Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run SpyBot, Hijackthis or Malwarebytes, SUPERAntiSpyware crashes on install, etc.


  • This topic is locked This topic is locked
2 replies to this topic

#1 mrfettucini

mrfettucini

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 17 June 2009 - 03:21 PM

Hi I definitely have a bunch of nasty trojans and/or viruses. They were redirecting all my web pages for a while but I found a tool called Exterminate It! and bought it and I think it got rid of Zlob, SpyDldr.J, CnsMin, some BHO's, and some .dll's that it identified as trojans. CWShredder also removed one thing, I'm not sure what. My browsers arent redirecting anymore but there are definitely some nasty things still on the computer.

I downloaded Webroot Antivirus, SpySweeper and CyberDefender and ran them and they each picked up a few things but before taking further action and removing things I wasn't sure about I thought I'd come over here and seek some help. Some other things my Avira AntiVir Professional picked up but I don't think cleaned are TR/Dropper.Gen and TR/Alureon.14848J. Panda found Trj/Agent.MIK. I also noticed Scansoft Shared in my startup items.

When I try to launch Spybot, Hijackthis or Malwarebyters they just shut down. But I was able to run DDS and the logs are below and attached.

Please help!!! This computer has my lifes work on it and, shame on me, I haven't backed up in a while.

Thank you,
Mike


DDS (Ver_09-05-14.01) - NTFSx86
Run by Michael Coletta at 16:11:31.75 on Wed 06/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.1368 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Windows Workstation *On-access scanning enabled* (Updated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {AD7DABF0-9B32-40CB-A6E8-0DE2A2367F51}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Workstation\sched.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Workstation\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Avira\AntiVir Workstation\avesvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Website Accelerator\wad2.exe
C:\Program Files\Website Accelerator\wad2ssl.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Workstation\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Compal\Smart Battery\SMBTray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Avira\AntiVir Workstation\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Evoluent\VMouse\EvoMouExec.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trillian Pro\trillian.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\end user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TrojanHunter 5.1\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\Microsoft Research\GroupBar\GroupBar.exe
C:\MGtools\analyse.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
c:\program files\avira\antivir workstation\avcenter.exe
c:\program files\avira\antivir workstation\avscan.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\end user\Desktop\av\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.rmtrack.com/rmtv6g1/Assignments/MyAssignments.asp
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: SOFTWARE - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A4CC8907-3EA6-49EE-8B74-D09660120910} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: InlineSearchHandleHotKeys Class: {b6ffe2ae-4d12-451f-b457-fe6125ffb1cf} - c:\program files\ieforge\inline search\InlineSearch.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F286500C-177A-4316-9E88-9814FBB1DC3D} - No File
TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [Google Update] "c:\documents and settings\end user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [<NO NAME>] "c:\program files\mozilla firefox\firefox.exe" http://www.symantec.com/techsupp/servlet/P...00006f.00000148
mRun: [TabletWizard] "c:\windows\help\SplshWrp.exe"
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ABLKSR] "c:\windows\ablksr\ABLKSR.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [KTPWare] "c:\program files\elantech\ktp.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [SMBTray] "c:\program files\compal\smart battery\SMBTray.exe"
mRun: [Logitech Utility] "Logi_MwX.Exe"
mRun: [avgnt] "c:\program files\avira\antivir workstation\avgnt.exe" /min
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\enduse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{d4fe08fd-c342-4a50-ae8b-3e9236dc20ed}\_3490A01862136E4A51872C.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegedit = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE\Microsoft
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE\Microsoft\Windows
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7}
IE: {1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7}\iexplore
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software\Microsoft
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software\Microsoft\Internet Explorer
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software\Microsoft\Internet Explorer\LowRegistry
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Internet Explorer
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Internet Explorer\LowRegistry
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Windows
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Windows\CurrentVersion
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Windows\CurrentVersion\Ext
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\iexplore
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE\Microsoft
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE\Microsoft\Windows
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\iexplore
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE\Microsoft
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE\Microsoft\Windows
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE\Microsoft
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE\Microsoft\Windows
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
IE: {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\iexplore\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {48FFE35F-36D9-44BD-A6CC-1D34414EAC0D}
IE: {48FFE35F-36D9-44BD-A6CC-1D34414EAC0D}\iexplore
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE\Microsoft
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE\Microsoft\Windows
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE\Microsoft\Windows\CurrentVersion
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
IE: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
IE: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\iexplore
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {5BB29DC6-4046-4aa1-B590-C29372456BA0} - {9A85FF39-28A4-4bf1-8290-DD075267FF35} - c:\windows\downloaded program files\conflict.8\ClickMap.dll
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77} - {E69657FF-19AC-4849-BF35-91243EEF1687} - c:\program files\iewatch\IEWatch.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - c:\progra~1\mozill~1\plugins\mywebex\419\mwmie.dll
DPF: bandInstaller - hxxps://sitecatalyst.omniture.com/p/l10n/1.0/en_US/apps/ClickMapInstaller_13_5.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/71706/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1192389204046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163567928218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B8C256C0-D47A-4EBD-A4D1-AD3C3C9EA5B0} - hxxp://www.rmtrack.com/rmtg3l7/CaptureCtl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - hxxp://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://meetings.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
AppInit_DLLs: i5u476j8n7.dll,c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\enduse~1\applic~1\mozilla\firefox\profiles\8weg8zcy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - component: c:\documents and settings\end user\application data\mozilla\firefox\profiles\8weg8zcy.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\end user\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - www.europeupclose.com www.aceproject.com new.halocarbon.com www.pr.com www.halocarbon.com www.steelsunrisemusic.com test.rome.com www.onlinetraveltutorials.com cheapeurope.com euc.semvantage.com www.mikectest.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-17 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-17 130424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 avgio;avgio;c:\program files\avira\antivir workstation\avgio.sys [2008-5-20 11608]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-6-17 717320]
R2 AntiVirScheduler;Avira AntiVir Professional Scheduler;c:\program files\avira\antivir workstation\sched.exe [2008-5-20 68865]
R2 AntiVirService;Avira AntiVir Professional Guard;c:\program files\avira\antivir workstation\avguard.exe [2008-5-20 151297]
R2 antivirwebservice;Avira AntiVir Professional WebGuard;c:\program files\avira\antivir workstation\avwebgrd.exe [2008-5-20 258305]
R2 AVEService;Avira AntiVir Professional MailGuard helper service;c:\program files\avira\antivir workstation\avesvc.exe [2008-5-20 41217]
R2 MSSQL$PROVIDUSSTD;MSSQL$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sprovidusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlservr.exe -sPROVIDUSSTD [?]
R2 VIGOSWA;VIGOS Website Accelerator;c:\program files\website accelerator\wad2.exe [2008-1-14 212992]
R2 VIGOSWASSL;VIGOS Website Accelerator (SSL);c:\program files\website accelerator\wad2ssl.exe [2008-1-14 458752]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-6-17 1205760]
R3 avgntflt;avgntflt;c:\program files\avira\antivir workstation\avgntflt.sys [2008-5-20 52056]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 evomouflt;Evoluent Mouse filter;c:\windows\system32\drivers\evomouflt.sys [2006-12-11 12288]
R3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [2009-6-17 22016]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2007-12-18 27776]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-3-14 9856]
S2 AntiVirMailService;Avira AntiVir Professional MailGuard;c:\program files\avira\antivir workstation\avmailc.exe [2008-5-20 164097]
S2 gupdate1c8c756edad94b0;Google Update Service (gupdate1c8c756edad94b0);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-3-6 106496]
S3 AVK Tuner Service;AVK Tuner Service;c:\program files\g data internetsecurity totalcare\avktuner\avktunerservice.exe --> c:\program files\g data internetsecurity totalcare\avktuner\AVKTunerService.exe [?]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-3-20 147456]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-6-17 67424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\Icdusb.sys [2008-10-28 26409]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-10-18 36352]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-17 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-17 1095560]
S3 SQLAgent$PROVIDUSSTD;SQLAgent$PROVIDUSSTD;c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.exe -i providusstd --> c:\program files\microsoft sql server\mssql$providusstd\binn\sqlagent.EXE -i PROVIDUSSTD [?]
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]

=============== Created Last 30 ================

2009-06-17 15:17 22,016 a------- c:\windows\system32\drivers\extit.sys
2009-06-17 13:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-17 13:45 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 13:30 <DIR> a-d----- c:\windows\system32\runouce.exe
2009-06-17 12:50 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-17 12:45 <DIR> --d----- c:\program files\TrojanHunter 5.1
2009-06-17 12:08 <DIR> --d----- C:\MGlogs
2009-06-17 11:50 227,098 a------- C:\MGlogs.zip
2009-06-17 11:50 <DIR> --d----- C:\MGtools
2009-06-17 11:34 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-17 11:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-17 11:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 11:16 1,342,377 a------- C:\MGtools.exe
2009-06-17 11:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-17 06:44 <DIR> --d----- c:\program files\MSSOAP
2009-06-17 06:43 1,563,008 a------- c:\windows\WRSetup.dll
2009-06-17 06:43 <DIR> --d----- c:\program files\Webroot
2009-06-17 06:43 <DIR> --d----- c:\docume~1\enduse~1\applic~1\Webroot
2009-06-17 06:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-06-17 06:07 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-06-17 06:07 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-06-17 06:07 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-06-17 06:07 75,264 a------- c:\windows\system32\unacev2.dll
2009-06-17 06:07 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-06-17 06:07 <DIR> --d----- c:\program files\Trojan Remover
2009-06-17 06:07 <DIR> --d----- c:\docume~1\enduse~1\applic~1\Simply Super Software
2009-06-17 06:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-06-17 05:05 <DIR> --d----- c:\program files\a-squared Free
2009-06-17 05:04 59 a------- c:\windows\av_affiliate.ini
2009-06-17 05:04 59 a------- c:\windows\as_affiliate.ini
2009-06-17 05:03 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-06-17 05:03 <DIR> --d----- c:\program files\CyberDefender
2009-06-17 05:01 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-06-17 04:30 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-17 04:29 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-17 04:29 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-17 04:29 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-17 04:29 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-17 04:29 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-17 04:29 <DIR> --d----- c:\docume~1\enduse~1\applic~1\PC Tools
2009-06-17 04:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-17 04:22 <DIR> --d----- c:\program files\Exterminate It!
2009-06-17 04:01 <DIR> --d----- C:\SDFix
2009-06-17 03:32 <DIR> --d----- c:\program files\Trend Micro
2009-06-17 01:30 <DIR> --d----- c:\program files\common files\InterVideo
2009-06-17 01:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterVideo
2009-06-17 01:30 210,456 a------- c:\windows\system32\IVIresizeW7.dll
2009-06-17 01:30 206,360 a------- c:\windows\system32\IVIresizeA6.dll
2009-06-17 01:30 198,168 a------- c:\windows\system32\IVIresizeP6.dll
2009-06-17 01:30 198,168 a------- c:\windows\system32\IVIresizeM6.dll
2009-06-17 01:30 194,072 a------- c:\windows\system32\IVIresizePX.dll
2009-06-17 01:30 26,136 a------- c:\windows\system32\IVIresize.dll
2009-06-17 01:29 <DIR> --d----- c:\program files\Windows Media Components
2009-06-17 01:29 <DIR> --d----- c:\program files\common files\Ulead Systems
2009-06-17 01:29 <DIR> --d----- c:\program files\Ulead Systems
2009-06-17 00:57 4 a------- c:\windows\system32\MSIVXcount
2009-06-17 00:51 <DIR> --d----- c:\docume~1\enduse~1\applic~1\MPEG Streamclip
2009-06-16 22:55 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-16 22:55 <DIR> --d----- c:\program files\MagicDisc
2009-06-16 18:46 <DIR> --d----- c:\program files\MagicISO
2009-06-12 14:57 754 a------- c:\windows\WORDPAD.INI
2009-06-04 15:17 <DIR> --d----- c:\program files\CardRecovery

==================== Find3M ====================

2009-06-17 11:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-17 11:06 22,528 a------- c:\windows\system32\drivers\nhcDriver.sys
2009-06-17 04:54 79,788 a---h--- c:\windows\system32\mlfcache.dat
2009-06-17 01:43 97,992 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-21 18:27 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 18:27 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 18:27 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 11:26 583,168 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 11:26 583,168 a------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 14:50 3,358,720 a------- c:\windows\system32\GPhotos.scr
2009-02-14 20:28 40 a------- c:\documents and settings\end user\language.dat
2008-08-22 14:25 60,744 a------- c:\documents and settings\end user\g2mdlhlpx.exe
2008-07-18 12:45 61,224 a------- c:\documents and settings\end user\GoToAssistDownloadHelper.exe
2008-04-29 23:47 2,040 a------- c:\documents and settings\end user\tmpFile.dat
2008-04-29 23:47 144 a------- c:\documents and settings\end user\Temperature.dat
2007-02-05 10:52 722,176 a------- c:\documents and settings\end user\gotomypc_428.exe
2006-11-21 12:03 563,712 a------- c:\documents and settings\end user\gotomypc_370.exe
2006-11-05 01:38 483,401 a------- c:\documents and settings\end user\gotomypc_314.exe
2008-05-20 16:46 23 a--sh--- c:\windows\system32\aeddaafccca0_g.dll

============= FINISH: 16:15:59.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:04 PM

Posted 23 June 2009 - 11:44 AM

Hello mrfettucini,

Posted Image

Sorry about the delay.:) If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Try renaming Hijackthis.exe to fettucini.exe if it won't run. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:04 PM

Posted 30 June 2009 - 05:31 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users