error and says it needs to close.
Ok. That's what I suspected. We'll fix it.
NOTE: It's really important that you install the Recovery Console. We will need it fix the infection.
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Combofix says it can't run with AVG installed (this was after I temporarily disabled it) and to remove it or use another tool. For some reason AVG won't uninstall it's watchdog part therefore cancelling the uninstall. Will this crap ever end?
-
I finally got AVG to uninstall, had to go to programs and cick that uninstall. I'm running combofix as I type.
-
Here's a list of some other free AV programs. I prefer MicroSoft Security Essentials because it's not a resource hog. You install it and forget about it.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
-
Thanks for the advice on the anti virus program..here is the combofix log.
ComboFix 11-04-29.02 - John 04/29/2011 19:12:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.708 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John\Application Data\Dealio
c:\documents and settings\John\Application Data\Dealio\res\widgets.xml
c:\documents and settings\John\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations\{F9B9ED60-8ABE-4008-A452-AC24A7B0AE52}
c:\documents and settings\John\WINDOWS
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-28 03:56 . 2011-04-28 03:56 388096 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-26 17:33 . 2011-04-27 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-26 17:33 . 2011-04-26 17:34 -------- d-----w- c:\documents and settings\John\Application Data\OnlineArmor
2011-04-26 17:32 . 2011-04-06 17:02 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-26 17:32 . 2011-04-06 17:01 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-26 17:32 . 2011-04-06 17:01 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-26 17:32 . 2011-04-06 17:01 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-04-26 17:32 . 2011-04-28 19:25 -------- d-----w- c:\program files\Online Armor
2011-04-26 15:44 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-26 15:44 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-26 15:44 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-26 15:44 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-26 15:44 . 2011-04-26 15:50 -------- d-----w- c:\program files\Spyware Doctor
2011-04-26 15:44 . 2011-04-26 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-26 15:44 . 2011-04-26 15:44 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2011-04-26 15:42 . 2011-04-26 15:48 -------- d-----w- c:\documents and settings\John\Application Data\GetRightToGo
2011-04-26 15:20 . 2011-04-26 15:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 15:16 . 2011-04-26 15:16 -------- d-----w- c:\program files\Java
2011-04-26 15:07 . 2011-04-26 15:07 -------- d-----w- c:\program files\Xvid
2011-04-26 14:46 . 2011-04-26 15:01 -------- d-----w- c:\program files\PC Tools Firewall Plus(4)
2011-04-26 12:11 . 2011-04-26 15:07 -------- d-----w- c:\program files\PC Tools Firewall Plus(3)
2011-04-25 20:22 . 2011-04-26 15:11 -------- d-----w- c:\program files\PC Tools Firewall Plus(2)
2011-04-25 00:40 . 2011-04-25 20:24 -------- d-----w- c:\documents and settings\John\Application Data\PCToolsFirewallPlus
2011-04-25 00:38 . 2011-04-26 15:45 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-24 21:44 . 2011-04-27 19:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-23 20:32 . 2011-04-23 20:32 -------- d-----w- c:\program files\Enigma Software Group
2011-04-23 19:30 . 2011-04-23 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-23 01:47 . 2011-04-23 01:47 -------- d-----w- c:\documents and settings\John\Application Data\DivX
2011-04-23 01:42 . 2011-04-26 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 13:21 . 2011-03-19 13:21 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33 . 2008-10-21 20:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 00:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-10-21 20:23 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8c49a3d1-585b-4eab-985d-6ad480b4f23d}"= "c:\program files\Kentucky Wildcats Toolbar\Helper.dll" [2010-08-13 243200]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8c49a3d1-585b-4eab-985d-6ad480b4f23d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{763C8C3E-9677-474E-B4BD-6ABC7DDDE090}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A118156-5307-4BFB-9548-B423FDF368A8}]
2010-08-13 23:14 1498624 ----a-w- c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Funchester\prxtbFun2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6FE46BF4-267F-4D8C-89B9-6C7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-07-21 2736128]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2003-01-24 348160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-04-06 2477032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\ToolbarUpdate.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/26/2011 11:44 AM 207280]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/26/2011 1:32 PM 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/26/2011 1:32 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/26/2011 1:32 PM 29464]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/26/2011 11:44 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [10/21/2008 4:40 PM 73464]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/26/2011 1:32 PM 381512]
R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [6/27/2007 1:20 AM 10240]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/26/2011 1:32 PM 39048]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 2:24 PM 135664]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/26/2011 1:32 PM 4326472]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [9/14/2009 3:41 PM 18432]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/26/2011 11:44 AM 70408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-07-21 16:20 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 19:46]
.
2011-04-29 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bigblueheaven.proboards.com/index.cgi
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
AddRemove-Extra Screen Capture Free_is1 - c:\program files\Extra Screen Capture Free\unins000.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-LAME for Audacity_is1 - c:\program files\Lame for Audacity\unins000.exe
AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\John\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-00GVA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x872E057B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(500)
c:\windows\system32\WININET.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2011-04-29 19:39:32
ComboFix-quarantined-files.txt 2011-04-29 23:39
.
Pre-Run: 94,805,454,848 bytes free
Post-Run: 95,083,610,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FA1359E77AB4795160F51A0593E0D6FF
-
A question...can you run cobodo clean and online amor(firewall) with this essentials program? BTW, do I run tdsskiller now?
-
BTW, I tried tdsskiller again and it still won't load past 80%.
-
Now when trying to run tdsskiller I get a windows cannot access the specified device. you may not have the appropriate permission to access the item.
-
can you run cobodo clean and online amor(firewall) with this essentials program?
Yes. Comodo and MSE are a good one-two punch.
Earlier on ComboFix installed the Recovery Console. We're going to use that now.
Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)
(http://i424.photobucket.com/albums/pp322/digistar/RC_BootMenu.gif?t=1303756178)
(http://i424.photobucket.com/albums/pp322/digistar/RConsole_A.png)
When you get to the above screen, take note of the number that references your operating system.
If it's '1' like the picture above, type 1 and press Enter
(http://i424.photobucket.com/albums/pp322/digistar/RConsole_Fixmbr.png)
Next type FIXMBR
If it ask if you're sure you want to write a new MBR, answer 'Y'
Then type EXIT to reboot the machine.
With that done, please post back and let me know how things are now. Also please run DDS again and post the log.
-
Wel l ran the recovery console and then ran the dds program. here is the dds file.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 21:20:06.26 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.536 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Documents and Settings\John\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bigblueheaven.proboards.com/index.cgi
uURLSearchHooks: FCToolbarURLSearchHook Class: {8c49a3d1-585b-4eab-985d-6ad480b4f23d} - c:\program files\kentucky wildcats toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Kentucky Wildcats Toolbar BHO: {2a118156-5307-4bfb-9548-b423fdf368a8} - c:\program files\kentucky wildcats toolbar\Toolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Kentucky Wildcats Toolbar: {7ef32ad9-c8ac-44e3-a39f-913e777adeee} - c:\program files\kentucky wildcats toolbar\Toolbar.dll
TB: Funchester Toolbar: {6fe46bf4-267f-4d8c-89b9-6c7947823145} - c:\program files\funchester\prxtbFun2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
mRun: [BOC-426] c:\progra~1\comodo\cboclean\BOC426.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjAzNzg2Njg3LVQyMS1VODUrMS1CQSsxLUtWMys3LV
hMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5L VFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMr MS1GTDEwKzE"&"prod=90"&"ver=10.0.1321
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-26 207280]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslaa9edbf7;MpKslaa9edbf7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c053401-c564-420a-aff4-5a2f8f529dde}\MpKslaa9edbf7.sys [2011-4-30 28752]
R1 MpKsld72166d6;MpKsld72166d6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2c053401-c564-420a-aff4-5a2f8f529dde}\MpKsld72166d6.sys [2011-4-30 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-4-26 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-4-26 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-4-26 29464]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-4-26 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 BOCore;BOCore;c:\program files\comodo\cboclean\BOCore.exe [2008-10-21 73464]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-4-26 381512]
R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2007-6-27 10240]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-4-26 39048]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-4-26 4326472]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\msi\dualcorecenter\ntglm7x.sys --> c:\program files\msi\dualcorecenter\NTGLM7X.sys [?]
S3 MsibiosDevice;MsibiosDevice;c:\program files\msi\live update 4\lu4\msibios.sys [2009-9-14 18432]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-4-26 70408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-05-01 01:19:39 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2c053401-c564-420a-aff4-5a2f8f529dde}\MpKsld72166d6.sys
2011-05-01 01:06:13 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2c053401-c564-420a-aff4-5a2f8f529dde}\MpKslaa9edbf7.sys
2011-04-29 23:51:44 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2c053401-c564-420a-aff4-5a2f8f529dde}\mpengine.dll
2011-04-29 23:51:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-29 23:48:12 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-29 23:09:53 -------- d-sha-r- C:\cmdcons
2011-04-29 23:07:23 98816 ----a-w- c:\windows\sed.exe
2011-04-29 23:07:23 89088 ----a-w- c:\windows\MBR.exe
2011-04-29 23:07:23 256512 ----a-w- c:\windows\PEV.exe
2011-04-29 23:07:23 161792 ----a-w- c:\windows\SWREG.exe
2011-04-28 03:56:11 388096 ----a-r- c:\docume~1\john\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-26 17:33:25 -------- d-----w- c:\docume~1\john\applic~1\OnlineArmor
2011-04-26 17:33:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-04-26 17:32:10 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-04-26 17:32:10 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-04-26 17:32:10 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-04-26 17:32:08 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-04-26 17:32:01 -------- d-----w- c:\program files\Online Armor
2011-04-26 15:44:59 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-26 15:44:33 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-26 15:44:33 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-26 15:44:20 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-26 15:44:10 -------- d-----w- c:\program files\Spyware Doctor
2011-04-26 15:44:10 -------- d-----w- c:\docume~1\john\applic~1\PC Tools
2011-04-26 15:44:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-26 15:42:41 -------- d-----w- c:\docume~1\john\applic~1\GetRightToGo
2011-04-26 15:20:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-26 15:20:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-26 15:07:27 -------- d-----w- c:\program files\Xvid
2011-04-26 14:46:01 -------- d-----w- c:\program files\PC Tools Firewall Plus(4)
2011-04-26 12:11:32 -------- d-----w- c:\program files\PC Tools Firewall Plus(3)
2011-04-25 20:22:36 -------- d-----w- c:\program files\PC Tools Firewall Plus(2)
2011-04-25 01:05:41 -------- d-----w- c:\program files\Java(2)
2011-04-25 00:40:23 -------- d-----w- c:\docume~1\john\applic~1\PCToolsFirewallPlus
2011-04-25 00:38:59 -------- d-----w- c:\program files\common files\PC Tools
2011-04-24 21:44:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-23 20:32:03 -------- d-----w- c:\program files\Enigma Software Group
2011-04-23 19:30:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-23 01:42:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
.
==================== Find3M ====================
.
2011-03-19 13:21:41 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 21:21:13.76 ===============
-
There are two logs to DDS. Please find and post the log Attach.txt. It should be on your desktop. That's the one I need to see.
-
Is this it?
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2008 4:30:15 PM
System Uptime: 4/30/2011 9:39:38 PM (0 hours ago)
.
Motherboard: | | KM266APro-835
Processor: AMD Sempron(tm) 2200+ | Socket A | 1494/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 88.438 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP698: 1/31/2011 12:47:04 PM - System Checkpoint
RP699: 2/1/2011 4:44:10 PM - System Checkpoint
RP700: 2/2/2011 7:22:18 PM - System Checkpoint
RP701: 2/3/2011 8:28:51 PM - System Checkpoint
RP702: 2/5/2011 2:23:42 PM - System Checkpoint
RP703: 2/6/2011 5:33:50 PM - System Checkpoint
RP704: 2/7/2011 9:29:08 PM - System Checkpoint
RP705: 2/9/2011 3:48:43 PM - System Checkpoint
RP706: 2/10/2011 4:36:37 PM - System Checkpoint
RP707: 2/10/2011 8:10:58 PM - Software Distribution Service 3.0
RP708: 2/12/2011 10:31:58 AM - System Checkpoint
RP709: 2/13/2011 3:09:43 PM - System Checkpoint
RP710: 2/14/2011 3:19:44 PM - System Checkpoint
RP711: 2/15/2011 1:00:23 PM - Software Distribution Service 3.0
RP712: 2/16/2011 5:50:36 PM - System Checkpoint
RP713: 2/17/2011 9:42:58 PM - System Checkpoint
RP714: 2/21/2011 1:52:05 PM - System Checkpoint
RP715: 2/22/2011 3:21:47 PM - System Checkpoint
RP716: 2/23/2011 5:40:12 PM - System Checkpoint
RP717: 2/23/2011 10:26:07 PM - Software Distribution Service 3.0
RP718: 2/25/2011 8:43:41 AM - System Checkpoint
RP719: 2/27/2011 9:59:01 PM - System Checkpoint
RP720: 3/1/2011 9:36:28 AM - System Checkpoint
RP721: 3/2/2011 11:00:14 PM - System Checkpoint
RP722: 3/4/2011 12:58:09 PM - System Checkpoint
RP723: 3/5/2011 1:04:15 PM - System Checkpoint
RP724: 3/6/2011 1:23:38 PM - System Checkpoint
RP725: 3/7/2011 5:24:12 PM - System Checkpoint
RP726: 3/8/2011 6:36:54 PM - System Checkpoint
RP727: 3/9/2011 8:32:06 AM - Software Distribution Service 3.0
RP728: 3/10/2011 10:09:13 AM - System Checkpoint
RP729: 3/11/2011 12:25:44 PM - System Checkpoint
RP730: 3/12/2011 12:54:54 PM - System Checkpoint
RP731: 3/13/2011 2:44:25 PM - System Checkpoint
RP732: 3/15/2011 7:51:51 AM - System Checkpoint
RP733: 3/16/2011 2:34:39 PM - System Checkpoint
RP734: 3/17/2011 3:27:07 PM - System Checkpoint
RP735: 3/19/2011 9:53:51 AM - System Checkpoint
RP736: 3/21/2011 12:21:59 PM - System Checkpoint
RP737: 3/22/2011 12:28:39 PM - System Checkpoint
RP738: 3/23/2011 12:41:04 PM - System Checkpoint
RP739: 3/23/2011 3:10:20 PM - Software Distribution Service 3.0
RP740: 3/24/2011 3:38:43 PM - System Checkpoint
RP741: 3/25/2011 5:55:19 PM - System Checkpoint
RP742: 3/27/2011 1:14:17 PM - System Checkpoint
RP743: 3/28/2011 2:13:13 PM - System Checkpoint
RP744: 3/29/2011 3:08:53 PM - System Checkpoint
RP745: 3/31/2011 10:56:11 AM - System Checkpoint
RP746: 4/1/2011 12:12:36 PM - System Checkpoint
RP747: 4/2/2011 1:30:00 PM - System Checkpoint
RP748: 4/3/2011 2:28:19 PM - System Checkpoint
RP749: 4/4/2011 10:39:24 PM - System Checkpoint
RP750: 4/6/2011 10:19:31 AM - System Checkpoint
RP751: 4/7/2011 4:13:20 PM - System Checkpoint
RP752: 4/9/2011 5:05:26 AM - Restore Operation
RP753: 4/9/2011 5:17:57 AM - Restore Operation
RP754: 4/9/2011 5:28:42 AM - Restore Operation
RP755: 4/10/2011 12:55:45 PM - System Checkpoint
RP756: 4/11/2011 6:27:47 PM - System Checkpoint
RP757: 4/12/2011 8:53:52 PM - System Checkpoint
RP758: 4/13/2011 9:20:50 PM - System Checkpoint
RP759: 4/13/2011 9:59:41 PM - Software Distribution Service 3.0
RP760: 4/14/2011 12:47:55 PM - Software Distribution Service 3.0
RP761: 4/15/2011 1:13:51 PM - System Checkpoint
RP762: 4/19/2011 10:45:58 AM - System Checkpoint
RP763: 4/20/2011 1:03:18 PM - System Checkpoint
RP764: 4/22/2011 12:49:09 AM - Software Distribution Service 3.0
RP765: 4/23/2011 2:04:23 PM - System Checkpoint
RP766: 4/23/2011 3:30:42 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP767: 4/23/2011 4:24:19 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP768: 4/23/2011 4:32:00 PM - Installed SpyHunter
RP769: 4/23/2011 4:50:26 PM - Removed SpyHunter
RP770: 4/24/2011 2:14:06 PM - Installed COMODO Internet Security
RP771: 4/24/2011 7:32:00 PM - Removed COMODO Internet Security
RP772: 4/24/2011 8:21:55 PM - Agnitum Outpost Firewall Restore Point: install
RP773: 4/24/2011 8:27:18 PM - Agnitum Outpost Firewall Restore Point: uninstall
RP774: 4/24/2011 9:04:56 PM - Removed Java(TM) 6 Update 10
RP775: 4/24/2011 9:05:39 PM - Installed Java(TM) 6 Update 25
RP776: 4/24/2011 9:09:28 PM - Installed HiJackThis
RP777: 4/24/2011 9:11:30 PM - Removed HiJackThis
RP778: 4/24/2011 9:15:08 PM - Installed HiJackThis
RP779: 4/24/2011 9:36:03 PM - Removed HiJackThis
RP780: 4/24/2011 9:36:52 PM - Installed HiJackThis
RP781: 4/24/2011 9:39:15 PM - Removed HiJackThis
RP782: 4/25/2011 9:11:42 AM - Restore Operation
RP783: 4/25/2011 10:23:46 AM - Software Distribution Service 3.0
RP784: 4/25/2011 5:18:36 PM - Restore Operation
RP785: 4/26/2011 8:05:12 AM - Removed SpyHunter
RP786: 4/26/2011 10:37:19 AM - Restore Operation
RP787: 4/26/2011 10:58:29 AM - Restore Operation
RP788: 4/26/2011 12:34:45 PM - Installed AVG 2011
RP789: 4/26/2011 12:42:18 PM - Removed AVG 2011
RP790: 4/26/2011 1:32:37 PM - Online Armor installation
RP791: 4/27/2011 3:43:02 PM - System Checkpoint
RP792: 4/28/2011 1:53:24 AM - Installed HiJackThis
RP793: 4/28/2011 10:43:49 AM - System Checkpoint
RP794: 4/28/2011 2:56:05 PM - Removed Ask Toolbar.
RP795: 4/29/2011 6:10:48 PM - Removed AVG 2011
RP796: 4/29/2011 6:13:22 PM - Removed AVG 2011
RP797: 4/29/2011 6:45:59 PM - Removed AVG 2011
RP798: 4/29/2011 6:49:49 PM - Removed AVG 2011
RP799: 4/29/2011 10:25:01 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
3D Home Architect Deluxe
Acrobat.com
Active@ KillDisk FREE Suite
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11
Advertising Center
BOClean
C-Media WDM Audio Driver
CCleaner (remove only)
Conduit Engine
Critical Update for Windows Media Player 11 (KB959772)
DolbyFiles
ffdshow v1.1.3476 [2010-06-15]
Funchester Toolbar
Google Earth
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IE New Window Maximizer 2.3
ImagXpress
Java Auto Updater
Java(TM) 6 Update 22
Kentucky Wildcats Toolbar
Lagarith Lossless Codec (1.3.20)
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software
Liveupdate4
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office 2003 Web Components
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Microsoft Works 7.0
Move Media Player
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Drivers
ParetoLogic PC Health Advisor
PC Tools Firewall Plus 7.0
PowerDVD
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setup 1.0
SnagIt 5
Spybot - Search & Destroy
SUPERAntiSpyware
ToolTipFixer 1.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.17
VH Toolkit 1.0.46.0
VIA Rhine-Family Fast Ethernet Adapter
VLC media player 1.0.1
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WMIinfo
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 9:17:50 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
4/30/2011 9:16:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
4/30/2011 8:25:24 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/30/2011 8:23:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/30/2011 8:21:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/30/2011 7:54:19 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: General access denied error
4/30/2011 7:53:38 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
4/30/2011 11:58:51 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/30/2011 11:49:37 AM, error: DCOM [10001] - Unable to start a DCOM Server: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} as /. The error: "%5" Happened while starting this command: C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE -Embedding
4/29/2011 7:52:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/29/2011 7:52:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/29/2011 7:52:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/29/2011 7:52:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/29/2011 7:52:45 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.724.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/29/2011 7:50:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/29/2011 7:49:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/29/2011 6:43:59 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
4/29/2011 5:47:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
4/29/2011 5:47:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
4/29/2011 5:47:40 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2011 5:47:40 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2011 5:20:50 PM, error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
4/29/2011 4:45:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
4/29/2011 4:45:19 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/28/2011 2:09:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
4/28/2011 2:09:11 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
4/28/2011 2:07:14 PM, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
4/28/2011 2:07:14 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.
4/28/2011 2:07:14 PM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.
4/28/2011 2:06:30 PM, error: Dhcp [1002] - The IP address lease 67.173.147.141 for the Network Card with network address 00115B577606 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
4/28/2011 2:03:49 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 00115B577606 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
4/28/2011 12:17:30 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 804e39b7.
4/28/2011 12:15:45 PM, error: Service Control Manager [7022] - The Online Armor service hung on starting.
4/28/2011 11:56:25 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 86d246a0, parameter3 86d24814, parameter4 805fb1d6.
4/28/2011 1:59:20 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/28/2011 1:59:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
4/28/2011 1:59:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/28/2011 1:53:18 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'navcanclCAABIH22' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/27/2011 5:19:39 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: Access is denied.
4/27/2011 5:19:39 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
4/27/2011 5:19:39 PM, error: Service Control Manager [7000] - The AVGIDSFilter service failed to start due to the following error: Access is denied.
4/27/2011 3:22:23 PM, error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the file specified.
4/27/2011 3:06:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL TfFsMon TfSysMon
4/27/2011 3:04:50 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.
4/27/2011 3:04:50 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: Access is denied.
4/27/2011 3:04:50 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.
4/27/2011 3:04:50 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.
4/27/2011 3:04:50 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: Access is denied.
4/27/2011 10:20:11 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: Access is denied.
4/27/2011 10:20:11 PM, error: Service Control Manager [7000] - The AVGIDSDriver service failed to start due to the following error: Access is denied.
4/27/2011 1:52:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BOCore service to connect.
4/26/2011 8:05:35 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/26/2011 12:45:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/26/2011 11:50:31 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
4/26/2011 11:30:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
4/26/2011 10:56:15 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000001, parameter4 804ede8e.
4/26/2011 10:37:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/26/2011 10:35:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss SASDIFSV Tcpip
4/26/2011 10:35:57 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 10:35:57 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 10:35:57 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 10:35:57 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2011 10:35:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/26/2011 1:06:30 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/26/2011 1:00:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/25/2011 5:18:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/25/2011 5:18:32 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
4/25/2011 5:13:12 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
4/25/2011 4:16:15 PM, error: Service Control Manager [7000] - The PCTAppEvent Driver service failed to start due to the following error: The specified driver is invalid.
.
==== End Of File ===========================
-
I finally got tdsskiller to run and it didn't find any infections. My computer is still acting a bit strange and believe something is still amiss.Here is the log for tdsskiller.
2011/04/30 22:34:38.0031 4232 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/30 22:34:38.0515 4232 ================================================================================
2011/04/30 22:34:38.0515 4232 SystemInfo:
2011/04/30 22:34:38.0515 4232
2011/04/30 22:34:38.0515 4232 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/30 22:34:38.0515 4232 Product type: Workstation
2011/04/30 22:34:38.0515 4232 ComputerName: ZONKED
2011/04/30 22:34:38.0531 4232 UserName: John
2011/04/30 22:34:38.0531 4232 Windows directory: C:\WINDOWS
2011/04/30 22:34:38.0531 4232 System windows directory: C:\WINDOWS
2011/04/30 22:34:38.0531 4232 Processor architecture: Intel x86
2011/04/30 22:34:38.0531 4232 Number of processors: 1
2011/04/30 22:34:38.0531 4232 Page size: 0x1000
2011/04/30 22:34:38.0531 4232 Boot type: Normal boot
2011/04/30 22:34:38.0531 4232 ================================================================================
2011/04/30 22:34:39.0250 4232 Initialize success
2011/04/30 22:34:46.0718 1768 ================================================================================
2011/04/30 22:34:46.0718 1768 Scan started
2011/04/30 22:34:46.0718 1768 Mode: Manual;
2011/04/30 22:34:46.0718 1768 ================================================================================
2011/04/30 22:34:47.0109 1768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/30 22:34:47.0218 1768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/30 22:34:47.0390 1768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/30 22:34:47.0484 1768 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/30 22:34:47.0750 1768 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/04/30 22:34:48.0000 1768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/30 22:34:48.0015 1768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/30 22:34:48.0125 1768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/30 22:34:48.0234 1768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/30 22:34:48.0312 1768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/30 22:34:48.0437 1768 BOCDRIVE (88905c1604faded38ede4a04b74dfca7) C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
2011/04/30 22:34:48.0765 1768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/30 22:34:48.0875 1768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/30 22:34:48.0921 1768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/30 22:34:49.0000 1768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/30 22:34:49.0312 1768 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
2011/04/30 22:34:49.0734 1768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/30 22:34:49.0859 1768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/30 22:34:49.0937 1768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/30 22:34:50.0000 1768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/30 22:34:50.0078 1768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/30 22:34:50.0203 1768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/30 22:34:50.0328 1768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/30 22:34:50.0390 1768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/30 22:34:50.0468 1768 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/04/30 22:34:50.0546 1768 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/04/30 22:34:50.0625 1768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/30 22:34:50.0687 1768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/30 22:34:50.0750 1768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/30 22:34:50.0828 1768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/30 22:34:50.0890 1768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/30 22:34:50.0984 1768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/30 22:34:51.0109 1768 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/30 22:34:51.0281 1768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/30 22:34:51.0437 1768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/30 22:34:51.0515 1768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/30 22:34:51.0750 1768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/30 22:34:51.0828 1768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/30 22:34:51.0890 1768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/30 22:34:51.0968 1768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/30 22:34:52.0046 1768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/30 22:34:52.0093 1768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/30 22:34:52.0171 1768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/30 22:34:52.0218 1768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/30 22:34:52.0343 1768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/30 22:34:52.0421 1768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/30 22:34:52.0656 1768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/30 22:34:52.0734 1768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/30 22:34:52.0781 1768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/30 22:34:52.0890 1768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/30 22:34:52.0937 1768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/30 22:34:53.0046 1768 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/30 22:34:53.0171 1768 MpKsl4cd1eff1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C053401-C564-420A-AFF4-5A2F8F529DDE}\MpKsl4cd1eff1.sys
2011/04/30 22:34:53.0234 1768 MpKslaa9edbf7 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C053401-C564-420A-AFF4-5A2F8F529DDE}\MpKslaa9edbf7.sys
2011/04/30 22:34:53.0328 1768 MpKsld72166d6 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C053401-C564-420A-AFF4-5A2F8F529DDE}\MpKsld72166d6.sys
2011/04/30 22:34:53.0437 1768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/30 22:34:53.0562 1768 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/30 22:34:53.0671 1768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/30 22:34:53.0843 1768 MsibiosDevice (73df019bb316f317e60ae8758a52b3d1) C:\Program Files\MSI\Live Update 4\LU4\msibios.sys
2011/04/30 22:34:53.0937 1768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/30 22:34:54.0000 1768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/30 22:34:54.0078 1768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/30 22:34:54.0140 1768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/30 22:34:54.0187 1768 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/30 22:34:54.0265 1768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/30 22:34:54.0343 1768 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/30 22:34:54.0390 1768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/30 22:34:54.0453 1768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/30 22:34:54.0515 1768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/30 22:34:54.0625 1768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/30 22:34:54.0703 1768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/30 22:34:54.0890 1768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/30 22:34:55.0031 1768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/30 22:34:55.0125 1768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/30 22:34:55.0453 1768 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/30 22:34:55.0640 1768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/30 22:34:55.0703 1768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/30 22:34:55.0781 1768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/30 22:34:55.0828 1768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/30 22:34:55.0890 1768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/30 22:34:56.0078 1768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/30 22:34:56.0250 1768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/30 22:34:56.0328 1768 PCTAppEvent (f767f3b35c3ecf8a60b2a65beec50ef5) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/04/30 22:34:56.0453 1768 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/04/30 22:34:56.0640 1768 PCTFW-PacketFilter (58db891ca76a2d49e33ba9fa13b86c89) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2011/04/30 22:34:56.0734 1768 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/04/30 22:34:56.0796 1768 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/04/30 22:34:56.0828 1768 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys
2011/04/30 22:34:56.0906 1768 pctplfw (78d871114e7cb3115e058d1f85751c7f) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/04/30 22:34:56.0953 1768 pctplsg (95a8562701e6b4494993847f85b2d60e) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/04/30 22:34:57.0390 1768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/30 22:34:57.0468 1768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/30 22:34:57.0765 1768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/30 22:34:57.0828 1768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/30 22:34:57.0890 1768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/30 22:34:57.0937 1768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/30 22:34:58.0031 1768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/30 22:34:58.0062 1768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/30 22:34:58.0171 1768 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/30 22:34:58.0281 1768 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/30 22:34:58.0515 1768 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/30 22:34:58.0562 1768 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/30 22:34:58.0687 1768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/30 22:34:58.0781 1768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/30 22:34:58.0843 1768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/30 22:34:58.0968 1768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/30 22:34:59.0171 1768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/30 22:34:59.0296 1768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/30 22:34:59.0406 1768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/30 22:34:59.0515 1768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/30 22:34:59.0578 1768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/30 22:34:59.0890 1768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/30 22:35:00.0015 1768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/30 22:35:00.0093 1768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/30 22:35:00.0187 1768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/30 22:35:00.0234 1768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/30 22:35:00.0593 1768 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/04/30 22:35:00.0656 1768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/30 22:35:00.0765 1768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/30 22:35:00.0875 1768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/30 22:35:00.0937 1768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/30 22:35:01.0000 1768 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/30 22:35:01.0046 1768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/30 22:35:01.0109 1768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/30 22:35:01.0156 1768 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/30 22:35:01.0187 1768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/30 22:35:01.0312 1768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/30 22:35:01.0453 1768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/30 22:35:01.0734 1768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/30 22:35:01.0843 1768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/30 22:35:01.0906 1768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/30 22:35:02.0234 1768 ================================================================================
2011/04/30 22:35:02.0234 1768 Scan finished
2011/04/30 22:35:02.0234 1768 ================================================================================
-
Both of those logs look good. You appear to have some remnants of AVG on your computer. Please run this AVG Removal Tool to get rid of them.
AVG Antivirus - AVG Antivirus Remover utility (http://www.avg.com/download-tools)
Re-run MBAM:
Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
*******************************************************
Also, please run another scan with ComboFix and post the log.
-
Sorry not to get back sooner, fell asleep on the couth.
Here are the two logs you requested...Malwarebytes and combofix
Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 3
5/2/2011 1:20:20 AM
mbam-log-2011-05-02 (01-20-20).txt
Scan type: Quick Scan
Objects scanned: 75641
Time elapsed: 15 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 11-04-29.02 - John 05/02/2011 1:49.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.519 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 05:26 . 2011-05-02 05:26 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl8002e529.sys
2011-05-02 04:53 . 2011-05-02 04:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl82cbd4f6.sys
2011-05-01 17:51 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-01 17:51 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\mpengine.dll
2011-05-01 01:34 . 2010-11-24 13:18 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-05-01 01:34 . 2010-07-08 13:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-05-01 01:34 . 2010-02-05 13:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-05-01 01:34 . 2010-11-25 14:42 124992 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-05-01 01:34 . 2011-05-01 01:37 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-04-29 23:51 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-29 23:48 . 2011-04-29 23:48 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-28 03:56 . 2011-04-28 03:56 388096 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-26 15:44 . 2010-11-17 14:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-26 15:44 . 2010-11-25 14:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-26 15:44 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-26 15:44 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-26 15:44 . 2011-04-26 15:50 -------- d-----w- c:\program files\Spyware Doctor
2011-04-26 15:44 . 2011-04-26 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-04-26 15:44 . 2011-04-26 15:44 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2011-04-26 15:42 . 2011-04-26 15:48 -------- d-----w- c:\documents and settings\John\Application Data\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 13:21 . 2011-03-19 13:21 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33 . 2008-10-21 20:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 00:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-10-21 20:23 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-29_23.34.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-02 05:08 . 2011-05-02 05:08 21504 c:\windows\Installer\f49b6.msi
- 2010-06-08 12:41 . 2011-02-15 18:02 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-08 12:41 . 2011-04-30 02:34 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2010-10-25 01:25 . 2010-10-25 01:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-04-29 23:48 . 2011-04-29 23:48 786432 c:\windows\Installer\2bf6a5.msi
+ 2011-04-29 23:48 . 2011-04-29 23:48 479744 c:\windows\Installer\2bf69f.msi
+ 2011-04-29 23:48 . 2011-04-29 23:48 301056 c:\windows\Installer\2bf69a.msi
+ 2008-10-24 02:51 . 2011-04-18 19:46 42181064 c:\windows\system32\MRT.exe
+ 2011-04-30 02:31 . 2011-04-30 02:31 20314624 c:\windows\Installer\1adf10.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8c49a3d1-585b-4eab-985d-6ad480b4f23d}"= "c:\program files\Kentucky Wildcats Toolbar\Helper.dll" [2010-08-13 243200]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8c49a3d1-585b-4eab-985d-6ad480b4f23d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{763C8C3E-9677-474E-B4BD-6ABC7DDDE090}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A118156-5307-4BFB-9548-B423FDF368A8}]
2010-08-13 23:14 1498624 ----a-w- c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Funchester\prxtbFun2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6fe46bf4-267f-4d8c-89b9-6c7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7EF32AD9-C8AC-44E3-A39F-913E777ADEEE}"= "c:\program files\Kentucky Wildcats Toolbar\Toolbar.dll" [2010-08-13 1498624]
"{6FE46BF4-267F-4D8C-89B9-6C7947823145}"= "c:\program files\Funchester\prxtbFun2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{7ef32ad9-c8ac-44e3-a39f-913e777adeee}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{880EC4BB-9C31-4429-9452-D6F388B0C230}]
[HKEY_CLASSES_ROOT\FCTB000061649.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{6fe46bf4-267f-4d8c-89b9-6c7947823145}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-07-21 2736128]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2003-01-24 348160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Kentucky Wildcats Toolbar\\ToolbarUpdate.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/26/2011 11:44 AM 218592]
R1 MpKsl8002e529;MpKsl8002e529;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl8002e529.sys [5/2/2011 1:26 AM 28752]
R1 MpKsl82cbd4f6;MpKsl82cbd4f6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC3B1C4-E3B3-40C8-A3DB-59257611448A}\MpKsl82cbd4f6.sys [5/2/2011 12:53 AM 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/26/2011 11:44 AM 249616]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [10/21/2008 4:40 PM 73464]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [4/26/2011 11:44 AM 160448]
R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [6/27/2007 1:20 AM 10240]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [4/30/2011 9:34 PM 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [4/30/2011 9:34 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [4/30/2011 9:34 PM 124992]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 MpKsl3ece6eb6;MpKsl3ece6eb6;
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 2:24 PM 135664]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 2:24 PM 135664]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [9/14/2009 3:41 PM 18432]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [4/30/2011 9:34 PM 57536]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/26/2011 11:44 AM 70408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8002E529
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-07-21 16:20 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 19:46]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 18:23]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 18:23]
.
2011-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
2011-04-29 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bigblueheaven.proboards.com/index.cgi
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 02:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02 02:10:19
ComboFix-quarantined-files.txt 2011-05-02 06:10
ComboFix2.txt 2011-04-29 23:39
.
Pre-Run: 94,840,037,376 bytes free
Post-Run: 94,972,563,456 bytes free
.
- - End Of File - - 4B757F5A7D8EAB75A75A5ACDEEAEC70B
-
I need to run another few scans to make sure the infection is gone.
Please download 7-Zip (http://www.7-zip.org) and install it. If you already have it, no need to reinstall.
Then, download RootkitUnhooker (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar) and save the setup to your Desktop.
- Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
- Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
- Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
- It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
- Once inside the interface, do not fix anything. Click on the Report tab.
- Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
- It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
- When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"
-
I installed 7zip, downloaded RKU to my desktop. That's when things don't do right. When mousing over 7zip and extracting to RKU, it says it can't open the C:documents and settings\john's desktop\RKUexe' as an archive. I tried just to extract it and you would have thought I was opening Pandora's box. I had changed my antivirus to Avast and it wanted to open it in it's sandbox. What to do now?
-
Ok. Don't bother with it. It was just another scan to make sure that infection was gone. It didn't show in the other two scans so I'm quite certain it's gone. How's your computer running?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Dave I'm sorry but I'm going elsewheres. My computer still isn't acting right and I feel like a trick pony jumping through hoops. Have a nice day.
-
Dave, I'm sorry for my sharp remarks, I do appreciate you trying to help me.
-
I'm sorry that you feel that way. You had a severe infection and not too many other forums know how to deal with it. If that last scan would have been run, then we were all finished except for the cleanup of all the tools we use.
-
I'm sorry again I popped off. Here is the file you wanted. There were actually 4 threats but I remembered I was supposed to save the file. It cleaned all four anyway, two when I ran it halfway and then this time. Thanks for your help. I hope this got them all.
C:\System Volume Information\_restore{A2F51B10-7FAA-446F-8ABC-330C2F74D431}\RP770\A0149740.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A2F51B10-7FAA-446F-8ABC-330C2F74D431}\RP786\A0169948.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
-
My computer still has a problem and had it before I did the last program. I noticed it first trying to play a game located on msn. I tried to open my email service and got an error has happened and the tab has been recovered. This was the same error message when trying to play that game. It basically won't let you go to a particular page on that site.
-
Your computer looks clean now. Can you give me a screenshot of that problem with the game?
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
-
I also did a long scan with Avast and was found clean. Here is the screen shot. It is showing it right before it transitions back to the page where you click to play the game.
(http://img.photobucket.com/albums/v508/BigBlueHeaven/tab.jpg)
-
It appears to be a problem with that particular site.Can you do this for me. Right-click in the address bar and select "copy" When you post your reply just right click anywhere in your reply and click "paste" or click CTRL + V and the address should be pasted in your reply. Please send that to me.
-
I have played this game for a couple of years now and this never happened. I wouldn't have thought too much about it until it happened on another site and it was just opening a web page, not a game. Here is the address.
http://zone.msn.com/en/texttwist/default.htm?intgid=hp_populargames_2
PS: I was able to get to my email address without the problem, that's a biggie. Oh BTW, I deleated all of the files and removed all of the programs used to get rid of the virus. I thought maybe that would help.
-
This is the answer to the "this tab has been recovered". I found this and tried it and it worked.
a) Click the Start button, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).
PS: A bit premature on the popping of the champagne...it seems I need to install Adobe flash player and it's being a bit difficult.
-
That's great news. Please keep me updated.
-
Sorry, I was premature in thinking that the problem was solved. I'm still looking though.