Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware guard 2008 removal help


  • This topic is locked This topic is locked
8 replies to this topic

#1 priz2086

priz2086

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 10 January 2009 - 11:22 PM

I somehow aquared spyware guard 2008 spyware on my computer. I noticed I had a problem when the interent was working very slowly. I was unable to run Spybot S&D, but was able to run McAfee virus scan. It found and deleted the following: SVHOST.EXE, svhost.exe, IEMODULE.DLL, ieModule.dll, SPYWAREGUARD.EXE, spywareguard.exe. I also deleted the registry values for the program. Running Dr. Web Scanner for windows I found BackDoor.Tdss.29 and a trogan start paje in my SB S&D registry, both which were deleted. One problem I am still having is that I cannot get to some pages when using Firefox. I cannot for instance get to bleepingcomputer.com in firefox, I get an error. I am able to get to the page in IE though. Also when in Firefox and on a page such as google, when clicking on search results, I am directed to other sites for spyware and whatnot. Please help. Attached are the files needed for a post, please let me know if RSIT or Hijackthis files are needed/wanted as I have those as well. Thanks


DDS (Ver_09-01-07.01) - NTFSx86
Run by outdoorguy at 21:16:22.17 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.609 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\DOCUME~1\OUTDOO~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Documents and Settings\outdoorguy\My Documents\Inernet downloads\cureit.exe
C:\DOCUME~1\OUTDOO~1\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\OUTDOO~1\LOCALS~1\Temp\RarSFX1\setup.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\outdoorguy\Local Settings\Temporary Internet Files\Content.IE5\C3P8F04S\dds[1].scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [gStart] c:\garmin\gStart.exe
uRun: [Google Update] "c:\documents and settings\outdoorguy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTZDetec.exe] "c:\program files\creative\creative media lite\CTZDetec.exe"
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
StartupFolder: c:\docume~1\outdoo~1\startm~1\programs\startup\lnk~1 - c:\program files\solidworks\solidworks\swscheduler\swBOEngine.exe
StartupFolder: c:\docume~1\outdoo~1\startm~1\programs\startup\solidw~1.lnk - c:\program files\solidworks\solidworks\swscheduler\swBOEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms peripherals\bounceback express\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\outdoo~1\applic~1\mozilla\firefox\profiles\9pt25wcj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\outdoorguy\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-19 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-19 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-19 168776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-5-14 3328]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-19 104000]
R4 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R4 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-8-18 14976]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2005-6-2 10496]

=============== Created Last 30 ================

2009-01-10 20:14 94,608 a------- c:\windows\system32\drivers\dwshd.sys
2009-01-10 20:08 <DIR> --d----- c:\documents and settings\outdoorguy\DoctorWeb
2009-01-10 18:22 <DIR> --d----- C:\!KillBox
2009-01-10 17:49 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-05 09:56 61,440 a------- c:\windows\system32\TDSSeyen.dll
2009-01-05 09:56 2,709 a------- c:\windows\system32\TDSSqxjb.dll
2009-01-05 09:56 31,232 a------- c:\windows\system32\TDSSaesi.dll
2009-01-05 09:56 29,696 a------- c:\windows\system32\TDSSurtp.dll
2009-01-05 09:56 35,840 a------- c:\windows\system32\TDSSjvkw.dll
2009-01-05 09:56 441 a------- c:\windows\system32\TDSSimyd.dat
2009-01-05 09:56 60,416 -------- c:\windows\system32\drivers\TDSSqyvo.sys
2008-12-30 00:54 90,112 a------- c:\windows\unvise32.exe
2008-12-29 23:27 53,248 a------- c:\windows\system32\GraphLite2.ocx
2008-12-28 16:35 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-28 13:30 <DIR> --dsh--- c:\windows\system32\twain_32
2008-12-24 23:27 <DIR> --d----- C:\temp
2008-12-23 00:18 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\DassaultSystemes
2008-12-23 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2008-12-22 23:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COSMOS Applications
2008-12-22 23:22 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\SolidWorks 2008
2008-12-22 23:19 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\SolidWorks
2008-12-20 23:29 <DIR> --d----- c:\program files\Trend Micro
2008-12-19 16:02 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\DWGeditor
2008-12-19 16:00 0 a------- c:\windows\eDrawingOfficeAutomator.INI
2008-12-19 15:56 23 a---h--- c:\windows\yacht.xws
2008-12-19 15:45 <DIR> --d----- c:\program files\common files\SolidWorks Shared
2008-12-19 15:43 <DIR> --d----- c:\program files\common files\eDrawings2008
2008-12-19 15:43 <DIR> --d----- c:\program files\SolidWorks
2008-12-19 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SolidWorks
2008-12-19 15:37 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-19 15:35 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-19 15:33 <DIR> --d----- C:\SolidWorks Data
2008-12-19 13:20 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\Peaksware
2008-12-19 13:20 <DIR> --d----- c:\program files\Peaksware
2008-12-17 19:50 <DIR> --d----- c:\program files\common files\SolidWorks Installation Manager
2008-12-17 19:49 <DIR> --d----- c:\windows\SolidWorks
2008-12-17 19:48 <DIR> --d----- c:\docume~1\outdoo~1\applic~1\IM

==================== Find3M ====================

2008-12-20 13:56 69,357 a------- c:\windows\hpoins05.dat
2008-11-03 19:18 2,678 -------- c:\windows\java\packages\data\FF3DVTFX.DAT
2008-11-03 19:18 2,678 -------- c:\windows\java\packages\data\5RH779V5.DAT
2008-11-03 19:18 2,678 -------- c:\windows\java\packages\data\VB5B1BPF.DAT
2008-11-03 19:18 2,678 -------- c:\windows\java\packages\data\BFH77HVX.DAT
2008-11-03 19:18 2,678 -------- c:\windows\java\packages\data\3BXZLZ5J.DAT
2008-10-23 05:36 286,720 -------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 -------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 -------- c:\windows\system32\muweb.dll
2008-10-16 13:38 826,368 -------- c:\windows\system32\wininet.dll
2008-08-22 23:44 24,192 -------- c:\documents and settings\outdoorguy\usbsermptxp.sys
2008-08-22 23:44 22,768 -------- c:\documents and settings\outdoorguy\usbsermpt.sys

============= FINISH: 21:18:31.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 12 January 2009 - 02:16 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 priz2086

priz2086
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 12 January 2009 - 05:45 PM

Combo fix log:

ComboFix 09-01-11.04 - outdoorguy 2009-01-12 15:20:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1049 [GMT -7:00]
Running from: c:\documents and settings\outdoorguy\My Documents\Inernet downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\outdoorguy\Start Menu\Programs\Startup\.lnk
c:\windows\system32\twain_32

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-11 01:19 . 2009-01-11 01:19 205 --a------ c:\windows\wininit.ini
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SUPERAntiSpyware.com
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-11 00:49 . 2009-01-11 00:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-10 20:08 . 2009-01-10 20:08 <DIR> d-------- c:\documents and settings\outdoorguy\DoctorWeb
2009-01-10 19:23 . 2009-01-10 19:37 <DIR> d-------- C:\rsit
2009-01-10 18:22 . 2009-01-10 18:22 <DIR> d-------- C:\!KillBox
2009-01-10 17:49 . 2009-01-10 17:49 552 --a------ c:\windows\system32\d3d8caps.dat
2009-01-05 09:56 . 2009-01-10 19:26 2,709 --a------ c:\windows\system32\TDSSqxjb.dll
2008-12-30 22:48 . 2008-12-30 22:48 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\gtk-2.0
2008-12-30 00:54 . 2004-03-29 15:23 90,112 --a------ c:\windows\unvise32.exe
2008-12-29 23:27 . 2002-08-26 16:04 53,248 --a------ c:\windows\system32\GraphLite2.ocx
2008-12-28 16:35 . 2008-12-28 16:35 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 23:27 . 2009-01-11 23:01 <DIR> d-------- C:\temp
2008-12-23 00:18 . 2008-12-23 00:18 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\DassaultSystemes
2008-12-23 00:18 . 2008-12-23 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\DassaultSystemes
2008-12-22 23:44 . 2008-12-22 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\COSMOS Applications
2008-12-22 23:22 . 2008-12-22 23:22 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SolidWorks 2008
2008-12-22 23:19 . 2009-01-04 23:02 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SolidWorks
2008-12-20 23:29 . 2008-12-20 23:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 16:02 . 2008-12-19 16:02 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\DWGeditor
2008-12-19 16:00 . 2008-12-19 16:00 0 --a------ c:\windows\eDrawingOfficeAutomator.INI
2008-12-19 15:56 . 2008-12-19 15:56 23 --ah----- c:\windows\yacht.xws
2008-12-19 15:45 . 2008-12-19 16:03 <DIR> d-------- c:\program files\Common Files\SolidWorks Shared
2008-12-19 15:43 . 2008-12-19 16:02 <DIR> d-------- c:\program files\SolidWorks
2008-12-19 15:43 . 2008-12-19 16:00 <DIR> d-------- c:\program files\Common Files\eDrawings2008
2008-12-19 15:43 . 2008-12-19 15:43 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-19 15:43 . 2008-12-22 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SolidWorks
2008-12-19 15:40 . 2008-12-19 15:40 <DIR> d-------- c:\program files\MSBuild
2008-12-19 15:37 . 2008-12-19 15:37 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-19 15:35 . 2008-12-19 15:35 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-19 15:35 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-19 15:33 . 2008-12-22 23:33 <DIR> d-------- C:\SolidWorks Data
2008-12-19 13:20 . 2008-12-19 13:20 <DIR> d-------- c:\program files\Peaksware
2008-12-19 13:20 . 2008-12-19 13:20 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\Peaksware
2008-12-17 19:50 . 2008-12-17 19:51 <DIR> d-------- c:\program files\Common Files\SolidWorks Installation Manager
2008-12-17 19:49 . 2008-12-19 15:33 <DIR> d-------- c:\windows\SolidWorks
2008-12-17 19:48 . 2009-01-12 15:30 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\IM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2009-01-04 06:15 --------- d-----w c:\documents and settings\outdoorguy\Application Data\.purple
2008-12-30 07:54 --------- d-----w c:\program files\KaleidaGraph 4.0
2008-12-28 23:35 --------- d-----w c:\program files\Java
2008-12-19 22:41 --------- d-----w c:\program files\MSECache
2008-12-11 18:39 --------- d-----w c:\program files\Viewpoint
2008-12-11 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 18:38 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-11 18:14 --------- d-----w c:\documents and settings\outdoorguy\Application Data\CursorArts
2008-12-11 18:12 --------- d-----w c:\program files\Unlocker
2008-12-07 23:32 --------- d-----w c:\program files\Audible
2008-12-06 08:08 --------- d--h--w c:\documents and settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-12-06 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-06 08:07 --------- d-----w c:\program files\Creative
2008-12-03 09:34 --------- d-----w c:\program files\Zone Five Software
2008-12-03 07:16 --------- d-----w c:\documents and settings\outdoorguy\Application Data\PhysFarm
2008-11-30 07:56 --------- d-----w c:\documents and settings\outdoorguy\Application Data\PerformancePredictorPlugin
2008-11-27 00:56 --------- d-----w c:\program files\MathType
2008-11-27 00:45 --------- d-----w c:\documents and settings\outdoorguy\Application Data\Design Science
2008-11-25 20:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-21 05:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 05:58 --------- d-----w c:\documents and settings\outdoorguy\Application Data\MathematicaPlayer
2008-11-21 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\MathematicaPlayer
2008-11-21 05:54 --------- d-----w c:\program files\Wolfram Research
2008-11-20 00:04 --------- d-----w c:\documents and settings\outdoorguy\Application Data\Image Zone Express
2008-11-12 00:46 --------- d-----w c:\documents and settings\outdoorguy\Application Data\QuosaDDM
2008-08-23 06:44 24,192 ------w c:\documents and settings\outdoorguy\usbsermptxp.sys
2008-08-23 06:44 22,768 ------w c:\documents and settings\outdoorguy\usbsermpt.sys
2006-05-06 16:42 7,260,160 ------w c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2008-08-02 30208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2005-05-14 187904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\outdoorguy\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 488728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-08-23 25214]
BounceBack Launcher.lnk - c:\program files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2008-08-18 98304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-23 805392]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe"
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica Player\\6.0\\MathematicaPlayer.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica Player\\6.0\\MathKernel.exe"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-05-14 3328]
R4 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-08-18 14976]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2005-06-02 10496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d538581-717e-11dd-bf35-000e35d6e57b}]
\Shell\AutoRun\command - G:\CD_Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-854245398-1004.job
- c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:14]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\outdoorguy\Application Data\Mozilla\Firefox\Profiles\9pt25wcj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 15:34:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\HPZipm12.exe
c:\docume~1\OUTDOO~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-01-12 15:38:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 22:37:32

Pre-Run: 9,281,351,680 bytes free
Post-Run: 9,211,887,616 bytes free

246 --- E O F --- 2008-12-20 10:00:47



Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:25 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\OUTDOO~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219599278292
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10200 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 12 January 2009 - 10:57 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Rootkit::
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSeyen.dll
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSaesi.dll
c:\windows\system32\TDSSurtp.dll
c:\windows\system32\TDSSjvkw.dll
c:\windows\system32\TDSSimyd.dat
c:\windows\system32\drivers\TDSSqyvo.sys

File::
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSeyen.dll
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSaesi.dll
c:\windows\system32\TDSSurtp.dll
c:\windows\system32\TDSSjvkw.dll
c:\windows\system32\TDSSimyd.dat
c:\windows\system32\drivers\TDSSqyvo.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 priz2086

priz2086
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 13 January 2009 - 02:38 AM

Did that. One interesting note is that this time it asked me if I wanted to install recovery console, it didnt do that last time.

ComboFix log:

ComboFix 09-01-11.04 - outdoorguy 2009-01-13 0:13:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1078 [GMT -7:00]
Running from: c:\documents and settings\outdoorguy\My Documents\Inernet downloads\ComboFix.exe
Command switches used :: c:\documents and settings\outdoorguy\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\TDSSqyvo.sys
c:\windows\system32\TDSSaesi.dll
c:\windows\system32\TDSSeyen.dll
c:\windows\system32\TDSSimyd.dat
c:\windows\system32\TDSSjvkw.dll
c:\windows\system32\TDSSqxjb.dll
c:\windows\system32\TDSSurtp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSqxjb.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-11 01:19 . 2009-01-11 01:19 205 --a------ c:\windows\wininit.ini
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SUPERAntiSpyware.com
2009-01-11 00:50 . 2009-01-11 00:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-11 00:49 . 2009-01-11 00:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-10 20:08 . 2009-01-10 20:08 <DIR> d-------- c:\documents and settings\outdoorguy\DoctorWeb
2009-01-10 19:23 . 2009-01-10 19:37 <DIR> d-------- C:\rsit
2009-01-10 18:22 . 2009-01-10 18:22 <DIR> d-------- C:\!KillBox
2009-01-10 17:49 . 2009-01-10 17:49 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-30 22:48 . 2008-12-30 22:48 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\gtk-2.0
2008-12-30 00:54 . 2004-03-29 15:23 90,112 --a------ c:\windows\unvise32.exe
2008-12-29 23:27 . 2002-08-26 16:04 53,248 --a------ c:\windows\system32\GraphLite2.ocx
2008-12-28 16:35 . 2008-12-28 16:35 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-24 23:27 . 2009-01-12 23:05 <DIR> d-------- C:\temp
2008-12-23 00:18 . 2008-12-23 00:18 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\DassaultSystemes
2008-12-23 00:18 . 2008-12-23 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\DassaultSystemes
2008-12-22 23:44 . 2008-12-22 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\COSMOS Applications
2008-12-22 23:22 . 2008-12-22 23:22 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SolidWorks 2008
2008-12-22 23:19 . 2009-01-12 23:01 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\SolidWorks
2008-12-20 23:29 . 2008-12-20 23:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 16:02 . 2008-12-19 16:02 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\DWGeditor
2008-12-19 16:00 . 2008-12-19 16:00 0 --a------ c:\windows\eDrawingOfficeAutomator.INI
2008-12-19 15:56 . 2008-12-19 15:56 23 --ah----- c:\windows\yacht.xws
2008-12-19 15:45 . 2008-12-19 16:03 <DIR> d-------- c:\program files\Common Files\SolidWorks Shared
2008-12-19 15:43 . 2008-12-19 16:02 <DIR> d-------- c:\program files\SolidWorks
2008-12-19 15:43 . 2008-12-19 16:00 <DIR> d-------- c:\program files\Common Files\eDrawings2008
2008-12-19 15:43 . 2008-12-19 15:43 <DIR> d-------- c:\program files\AGEIA Technologies
2008-12-19 15:43 . 2008-12-22 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SolidWorks
2008-12-19 15:40 . 2008-12-19 15:40 <DIR> d-------- c:\program files\MSBuild
2008-12-19 15:37 . 2008-12-19 15:37 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-19 15:35 . 2008-12-19 15:35 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-19 15:35 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-19 15:33 . 2008-12-22 23:33 <DIR> d-------- C:\SolidWorks Data
2008-12-19 13:20 . 2008-12-19 13:20 <DIR> d-------- c:\program files\Peaksware
2008-12-19 13:20 . 2008-12-19 13:20 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\Peaksware
2008-12-17 19:50 . 2008-12-17 19:51 <DIR> d-------- c:\program files\Common Files\SolidWorks Installation Manager
2008-12-17 19:49 . 2008-12-19 15:33 <DIR> d-------- c:\windows\SolidWorks
2008-12-17 19:48 . 2009-01-13 00:18 <DIR> d-------- c:\documents and settings\outdoorguy\Application Data\IM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2009-01-04 06:15 --------- d-----w c:\documents and settings\outdoorguy\Application Data\.purple
2008-12-30 07:54 --------- d-----w c:\program files\KaleidaGraph 4.0
2008-12-28 23:35 --------- d-----w c:\program files\Java
2008-12-19 22:41 --------- d-----w c:\program files\MSECache
2008-12-11 18:39 --------- d-----w c:\program files\Viewpoint
2008-12-11 18:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-11 18:38 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-11 18:14 --------- d-----w c:\documents and settings\outdoorguy\Application Data\CursorArts
2008-12-11 18:12 --------- d-----w c:\program files\Unlocker
2008-12-07 23:32 --------- d-----w c:\program files\Audible
2008-12-06 08:08 --------- d--h--w c:\documents and settings\All Users\Application Data\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2008-12-06 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-06 08:07 --------- d-----w c:\program files\Creative
2008-12-03 09:34 --------- d-----w c:\program files\Zone Five Software
2008-12-03 07:16 --------- d-----w c:\documents and settings\outdoorguy\Application Data\PhysFarm
2008-11-30 07:56 --------- d-----w c:\documents and settings\outdoorguy\Application Data\PerformancePredictorPlugin
2008-11-27 00:56 --------- d-----w c:\program files\MathType
2008-11-27 00:45 --------- d-----w c:\documents and settings\outdoorguy\Application Data\Design Science
2008-11-25 20:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-21 05:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 05:58 --------- d-----w c:\documents and settings\outdoorguy\Application Data\MathematicaPlayer
2008-11-21 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\MathematicaPlayer
2008-11-21 05:54 --------- d-----w c:\program files\Wolfram Research
2008-11-20 00:04 --------- d-----w c:\documents and settings\outdoorguy\Application Data\Image Zone Express
2008-08-23 06:44 24,192 ------w c:\documents and settings\outdoorguy\usbsermptxp.sys
2008-08-23 06:44 22,768 ------w c:\documents and settings\outdoorguy\usbsermpt.sys
2006-05-06 16:42 7,260,160 ------w c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_15.36.28.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-13 07:16:12 16,384 ----atw c:\windows\temp\Perflib_Perfdata_76c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 106904]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2008-08-02 30208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2005-05-14 187904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\outdoorguy\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 488728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-08-23 25214]
BounceBack Launcher.lnk - c:\program files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2008-08-18 98304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-23 805392]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe"
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica Player\\6.0\\MathematicaPlayer.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica Player\\6.0\\MathKernel.exe"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-05-14 3328]
R4 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-08-18 14976]
R4 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2005-06-02 10496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d538581-717e-11dd-bf35-000e35d6e57b}]
\Shell\AutoRun\command - G:\CD_Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-764733703-854245398-1004.job
- c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\outdoorguy\Application Data\Mozilla\Firefox\Profiles\9pt25wcj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\outdoorguy\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 00:21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\HPZipm12.exe
c:\docume~1\OUTDOO~1\LOCALS~1\temp\SolidWorksLicTemp.0001
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
.
**************************************************************************
.
Completion time: 2009-01-13 0:25:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 07:24:18
ComboFix2.txt 2009-01-12 22:38:54

Pre-Run: 9,201,324,032 bytes free
Post-Run: 9,207,451,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2008-12-20 10:00:47


Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:36 AM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\OUTDOO~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219599278292
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10460 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 13 January 2009 - 07:12 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 priz2086

priz2086
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 14 January 2009 - 11:25 AM

Here is that log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3763 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=f563274c7aa6e34e9a1dc6c50f5bbb75
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-14 11:49:13
# local_time=2009-01-14 04:49:13 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=991193
# found=0
# scan_time=19751

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 15 January 2009 - 01:15 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 priz2086

priz2086
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 15 January 2009 - 02:07 PM

Looks good, everything appears to be back to normal. Thank you very much. Like I said I felt like I had gotten most of it, but it was those few remainder pieces I needed help with. Thank you once again for your time and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users