Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Trojans and Tracking Cookies


  • This topic is locked This topic is locked
47 replies to this topic

#1 T1000

T1000

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 19 June 2009 - 03:01 AM

Referred here from: http://www.bleepingcomputer.com/forums/t/233239/recurring-trojansand-tracking-cookies/ ~ OB

Everytime I had done a scan with Mbam or Sas or Spyware detector I was finding new trojans or cookies recently scans haven't found anything but i still think there is something here as I still get tracking cookies. Thank You for any help you can provide Thanks

Also I had a rogue Anti-Virus it was called Adware Professional 5.0 it was downloading most of these Trojans Stay away from this scanner it is a Trojan Downloader !!!!!!
There is a legitimate adware Professional so be careful.



DDS (Ver_09-05-14.01) - NTFSx86
Run by John at 3:13:07.86 on Fri 06/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1214 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uLocal Page = \blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SansaDispatch] "c:\users\john\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [NapsterShell] "c:\program files\napster\napster.exe" /systray
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SDActiveMonitor] "c:\program files\spywaredetector\SDActiveMonitor.exe" -AUTO
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: SDNotify - c:\program files\spywaredetector\SDNotify.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R1 SDManager;SDManager;c:\program files\spywaredetector\SDManager.sys [2009-6-10 13696]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-13 210216]
R2 SDMainSvc;SDMainSvc;c:\program files\spywaredetector\SDMainService.exe [2009-6-10 923088]
R2 SDService;SDService;c:\program files\spywaredetector\SDService.exe [2009-6-10 1720192]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SDActMon;SDActMon;c:\program files\spywaredetector\SDActMon.sys [2009-6-10 21888]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-18 12:01 --d----- c:\programdata\RegCure
2009-06-18 12:01 --d----- c:\progra~2\RegCure
2009-06-15 00:30 --d----- c:\users\john\DoctorWeb
2009-06-14 04:35 --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-14 04:35 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-14 04:34 --d----- c:\program files\SUPERAntiSpyware
2009-06-13 11:44 --d----- C:\Boot
2009-06-13 07:50 --dsh--- C:\$RECYCLE.BIN
2009-06-13 06:21 55 a------- C:\$DRVLTR$
2009-06-13 06:18 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-06-13 06:17 333,203 a--shr-- C:\bootmgr
2009-06-13 05:32 2 a--shr-- C:\$drvmig$
2009-06-13 05:24 --d----- C:\$UPGRADE.~OS
2009-06-13 05:08 1,887 a------- c:\windows\diagwrn.xml
2009-06-13 05:08 1,887 a------- c:\windows\diagerr.xml
2009-06-13 02:45 --d----- c:\programdata\SiteAdvisor
2009-06-12 03:16 170,220 a------- c:\windows\hpqins00.dat.temp
2009-06-11 19:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 19:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 19:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 08:57 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG2
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG1
2009-06-11 04:54 --d----- c:\program files\MSSOAP
2009-06-11 04:54 --d----- c:\program files\common files\MSSoap
2009-06-11 04:54 164 a------- c:\windows\install.dat
2009-06-10 13:32 13,776 a------- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 13:02 110 a------- c:\windows\system32\SDEarlyDelete.ini
2009-06-10 13:02 104 a------- c:\windows\system32\ProxySettings.ini
2009-06-10 13:02 1,060,864 a------- c:\windows\system32\CheckDll.dll
2009-06-10 13:02 --d----- c:\program files\SpywareDetector
2009-06-10 05:34 123 a------- c:\windows\system\SysSD.dll
2009-06-10 00:12 --d----- c:\programdata\Yahoo!
2009-06-10 00:10 --d-h--- c:\windows\msdownld.tmp
2009-06-08 08:47 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-08 08:47 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-06-08 08:47 15,360 a------- c:\windows\system32\pacerprf.dll
2009-06-08 08:47 147,456 a------- c:\windows\system32\Faultrep.dll
2009-06-08 08:47 125,952 a------- c:\windows\system32\wersvc.dll
2009-06-08 08:47 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-08 08:47 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-06-08 08:47 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-08 08:47 45,056 a------- c:\windows\system32\dataclen.dll
2009-06-08 08:47 36,864 a------- c:\windows\system32\cdd.dll
2009-06-08 08:46 430,080 a------- c:\windows\system32\vbscript.dll
2009-06-08 08:46 180,224 a------- c:\windows\system32\scrobj.dll
2009-06-08 08:46 172,032 a------- c:\windows\system32\scrrun.dll
2009-06-08 08:46 155,648 a------- c:\windows\system32\wscript.exe
2009-06-08 08:46 135,168 a------- c:\windows\system32\wshom.ocx
2009-06-08 08:46 135,168 a------- c:\windows\system32\cscript.exe
2009-06-08 08:46 90,112 a------- c:\windows\system32\wshext.dll
2009-06-08 06:59 401,408 a------- c:\windows\system32\drivers\http.sys
2009-06-08 06:57 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
2009-06-08 06:07 177,970,225 a------- c:\windows\MEMORY.DMP
2009-06-08 06:00 --d----- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-06-08 05:42 a-d----- c:\programdata\TEMP
2009-06-08 05:41 506,368 a------- c:\windows\system32\msxml.dll
2009-06-07 06:09 --d----- c:\program files\VideoLAN
2009-06-07 06:02 --d----- c:\users\john\appdata\roaming\CD-DVDBurner
2009-06-07 05:52 150,016 a------- c:\windows\system32\unzip32.dll
2009-06-07 05:32 --d----- c:\programdata\Azureus
2009-06-07 05:32 --d----- c:\progra~2\Azureus
2009-06-07 05:32 --d----- c:\users\john\appdata\roaming\Azureus
2009-06-07 05:10 --d----- c:\users\john\appdata\roaming\FrostWire
2009-06-06 02:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-05 03:27 --d----- c:\program files\eBay Auction Sniper and Auto Search
2009-06-05 02:45 --d----- c:\programdata\HP Product Assistant
2009-06-03 02:47 --d----- c:\users\john\appdata\roaming\Printer Info Cache
2009-06-03 02:17 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-01 13:02 148,928 a------- c:\windows\hpoins19.dat
2009-06-01 13:02 26,952 a------- c:\windows\hpomdl19.dat
2009-06-01 04:55 1,904 a------- c:\windows\system32\SetupBD.din
2009-06-01 04:48 --d----- C:\Medion
2009-06-01 04:29 --d----- c:\program files\common files\Wise Installation Wizard
2009-06-01 04:22 --d----- C:\NVIDIA
2009-06-01 03:56 --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-01 03:56 --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-01 03:56 --d----- c:\program files\PC Drivers HeadQuarters
2009-06-01 00:55 --d----- c:\users\john\appdata\roaming\Malwarebytes
2009-06-01 00:54 --d----- c:\programdata\Malwarebytes
2009-06-01 00:54 --d----- c:\progra~2\Malwarebytes
2009-05-30 03:13 --d----- c:\users\john\appdata\roaming\SanDisk
2009-05-29 05:21 115,920 a------- c:\windows\system32\Msinet.ocx
2009-05-29 04:25 --d----- c:\program files\common files\PX Storage Engine
2009-05-29 04:25 --d----- c:\program files\common files\Napster Shared
2009-05-29 04:25 --d----- c:\programdata\Napster
2009-05-29 04:25 --d----- c:\progra~2\Napster
2009-05-29 04:25 --d----- c:\program files\Napster
2009-05-29 02:42 19,498 a------- c:\windows\hpqins13.dat
2009-05-29 02:27 130,896 a------- c:\windows\hpiins06.dat
2009-05-29 02:27 0 a------- c:\windows\hpimdl06.dat
2009-05-29 02:01 116,842 a------- c:\windows\hpqins00.dat
2009-05-29 01:57 --d----- c:\programdata\WEBREG
2009-05-29 01:57 --d----- c:\progra~2\WEBREG
2009-05-29 01:51 --d----- c:\programdata\HPSSUPPLY
2009-05-29 01:48 --d----- c:\program files\common files\Hewlett-Packard
2009-05-29 01:47 --d----- c:\program files\common files\HP
2009-05-29 01:42 258,048 a------- c:\windows\system32\hpzids01.dll
2009-05-29 01:42 675,840 a------- c:\windows\system32\hpowiav1.dll
2009-05-29 01:42 573,440 a------- c:\windows\system32\hpotscl1.dll
2009-05-29 01:42 303,104 a------- c:\windows\system32\hpovst01.dll
2009-05-29 01:30 --d----- c:\programdata\HP
2009-05-29 00:08 --d----- c:\program files\Adware Professional
2009-05-28 22:34 --d----- c:\programdata\Google
2009-05-28 17:00 269,312 a------- c:\windows\system32\es.dll
2009-05-28 15:18 --d----- c:\programdata\Yahoo! Companion
2009-05-28 15:04 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-28 15:04 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-28 15:04 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-28 15:04 11,264 a------- c:\windows\system32\icardres.dll
2009-05-28 15:03 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 15:03 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-28 15:03 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-28 15:03 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-28 14:41 --d----- c:\programdata\NVIDIA
2009-05-28 03:47 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-28 03:47 272,896 a------- c:\windows\system32\polstore.dll
2009-05-28 03:47 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-28 03:47 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-28 03:45 1,820 a------- c:\windows\system32\rasctrnm.h
2009-05-28 03:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-28 03:44 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-28 03:44 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-28 03:43 252,544 a------- c:\windows\system32\PROUnstl.exe
2009-05-28 03:41 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-05-28 03:33 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-28 03:31 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-28 03:29 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-28 03:27 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-28 03:27 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-28 03:25 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-28 03:25 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-28 03:25 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-28 03:24 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-28 03:23 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-28 03:23 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-28 03:17 2,048 a------- c:\windows\system32\tzres.dll
2009-05-28 03:15 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-05-28 03:15 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-05-28 03:14 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-28 03:14 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-28 03:14 4,096 a------- c:\windows\system32\msdxm.ocx
2009-05-28 03:14 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-28 03:06 2,927,104 a------- c:\windows\explorer.exe
2009-05-28 03:03 15,872 a------- c:\windows\system32\hcrstco.dll
2009-05-28 03:03 8,704 a------- c:\windows\system32\hccoin.dll
2009-05-28 02:58 4,875,776 a------- c:\windows\system32\NlsData0009.dll
2009-05-28 02:54 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-28 02:54 988,216 a------- c:\windows\system32\winload.exe
2009-05-28 02:54 927,288 a------- c:\windows\system32\winresume.exe
2009-05-28 02:54 378,368 a------- c:\windows\system32\srcore.dll
2009-05-28 02:54 318,464 a------- c:\windows\system32\rstrui.exe
2009-05-28 02:54 40,960 a------- c:\windows\system32\srclient.dll
2009-05-28 02:54 19,000 a------- c:\windows\system32\kd1394.dll
2009-05-28 02:54 14,848 a------- c:\windows\system32\srdelayed.exe
2009-05-28 02:54 615,992 a------- c:\windows\system32\ci.dll
2009-05-28 02:54 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-05-28 02:48 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-28 02:48 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-28 02:48 72,704 a------- c:\windows\system32\secur32.dll
2009-05-28 02:48 9,728 a------- c:\windows\system32\lsass.exe
2009-05-28 02:48 24,064 a------- c:\windows\system32\amxread.dll
2009-05-28 02:48 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-28 02:48 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-05-28 02:46 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-28 02:46 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-28 02:46 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-28 02:43 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-28 02:43 37,888 a------- c:\windows\system32\printcom.dll
2009-05-28 02:43 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-28 02:43 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-28 02:40 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-28 02:38 268,288 a------- c:\windows\system32\schannel.dll
2009-05-28 02:25 262,144 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-28 02:25 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-28 02:25 22,151,168 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-28 02:22 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-28 02:22 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-28 02:22 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-28 02:22 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-28 02:22 83,968 a------- c:\windows\system32\mscories.dll
2009-05-28 02:05 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-28 02:05 98,816 a------- c:\windows\system32\mfps.dll
2009-05-28 02:05 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-28 02:05 94,720 a------- c:\windows\system32\logagent.exe
2009-05-28 02:05 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-28 02:05 2,048 a------- c:\windows\system32\mferror.dll
2009-05-28 02:05 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-28 02:03 64,048 a------- c:\programdata\nvModes.dat
2009-05-28 02:03 64,048 a------- c:\progra~2\nvModes.dat
2009-05-28 02:00 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-28 02:00 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-28 02:00 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-28 01:57 --d----- C:\QUARANTINE
2009-05-28 01:54 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-28 01:47 --d----- c:\program files\MSXML 4.0
2009-05-28 01:46 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-28 01:46 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-28 01:45 72,704 a------- c:\windows\system32\admparse.dll
2009-05-28 01:45 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-28 01:08 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-05-28 01:08 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-05-28 01:08 --d----- c:\programdata\McAfee
2009-05-28 01:08 --d----- c:\program files\common files\Cisco Systems
2009-05-28 01:07 72,680 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-28 01:07 64,168 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-28 01:07 33,960 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-28 01:07 171,272 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-28 01:07 51,944 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-28 01:07 --d----- c:\program files\McAfee
2009-05-28 01:07 --d----- c:\program files\common files\McAfee
2009-05-28 01:07 1,755 a------- c:\windows\mvs0854w.mif
2009-05-28 01:07 --d----- c:\program files\Compapps
2009-05-28 01:07 --d----- c:\program files\selfheal
2009-05-28 00:35 7,235 a------- c:\windows\system32\hpasset.xml
2009-05-28 00:29 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9000 (RP247UA#ABA)_Y5335KV_0U_QCNF7051GG5_E436463-003_4A_I30BD_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2046_J100_7Intel_86F6_91.67_#090528_N8086109A;80864222_(RP247UA#ABA)_XMOBILE_CN10_Z.MRK
2009-05-28 00:28 44 a------- c:\windows\system\hpsysdrv.dat
2009-05-28 00:15 81 a------- c:\windows\system32\LOG
2009-05-28 00:14 --d----- c:\users\John
2009-05-28 00:11 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-28 00:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-28 00:10 --dsh--- c:\programdata\Documents
2009-05-28 00:10 --dsh--- C:\Documents and Settings
2009-05-28 00:09 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-28 00:09 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-08 08:27 174 a--sh--- c:\program files\desktop.ini
2009-06-08 08:22 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 08:22 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 08:22 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 08:11 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-08 07:35 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-08 07:35 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-28 03:25 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-28 03:25 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-28 03:25 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-28 03:25 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-28 03:25 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-28 03:25 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-28 02:58 3,104,768 a------- c:\windows\system32\NlsData004a.dll
2009-05-28 02:52 551,424 a------- c:\windows\system32\rpcss.dll
2009-05-28 02:48 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-30 08:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:14:18.08 ===============



DDS (Ver_09-05-14.01) - NTFSx86
Run by John at 3:13:07.86 on Fri 06/19/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1214 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uLocal Page = \blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SansaDispatch] "c:\users\john\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [NapsterShell] "c:\program files\napster\napster.exe" /systray
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SDActiveMonitor] "c:\program files\spywaredetector\SDActiveMonitor.exe" -AUTO
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: SDNotify - c:\program files\spywaredetector\SDNotify.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R1 SDManager;SDManager;c:\program files\spywaredetector\SDManager.sys [2009-6-10 13696]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-13 210216]
R2 SDMainSvc;SDMainSvc;c:\program files\spywaredetector\SDMainService.exe [2009-6-10 923088]
R2 SDService;SDService;c:\program files\spywaredetector\SDService.exe [2009-6-10 1720192]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SDActMon;SDActMon;c:\program files\spywaredetector\SDActMon.sys [2009-6-10 21888]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-18 12:01 --d----- c:\programdata\RegCure
2009-06-18 12:01 --d----- c:\progra~2\RegCure
2009-06-15 00:30 --d----- c:\users\john\DoctorWeb
2009-06-14 04:35 --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-14 04:35 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-14 04:34 --d----- c:\program files\SUPERAntiSpyware
2009-06-13 11:44 --d----- C:\Boot
2009-06-13 07:50 --dsh--- C:\$RECYCLE.BIN
2009-06-13 06:21 55 a------- C:\$DRVLTR$
2009-06-13 06:18 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-06-13 06:17 333,203 a--shr-- C:\bootmgr
2009-06-13 05:32 2 a--shr-- C:\$drvmig$
2009-06-13 05:24 --d----- C:\$UPGRADE.~OS
2009-06-13 05:08 1,887 a------- c:\windows\diagwrn.xml
2009-06-13 05:08 1,887 a------- c:\windows\diagerr.xml
2009-06-13 02:45 --d----- c:\programdata\SiteAdvisor
2009-06-12 03:16 170,220 a------- c:\windows\hpqins00.dat.temp
2009-06-11 19:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 19:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 19:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 08:57 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG2
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG1
2009-06-11 04:54 --d----- c:\program files\MSSOAP
2009-06-11 04:54 --d----- c:\program files\common files\MSSoap
2009-06-11 04:54 164 a------- c:\windows\install.dat
2009-06-10 13:32 13,776 a------- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 13:02 110 a------- c:\windows\system32\SDEarlyDelete.ini
2009-06-10 13:02 104 a------- c:\windows\system32\ProxySettings.ini
2009-06-10 13:02 1,060,864 a------- c:\windows\system32\CheckDll.dll
2009-06-10 13:02 --d----- c:\program files\SpywareDetector
2009-06-10 05:34 123 a------- c:\windows\system\SysSD.dll
2009-06-10 00:12 --d----- c:\programdata\Yahoo!
2009-06-10 00:10 --d-h--- c:\windows\msdownld.tmp
2009-06-08 08:47 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-08 08:47 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-06-08 08:47 15,360 a------- c:\windows\system32\pacerprf.dll
2009-06-08 08:47 147,456 a------- c:\windows\system32\Faultrep.dll
2009-06-08 08:47 125,952 a------- c:\windows\system32\wersvc.dll
2009-06-08 08:47 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-08 08:47 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-06-08 08:47 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-08 08:47 45,056 a------- c:\windows\system32\dataclen.dll
2009-06-08 08:47 36,864 a------- c:\windows\system32\cdd.dll
2009-06-08 08:46 430,080 a------- c:\windows\system32\vbscript.dll
2009-06-08 08:46 180,224 a------- c:\windows\system32\scrobj.dll
2009-06-08 08:46 172,032 a------- c:\windows\system32\scrrun.dll
2009-06-08 08:46 155,648 a------- c:\windows\system32\wscript.exe
2009-06-08 08:46 135,168 a------- c:\windows\system32\wshom.ocx
2009-06-08 08:46 135,168 a------- c:\windows\system32\cscript.exe
2009-06-08 08:46 90,112 a------- c:\windows\system32\wshext.dll
2009-06-08 06:59 401,408 a------- c:\windows\system32\drivers\http.sys
2009-06-08 06:57 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
2009-06-08 06:07 177,970,225 a------- c:\windows\MEMORY.DMP
2009-06-08 06:00 --d----- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-06-08 05:42 a-d----- c:\programdata\TEMP
2009-06-08 05:41 506,368 a------- c:\windows\system32\msxml.dll
2009-06-07 06:09 --d----- c:\program files\VideoLAN
2009-06-07 06:02 --d----- c:\users\john\appdata\roaming\CD-DVDBurner
2009-06-07 05:52 150,016 a------- c:\windows\system32\unzip32.dll
2009-06-07 05:32 --d----- c:\programdata\Azureus
2009-06-07 05:32 --d----- c:\progra~2\Azureus
2009-06-07 05:32 --d----- c:\users\john\appdata\roaming\Azureus
2009-06-07 05:10 --d----- c:\users\john\appdata\roaming\FrostWire
2009-06-06 02:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-05 03:27 --d----- c:\program files\eBay Auction Sniper and Auto Search
2009-06-05 02:45 --d----- c:\programdata\HP Product Assistant
2009-06-03 02:47 --d----- c:\users\john\appdata\roaming\Printer Info Cache
2009-06-03 02:17 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-01 13:02 148,928 a------- c:\windows\hpoins19.dat
2009-06-01 13:02 26,952 a------- c:\windows\hpomdl19.dat
2009-06-01 04:55 1,904 a------- c:\windows\system32\SetupBD.din
2009-06-01 04:48 --d----- C:\Medion
2009-06-01 04:29 --d----- c:\program files\common files\Wise Installation Wizard
2009-06-01 04:22 --d----- C:\NVIDIA
2009-06-01 03:56 --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-01 03:56 --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-01 03:56 --d----- c:\program files\PC Drivers HeadQuarters
2009-06-01 00:55 --d----- c:\users\john\appdata\roaming\Malwarebytes
2009-06-01 00:54 --d----- c:\programdata\Malwarebytes
2009-06-01 00:54 --d----- c:\progra~2\Malwarebytes
2009-05-30 03:13 --d----- c:\users\john\appdata\roaming\SanDisk
2009-05-29 05:21 115,920 a------- c:\windows\system32\Msinet.ocx
2009-05-29 04:25 --d----- c:\program files\common files\PX Storage Engine
2009-05-29 04:25 --d----- c:\program files\common files\Napster Shared
2009-05-29 04:25 --d----- c:\programdata\Napster
2009-05-29 04:25 --d----- c:\progra~2\Napster
2009-05-29 04:25 --d----- c:\program files\Napster
2009-05-29 02:42 19,498 a------- c:\windows\hpqins13.dat
2009-05-29 02:27 130,896 a------- c:\windows\hpiins06.dat
2009-05-29 02:27 0 a------- c:\windows\hpimdl06.dat
2009-05-29 02:01 116,842 a------- c:\windows\hpqins00.dat
2009-05-29 01:57 --d----- c:\programdata\WEBREG
2009-05-29 01:57 --d----- c:\progra~2\WEBREG
2009-05-29 01:51 --d----- c:\programdata\HPSSUPPLY
2009-05-29 01:48 --d----- c:\program files\common files\Hewlett-Packard
2009-05-29 01:47 --d----- c:\program files\common files\HP
2009-05-29 01:42 258,048 a------- c:\windows\system32\hpzids01.dll
2009-05-29 01:42 675,840 a------- c:\windows\system32\hpowiav1.dll
2009-05-29 01:42 573,440 a------- c:\windows\system32\hpotscl1.dll
2009-05-29 01:42 303,104 a------- c:\windows\system32\hpovst01.dll
2009-05-29 01:30 --d----- c:\programdata\HP
2009-05-29 00:08 --d----- c:\program files\Adware Professional
2009-05-28 22:34 --d----- c:\programdata\Google
2009-05-28 17:00 269,312 a------- c:\windows\system32\es.dll
2009-05-28 15:18 --d----- c:\programdata\Yahoo! Companion
2009-05-28 15:04 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-28 15:04 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-28 15:04 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-28 15:04 11,264 a------- c:\windows\system32\icardres.dll
2009-05-28 15:03 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 15:03 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-28 15:03 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-28 15:03 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-28 14:41 --d----- c:\programdata\NVIDIA
2009-05-28 03:47 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-28 03:47 272,896 a------- c:\windows\system32\polstore.dll
2009-05-28 03:47 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-28 03:47 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-28 03:45 1,820 a------- c:\windows\system32\rasctrnm.h
2009-05-28 03:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-28 03:44 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-28 03:44 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-28 03:43 252,544 a------- c:\windows\system32\PROUnstl.exe
2009-05-28 03:41 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-05-28 03:33 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-28 03:31 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-28 03:29 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-28 03:27 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-28 03:27 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-28 03:25 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-28 03:25 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-28 03:25 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-28 03:24 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-28 03:23 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-28 03:23 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-28 03:17 2,048 a------- c:\windows\system32\tzres.dll
2009-05-28 03:15 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-05-28 03:15 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-05-28 03:14 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-28 03:14 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-28 03:14 4,096 a------- c:\windows\system32\msdxm.ocx
2009-05-28 03:14 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-28 03:06 2,927,104 a------- c:\windows\explorer.exe
2009-05-28 03:03 15,872 a------- c:\windows\system32\hcrstco.dll
2009-05-28 03:03 8,704 a------- c:\windows\system32\hccoin.dll
2009-05-28 02:58 4,875,776 a------- c:\windows\system32\NlsData0009.dll
2009-05-28 02:54 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-28 02:54 988,216 a------- c:\windows\system32\winload.exe
2009-05-28 02:54 927,288 a------- c:\windows\system32\winresume.exe
2009-05-28 02:54 378,368 a------- c:\windows\system32\srcore.dll
2009-05-28 02:54 318,464 a------- c:\windows\system32\rstrui.exe
2009-05-28 02:54 40,960 a------- c:\windows\system32\srclient.dll
2009-05-28 02:54 19,000 a------- c:\windows\system32\kd1394.dll
2009-05-28 02:54 14,848 a------- c:\windows\system32\srdelayed.exe
2009-05-28 02:54 615,992 a------- c:\windows\system32\ci.dll
2009-05-28 02:54 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-05-28 02:48 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-28 02:48 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-28 02:48 72,704 a------- c:\windows\system32\secur32.dll
2009-05-28 02:48 9,728 a------- c:\windows\system32\lsass.exe
2009-05-28 02:48 24,064 a------- c:\windows\system32\amxread.dll
2009-05-28 02:48 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-28 02:48 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-05-28 02:46 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-28 02:46 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-28 02:46 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-28 02:43 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-28 02:43 37,888 a------- c:\windows\system32\printcom.dll
2009-05-28 02:43 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-28 02:43 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-28 02:40 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-28 02:38 268,288 a------- c:\windows\system32\schannel.dll
2009-05-28 02:25 262,144 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-28 02:25 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-28 02:25 22,151,168 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-28 02:22 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-28 02:22 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-28 02:22 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-28 02:22 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-28 02:22 83,968 a------- c:\windows\system32\mscories.dll
2009-05-28 02:05 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-28 02:05 98,816 a------- c:\windows\system32\mfps.dll
2009-05-28 02:05 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-28 02:05 94,720 a------- c:\windows\system32\logagent.exe
2009-05-28 02:05 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-28 02:05 2,048 a------- c:\windows\system32\mferror.dll
2009-05-28 02:05 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-28 02:03 64,048 a------- c:\programdata\nvModes.dat
2009-05-28 02:03 64,048 a------- c:\progra~2\nvModes.dat
2009-05-28 02:00 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-28 02:00 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-28 02:00 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-28 01:57 --d----- C:\QUARANTINE
2009-05-28 01:54 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-28 01:47 --d----- c:\program files\MSXML 4.0
2009-05-28 01:46 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-28 01:46 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-28 01:45 72,704 a------- c:\windows\system32\admparse.dll
2009-05-28 01:45 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-28 01:08 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-05-28 01:08 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-05-28 01:08 --d----- c:\programdata\McAfee
2009-05-28 01:08 --d----- c:\program files\common files\Cisco Systems
2009-05-28 01:07 72,680 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-28 01:07 64,168 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-28 01:07 33,960 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-28 01:07 171,272 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-28 01:07 51,944 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-28 01:07 --d----- c:\program files\McAfee
2009-05-28 01:07 --d----- c:\program files\common files\McAfee
2009-05-28 01:07 1,755 a------- c:\windows\mvs0854w.mif
2009-05-28 01:07 --d----- c:\program files\Compapps
2009-05-28 01:07 --d----- c:\program files\selfheal
2009-05-28 00:35 7,235 a------- c:\windows\system32\hpasset.xml
2009-05-28 00:29 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9000 (RP247UA#ABA)_Y5335KV_0U_QCNF7051GG5_E436463-003_4A_I30BD_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2046_J100_7Intel_86F6_91.67_#090528_N8086109A;80864222_(RP247UA#ABA)_XMOBILE_CN10_Z.MRK
2009-05-28 00:28 44 a------- c:\windows\system\hpsysdrv.dat
2009-05-28 00:15 81 a------- c:\windows\system32\LOG
2009-05-28 00:14 --d----- c:\users\John
2009-05-28 00:11 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-28 00:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-28 00:10 --dsh--- c:\programdata\Documents
2009-05-28 00:10 --dsh--- C:\Documents and Settings
2009-05-28 00:09 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-28 00:09 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-08 08:27 174 a--sh--- c:\program files\desktop.ini
2009-06-08 08:22 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 08:22 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 08:22 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 08:11 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-08 07:35 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-08 07:35 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-28 03:25 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-28 03:25 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-28 03:25 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-28 03:25 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-28 03:25 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-28 03:25 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-28 02:58 3,104,768 a------- c:\windows\system32\NlsData004a.dll
2009-05-28 02:52 551,424 a------- c:\windows\system32\rpcss.dll
2009-05-28 02:48 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-30 08:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:14:18.08 ===============

I'm not sure if I did this correctly as I need step by step Instructions Please I'm new to computers Thank You

Edited by Orange Blossom, 19 June 2009 - 10:21 PM.

1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:58 AM

Posted 24 June 2009 - 08:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 24 June 2009 - 11:41 PM

Hello since I posted the HJT log I have found more Trojans with Spyware scanners the newest were: Trojan.Monder , Passwords.pro, And the trojans that were associated with the Rogue Scanner Adware Professional 5.0 were Trojan.Fakealert.4386 ,Trojan.NtRootkit.103 , and a couple others that I forgot to write down before quaranting. It all started with win32/renos.dz,and then win32/alreoun, dropper.vb,trojan.tdss I have no idea where they are all coming from as I think there is still a trojan.downloader still here but recent scans have been clean I've been trying to plug security holes with downloading patches for all insecure programs from Secunia Personal Software Inspector.My HJT team member please be Familiar with Vista as I have never seen XP or any other OS. I'm a NEWBIE,NEWBIE,OR NOOB, so please be very specific as to your instructions please don't assume I know what your talking about the only thing I can really do well on a computer is email. I really appreciate any help you can give me Thank You


DDS (Ver_09-05-14.01) - NTFSx86
Run by John at 0:00:48.66 on Thu 06/25/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1141 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\John\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com
uLocal Page = \blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SansaDispatch] "c:\users\john\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [NapsterShell] "c:\program files\napster\napster.exe" /systray
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SDActiveMonitor] "c:\program files\spywaredetector\SDActiveMonitor.exe" -AUTO
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: SDNotify - c:\program files\spywaredetector\SDNotify.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R1 SDManager;SDManager;c:\program files\spywaredetector\SDManager.sys [2009-6-10 13696]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-13 210216]
R2 SDMainSvc;SDMainSvc;c:\program files\spywaredetector\SDMainService.exe [2009-6-10 923088]
R2 SDService;SDService;c:\program files\spywaredetector\SDService.exe [2009-6-10 1720192]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SDActMon;SDActMon;c:\program files\spywaredetector\SDActMon.sys [2009-6-10 21888]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-24 14:32 <DIR> --d----- c:\program files\Secunia
2009-06-24 02:25 <DIR> --d----- c:\program files\SpywareBlaster(73)
2009-06-21 20:06 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-06-21 20:06 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-18 12:01 <DIR> --d----- c:\programdata\RegCure
2009-06-18 12:01 <DIR> --d----- c:\progra~2\RegCure
2009-06-17 08:20 12,648 a------- c:\windows\system32\drivers\psi_mf.sys
2009-06-15 00:30 <DIR> --d----- c:\users\john\DoctorWeb
2009-06-14 04:35 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-14 04:35 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-14 04:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-13 11:44 <DIR> --d----- C:\Boot
2009-06-13 07:50 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-13 06:21 55 a------- C:\$DRVLTR$
2009-06-13 06:18 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-06-13 06:17 333,203 a--shr-- C:\bootmgr
2009-06-13 05:32 2 a--shr-- C:\$drvmig$
2009-06-13 05:24 <DIR> --d----- C:\$UPGRADE.~OS
2009-06-13 05:08 1,887 a------- c:\windows\diagwrn.xml
2009-06-13 05:08 1,887 a------- c:\windows\diagerr.xml
2009-06-13 02:45 <DIR> --d----- c:\programdata\SiteAdvisor
2009-06-12 03:16 170,220 a------- c:\windows\hpqins00.dat.temp
2009-06-11 19:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 19:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 19:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 08:57 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG2
2009-06-11 06:01 0 a---h--- C:\ProgramData.LOG1
2009-06-11 04:54 <DIR> --d----- c:\program files\MSSOAP
2009-06-11 04:54 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-11 04:54 164 a------- c:\windows\install.dat
2009-06-10 13:32 13,776 a------- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 13:02 110 a------- c:\windows\system32\SDEarlyDelete.ini
2009-06-10 13:02 104 a------- c:\windows\system32\ProxySettings.ini
2009-06-10 13:02 1,060,864 a------- c:\windows\system32\CheckDll.dll
2009-06-10 13:02 <DIR> --d----- c:\program files\SpywareDetector
2009-06-10 05:34 123 a------- c:\windows\system\SysSD.dll
2009-06-10 00:12 <DIR> --d----- c:\programdata\Yahoo!
2009-06-10 00:10 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-08 08:47 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-08 08:47 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-06-08 08:47 15,360 a------- c:\windows\system32\pacerprf.dll
2009-06-08 08:47 147,456 a------- c:\windows\system32\Faultrep.dll
2009-06-08 08:47 125,952 a------- c:\windows\system32\wersvc.dll
2009-06-08 08:47 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-08 08:47 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-06-08 08:47 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-08 08:47 45,056 a------- c:\windows\system32\dataclen.dll
2009-06-08 08:47 36,864 a------- c:\windows\system32\cdd.dll
2009-06-08 08:46 430,080 a------- c:\windows\system32\vbscript.dll
2009-06-08 08:46 180,224 a------- c:\windows\system32\scrobj.dll
2009-06-08 08:46 172,032 a------- c:\windows\system32\scrrun.dll
2009-06-08 08:46 155,648 a------- c:\windows\system32\wscript.exe
2009-06-08 08:46 135,168 a------- c:\windows\system32\wshom.ocx
2009-06-08 08:46 135,168 a------- c:\windows\system32\cscript.exe
2009-06-08 08:46 90,112 a------- c:\windows\system32\wshext.dll
2009-06-08 06:59 401,408 a------- c:\windows\system32\drivers\http.sys
2009-06-08 06:57 1,329,152 a------- c:\windows\system32\WMSPDMOE.DLL
2009-06-08 06:07 177,970,225 a------- c:\windows\MEMORY.DMP
2009-06-08 06:00 <DIR> --d----- c:\users\john\appdata\roaming\SUPERAntiSpyware.com
2009-06-08 05:42 <DIR> a-d----- c:\programdata\TEMP
2009-06-08 05:41 506,368 a------- c:\windows\system32\msxml.dll
2009-06-07 06:09 <DIR> --d----- c:\program files\VideoLAN
2009-06-07 06:02 <DIR> --d----- c:\users\john\appdata\roaming\CD-DVDBurner
2009-06-07 05:52 150,016 a------- c:\windows\system32\unzip32.dll
2009-06-07 05:32 <DIR> --d----- c:\programdata\Azureus
2009-06-07 05:32 <DIR> --d----- c:\progra~2\Azureus
2009-06-07 05:32 <DIR> --d----- c:\users\john\appdata\roaming\Azureus
2009-06-07 05:10 <DIR> --d----- c:\users\john\appdata\roaming\FrostWire
2009-06-06 02:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-05 03:27 <DIR> --d----- c:\program files\eBay Auction Sniper and Auto Search
2009-06-05 02:45 <DIR> --d----- c:\programdata\HP Product Assistant
2009-06-03 02:47 <DIR> --d----- c:\users\john\appdata\roaming\Printer Info Cache
2009-06-03 02:17 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-01 13:02 148,928 a------- c:\windows\hpoins19.dat
2009-06-01 13:02 26,952 a------- c:\windows\hpomdl19.dat
2009-06-01 04:55 1,904 a------- c:\windows\system32\SetupBD.din
2009-06-01 04:48 <DIR> --d----- C:\Medion
2009-06-01 04:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-01 04:22 <DIR> --d----- C:\NVIDIA
2009-06-01 03:56 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-01 03:56 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-01 03:56 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-01 00:55 <DIR> --d----- c:\users\john\appdata\roaming\Malwarebytes
2009-06-01 00:54 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-01 00:54 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-30 03:13 <DIR> --d----- c:\users\john\appdata\roaming\SanDisk
2009-05-29 05:21 115,920 a------- c:\windows\system32\Msinet.ocx
2009-05-29 04:25 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-05-29 04:25 <DIR> --d----- c:\program files\common files\Napster Shared
2009-05-29 04:25 <DIR> --d----- c:\programdata\Napster
2009-05-29 04:25 <DIR> --d----- c:\progra~2\Napster
2009-05-29 04:25 <DIR> --d----- c:\program files\Napster
2009-05-29 02:42 19,498 a------- c:\windows\hpqins13.dat
2009-05-29 02:27 130,896 a------- c:\windows\hpiins06.dat
2009-05-29 02:27 0 a------- c:\windows\hpimdl06.dat
2009-05-29 02:01 116,842 a------- c:\windows\hpqins00.dat
2009-05-29 01:57 <DIR> --d----- c:\programdata\WEBREG
2009-05-29 01:57 <DIR> --d----- c:\progra~2\WEBREG
2009-05-29 01:51 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-05-29 01:48 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-29 01:47 <DIR> --d----- c:\program files\common files\HP
2009-05-29 01:42 258,048 a------- c:\windows\system32\hpzids01.dll
2009-05-29 01:42 675,840 a------- c:\windows\system32\hpowiav1.dll
2009-05-29 01:42 573,440 a------- c:\windows\system32\hpotscl1.dll
2009-05-29 01:42 303,104 a------- c:\windows\system32\hpovst01.dll
2009-05-29 01:30 <DIR> --d----- c:\programdata\HP
2009-05-29 00:08 <DIR> --d----- c:\program files\Adware Professional
2009-05-28 22:34 <DIR> --d----- c:\programdata\Google
2009-05-28 17:00 269,312 a------- c:\windows\system32\es.dll
2009-05-28 15:18 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-05-28 15:04 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-28 15:04 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-28 15:04 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-28 15:04 11,264 a------- c:\windows\system32\icardres.dll
2009-05-28 15:03 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 15:03 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-28 15:03 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-28 15:03 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-28 14:41 <DIR> --d----- c:\programdata\NVIDIA
2009-05-28 03:47 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-28 03:47 272,896 a------- c:\windows\system32\polstore.dll
2009-05-28 03:47 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-28 03:47 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-28 03:45 1,820 a------- c:\windows\system32\rasctrnm.h
2009-05-28 03:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-28 03:44 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-28 03:44 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-28 03:43 252,544 a------- c:\windows\system32\PROUnstl.exe
2009-05-28 03:41 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-05-28 03:33 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-28 03:31 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-28 03:29 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-28 03:27 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-28 03:27 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-28 03:25 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-28 03:25 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-28 03:25 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-28 03:24 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-28 03:23 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-28 03:23 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-28 03:17 2,048 a------- c:\windows\system32\tzres.dll
2009-05-28 03:15 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-05-28 03:15 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-05-28 03:14 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-28 03:14 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-28 03:14 4,096 a------- c:\windows\system32\msdxm.ocx
2009-05-28 03:14 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-28 03:06 2,927,104 a------- c:\windows\explorer.exe
2009-05-28 03:03 15,872 a------- c:\windows\system32\hcrstco.dll
2009-05-28 03:03 8,704 a------- c:\windows\system32\hccoin.dll
2009-05-28 02:58 4,875,776 a------- c:\windows\system32\NlsData0009.dll
2009-05-28 02:54 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-28 02:54 988,216 a------- c:\windows\system32\winload.exe
2009-05-28 02:54 927,288 a------- c:\windows\system32\winresume.exe
2009-05-28 02:54 378,368 a------- c:\windows\system32\srcore.dll
2009-05-28 02:54 318,464 a------- c:\windows\system32\rstrui.exe
2009-05-28 02:54 40,960 a------- c:\windows\system32\srclient.dll
2009-05-28 02:54 19,000 a------- c:\windows\system32\kd1394.dll
2009-05-28 02:54 14,848 a------- c:\windows\system32\srdelayed.exe
2009-05-28 02:54 615,992 a------- c:\windows\system32\ci.dll
2009-05-28 02:54 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-05-28 02:48 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-28 02:48 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-28 02:48 72,704 a------- c:\windows\system32\secur32.dll
2009-05-28 02:48 9,728 a------- c:\windows\system32\lsass.exe
2009-05-28 02:48 24,064 a------- c:\windows\system32\amxread.dll
2009-05-28 02:48 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-28 02:48 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-05-28 02:46 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-28 02:46 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-28 02:46 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-28 02:43 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-28 02:43 37,888 a------- c:\windows\system32\printcom.dll
2009-05-28 02:43 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-28 02:43 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-28 02:40 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-28 02:38 268,288 a------- c:\windows\system32\schannel.dll
2009-05-28 02:25 262,144 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-28 02:25 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-28 02:25 22,151,168 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-28 02:22 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-28 02:22 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-28 02:22 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-28 02:22 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-28 02:22 83,968 a------- c:\windows\system32\mscories.dll
2009-05-28 02:05 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-28 02:05 98,816 a------- c:\windows\system32\mfps.dll
2009-05-28 02:05 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-28 02:05 94,720 a------- c:\windows\system32\logagent.exe
2009-05-28 02:05 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-28 02:05 2,048 a------- c:\windows\system32\mferror.dll
2009-05-28 02:05 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-28 02:03 64,048 a------- c:\programdata\nvModes.dat
2009-05-28 02:03 64,048 a------- c:\progra~2\nvModes.dat
2009-05-28 02:00 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-28 02:00 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-28 02:00 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-28 01:57 <DIR> --d----- C:\QUARANTINE
2009-05-28 01:54 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-28 01:47 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-28 01:46 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-28 01:46 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-28 01:45 72,704 a------- c:\windows\system32\admparse.dll
2009-05-28 01:45 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-28 01:08 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-05-28 01:08 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-05-28 01:08 <DIR> --d----- c:\programdata\McAfee
2009-05-28 01:08 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-05-28 01:07 72,680 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-28 01:07 64,168 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-28 01:07 33,960 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-28 01:07 171,272 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-28 01:07 51,944 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-28 01:07 <DIR> --d----- c:\program files\McAfee
2009-05-28 01:07 <DIR> --d----- c:\program files\common files\McAfee
2009-05-28 01:07 1,755 a------- c:\windows\mvs0854w.mif
2009-05-28 01:07 <DIR> --d----- c:\program files\Compapps
2009-05-28 01:07 <DIR> --d----- c:\program files\selfheal
2009-05-28 00:35 7,235 a------- c:\windows\system32\hpasset.xml
2009-05-28 00:29 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9000 (RP247UA#ABA)_Y5335KV_0U_QCNF7051GG5_E436463-003_4A_I30BD_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2046_J100_7Intel_86F6_91.67_#090528_N8086109A;80864222_(RP247UA#ABA)_XMOBILE_CN10_Z.MRK
2009-05-28 00:28 44 a------- c:\windows\system\hpsysdrv.dat
2009-05-28 00:15 81 a------- c:\windows\system32\LOG
2009-05-28 00:14 <DIR> --d----- c:\users\John
2009-05-28 00:11 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-28 00:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-28 00:10 <DIR> --dsh--- c:\programdata\Documents
2009-05-28 00:10 <DIR> --dsh--- C:\Documents and Settings
2009-05-28 00:09 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-28 00:09 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-08 08:27 174 a--sh--- c:\program files\desktop.ini
2009-06-08 08:22 86,016 a------- c:\windows\inf\infstor.dat
2009-06-08 08:22 51,200 a------- c:\windows\inf\infpub.dat
2009-06-08 08:22 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-08 08:11 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-08 07:35 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-08 07:35 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-28 03:25 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-28 03:25 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-28 03:25 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-28 03:25 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-28 03:25 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-28 03:25 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-28 02:58 3,104,768 a------- c:\windows\system32\NlsData004a.dll
2009-05-28 02:52 551,424 a------- c:\windows\system32\rpcss.dll
2009-05-28 02:48 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-04-30 08:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 08:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:01:17.80 ===============

Edited by T1000, 25 June 2009 - 04:26 PM.

1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:58 AM

Posted 25 June 2009 - 10:31 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

OK, you mention that you have Malwarebytes' Anti-Malware and Superantispyware, can you please update them both and do scans with them? With Malwarebytes' Anti-Malware, do a full scan instead of just a quick scan.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


And just as an FYI, tracking cookies are a fact of life, you will always get them. The only thing you can do is keep deleting them.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 26 June 2009 - 09:55 PM

Hi Hoov, here are the scans from MBAM and SAS I'm working on the combofix I have to make sure I do this right as I'm a "NEWBIE" and don't want to ruin my computer Thanks Again ~ JOHN

Malwarebytes' Anti-Malware 1.38
Database version: 2337
Windows 6.0.6001 Service Pack 1

6/26/2009 6:54:55 AM
mbam-log-2009-06-26 (06-54-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 218408
Time elapsed: 1 hour(s), 53 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Adware Professional (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.
c:\program files\adware professional\logs (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.
c:\program files\adware professional\NoAdwareBackup (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\adware professional\noadware4_052809.na (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.
c:\program files\adware professional\logs\Date(29-5-2009) Time(1-11-18).txt (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.
c:\program files\adware professional\noadwarebackup\5,29,2009_1,10,52.zip (Rogue.AdwareProfessional) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2009 at 05:08 PM

Application Version : 4.26.1006

Core Rules Database Version : 3957
Trace Rules Database Version: 1899

Scan type : Complete Scan
Total Scan Time : 07:30:21

Memory items scanned : 721
Memory threats detected : 0
Registry items scanned : 7307
Registry threats detected : 0
File items scanned : 657069
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@stats.paypal[2].txt
C:\Documents and Settings\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@www.forumsextreme[1].txt
C:\Documents and Settings\John\Application Data\Microsoft\Windows\Cookies\Low\john@stats.paypal[2].txt
C:\Documents and Settings\John\Application Data\Microsoft\Windows\Cookies\Low\john@www.forumsextreme[1].txt
C:\Documents and Settings\John\Cookies\Low\john@stats.paypal[2].txt
C:\Documents and Settings\John\Cookies\Low\john@www.forumsextreme[1].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@stats.paypal[2].txt
C:\Users\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@www.forumsextreme[1].txt
C:\Users\John\Application Data\Microsoft\Windows\Cookies\Low\john@stats.paypal[2].txt
C:\Users\John\Application Data\Microsoft\Windows\Cookies\Low\john@www.forumsextreme[1].txt
C:\Users\John\Cookies\Low\john@stats.paypal[2].txt
C:\Users\John\Cookies\Low\john@www.forumsextreme[1].txt


Hoov when I figure out how to run this combofix correctly I'll post it I'm sorry for my lack of skills Thank You for your patience !!!!!
1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:58 AM

Posted 26 June 2009 - 11:08 PM

I would rather you take your time with Combofix, than rush it and mess something up. If you have questions, ask.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 27 June 2009 - 01:16 AM

Ok Thanks Hoov I'll get that posted as soon as I can Thanks !!!!!
1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#8 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 27 June 2009 - 10:06 AM

Hi Hoov, I ran combofix but I never got a box about recovery console I don't know if it is correct let me know if it is wrong or if I have to redo.Should I delete this program now Thanks !!!!


ComboFix 09-06-26.02 - John 06/27/2009 10:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1077 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 13:07 . 2009-06-27 13:07 -------- d-----w- c:\users\John\AppData\Local\Microsoft Corporation
2009-06-26 11:48 . 2009-06-26 11:48 -------- d-----w- c:\users\John\AppData\Local\Inquisitor
2009-06-25 10:00 . 2009-06-25 10:01 -------- d-----w- c:\users\John\AppData\Roaming\muvee Technologies
2009-06-25 10:00 . 2009-06-25 10:00 -------- d-----w- c:\programdata\muvee Technologies
2009-06-25 09:53 . 2009-06-25 09:53 -------- d-----w- c:\users\John\AppData\Local\MicroVision Applications
2009-06-25 09:15 . 2009-06-25 09:15 -------- d-----w- c:\users\John\AppData\Roaming\CyberLink
2009-06-25 09:03 . 2009-06-25 09:16 -------- d-----w- c:\users\John\AppData\Local\QuickPlay(47)
2009-06-24 18:32 . 2009-06-24 18:32 -------- d-----w- c:\program files\Secunia
2009-06-24 06:25 . 2009-06-24 06:46 -------- d-----w- c:\program files\SpywareBlaster(73)
2009-06-23 10:26 . 2009-06-23 10:26 -------- d-----w- c:\users\John\AppData\Local\Yahoo
2009-06-23 04:20 . 2009-06-23 04:20 -------- d-----w- c:\users\John\AppData\Local\WindowsUpdate
2009-06-22 00:06 . 2009-06-24 20:39 -------- d-----w- c:\program files\SpywareBlaster
2009-06-22 00:06 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-21 06:41 . 2009-06-21 06:41 787288 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-18 16:01 . 2009-06-18 16:01 -------- d-----w- c:\programdata\RegCure
2009-06-18 15:46 . 2009-06-18 15:46 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-18 14:30 . 2009-06-18 14:30 -------- d-----w- c:\windows\Sun
2009-06-17 22:15 . 2009-06-26 08:10 -------- d-----w- c:\users\John\AppData\Local\Adobe
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-15 04:30 . 2009-06-17 09:49 -------- d-----w- c:\users\John\DoctorWeb
2009-06-14 09:26 . 2009-06-17 18:28 680 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat
2009-06-14 08:35 . 2009-06-27 02:48 117760 ----a-w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-14 08:35 . 2009-06-14 08:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-14 08:34 . 2009-06-25 18:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-13 15:44 . 2009-06-13 15:44 -------- d-----w- C:\Boot
2009-06-13 09:24 . 2009-06-13 14:25 -------- d-----w- C:\$UPGRADE.~OS
2009-06-13 06:45 . 2009-06-13 15:43 -------- d-----w- c:\programdata\SiteAdvisor
2009-06-11 23:17 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 23:17 . 2009-06-18 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 23:17 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 08:54 . 2009-06-11 08:54 -------- d-----w- c:\program files\MSSOAP
2009-06-11 08:54 . 2009-06-11 08:54 164 ----a-w- c:\windows\install.dat
2009-06-10 17:32 . 2009-01-07 21:20 13776 ----a-w- c:\windows\system32\SDEarlyDelete.exe
2009-06-10 17:02 . 2009-01-22 14:29 1060864 ----a-w- c:\windows\system32\CheckDll.dll
2009-06-10 17:02 . 2009-06-25 21:56 -------- d-----w- c:\program files\SpywareDetector
2009-06-10 09:34 . 2009-06-27 11:19 123 ----a-w- c:\windows\system\SysSD.dll
2009-06-10 04:12 . 2009-06-10 04:12 -------- d-----w- c:\programdata\Yahoo!
2009-06-10 04:12 . 2009-06-24 19:13 -------- d-----w- c:\users\John\AppData\Roaming\Yahoo!
2009-06-10 04:10 . 2009-06-10 04:14 -------- d--h--w- c:\windows\msdownld.tmp
2009-06-08 12:47 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-08 12:47 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-06-08 12:47 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-06-08 12:47 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-06-08 12:47 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-06-08 12:47 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2009-06-08 12:47 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-08 12:47 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-06-08 12:47 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-06-08 12:47 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-06-08 12:46 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-06-08 12:46 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-06-08 12:46 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-06-08 12:46 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-06-08 12:46 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-06-08 12:46 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-06-08 10:59 . 2008-01-19 07:36 152064 ----a-w- c:\windows\system32\vdsbas.dll
2009-06-08 10:57 . 2008-01-19 07:37 95744 ----a-w- c:\windows\system32\xwtpw32.dll
2009-06-08 10:00 . 2009-06-08 10:00 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2009-06-08 09:41 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-06-07 22:00 . 2009-06-07 22:00 4141117 ----a-w- c:\users\John\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2009-06-07 22:00 . 2009-06-07 22:00 6516755 ----a-w- c:\users\John\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-06-07 10:12 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\vlc
2009-06-07 10:09 . 2009-06-07 10:09 -------- d-----w- c:\program files\VideoLAN
2009-06-07 10:02 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\CD-DVDBurner
2009-06-07 09:52 . 2000-10-29 20:34 150016 ----a-w- c:\windows\system32\unzip32.dll
2009-06-07 09:48 . 2009-06-07 09:48 0 ----a-w- c:\users\John\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-07 09:32 . 2009-06-13 15:43 -------- d-----w- c:\programdata\Azureus
2009-06-07 09:32 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\Azureus
2009-06-07 09:10 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\FrostWire
2009-06-06 19:43 . 2009-06-06 19:43 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-06-06 19:43 . 2009-06-06 19:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-06-06 06:04 . 2009-06-18 15:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-05 07:27 . 2009-06-17 07:06 -------- d-----w- c:\program files\eBay Auction Sniper and Auto Search
2009-06-05 06:45 . 2009-06-05 06:45 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-03 06:47 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\Printer Info Cache
2009-06-03 06:47 . 2009-06-13 15:43 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2009-06-01 17:02 . 2009-06-01 17:16 148928 ----a-w- c:\windows\hpoins19.dat
2009-06-01 17:02 . 2007-03-13 19:52 26952 ----a-w- c:\windows\hpomdl19.dat
2009-06-01 16:41 . 2006-09-29 17:09 534528 ----a-w- c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe
2009-06-01 16:36 . 2006-12-22 02:51 771672 ----a-w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2009-06-01 16:36 . 2006-12-22 02:47 472664 ----a-w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2009-06-01 08:55 . 2009-06-01 08:56 -------- d-----w- c:\program files\Intel
2009-06-01 08:52 . 2009-06-01 09:01 11997136 ----a-w- c:\programdata\PC Drivers HeadQuarters\Driver Detective\Downloads\PROVISTA32_v13_5.exe
2009-06-01 08:48 . 2009-06-01 08:48 -------- d-----w- C:\Medion
2009-06-01 08:47 . 2009-06-01 09:12 923089 ----a-w- c:\programdata\PC Drivers HeadQuarters\Driver Detective\Downloads\chpwim2210vst.exe
2009-06-01 08:29 . 2009-06-13 15:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-01 08:29 . 2009-06-13 15:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-01 08:22 . 2009-06-01 08:22 -------- d-----w- C:\NVIDIA
2009-06-01 08:19 . 2009-06-01 08:19 128874256 ----a-w- c:\programdata\PC Drivers HeadQuarters\Driver Detective\Downloads\179.48_notebook_winvista_32bit_beta.exe
2009-06-01 07:56 . 2009-06-01 07:56 -------- d-----w- c:\users\John\AppData\Local\PC_Drivers_Headquarters
2009-06-01 07:56 . 2009-06-01 07:56 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-06-01 07:56 . 2009-06-01 07:56 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-01 04:55 . 2009-06-01 04:55 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2009-06-01 04:54 . 2009-06-01 04:54 -------- d-----w- c:\programdata\Malwarebytes
2009-05-30 22:17 . 2009-05-30 22:17 -------- d-----w- c:\users\John\AppData\Local\IsolatedStorage
2009-05-30 21:33 . 2009-05-30 21:33 -------- d-----w- c:\users\John\AppData\Local\Seven Zip
2009-05-30 21:22 . 2009-05-30 21:22 -------- d-----w- c:\users\John\AppData\Local\Apps
2009-05-30 07:14 . 2009-05-30 07:14 79872 ----a-w- c:\users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-05-30 07:14 . 2009-05-30 07:14 349184 ----a-w- c:\users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-05-30 07:14 . 2009-05-30 07:14 541696 ----a-w- c:\users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-05-30 07:13 . 2009-05-30 07:13 -------- d-----w- c:\users\John\AppData\Roaming\SanDisk
2009-05-29 08:36 . 2009-06-25 10:01 -------- d-----w- c:\users\John\AppData\Roaming\Roxio
2009-05-29 08:25 . 2009-06-13 15:41 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 08:25 . 2009-05-29 08:25 -------- d-----w- c:\program files\Common Files\Napster Shared
2009-05-29 08:25 . 2009-05-29 08:36 -------- d-----w- c:\programdata\Napster
2009-05-29 08:25 . 2009-06-13 15:42 -------- d-----w- c:\program files\Napster
2009-05-29 08:24 . 2009-05-29 08:24 -------- d-----w- c:\users\John\AppData\Roaming\InstallShield
2009-05-29 06:43 . 2009-05-29 06:43 -------- d-----w- c:\users\John\AppData\Local\HP
2009-05-29 06:42 . 2009-05-29 06:43 19498 ----a-w- c:\windows\hpqins13.dat
2009-05-29 06:27 . 2009-05-29 06:33 130896 ----a-w- c:\windows\hpiins06.dat
2009-05-29 06:27 . 2007-05-03 20:13 0 ----a-w- c:\windows\hpimdl06.dat
2009-05-29 06:01 . 2009-06-12 07:19 116842 ----a-w- c:\windows\hpqins00.dat
2009-05-29 05:57 . 2009-06-13 15:43 -------- d-----w- c:\programdata\WEBREG
2009-05-29 05:57 . 2009-05-30 03:34 -------- d-----w- c:\users\John\AppData\Roaming\HP
2009-05-29 05:51 . 2009-06-13 15:43 -------- d-----w- c:\programdata\HPSSUPPLY
2009-05-29 05:48 . 2009-05-29 05:48 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-29 05:47 . 2009-05-29 05:50 -------- d-----w- c:\program files\Common Files\HP
2009-05-29 05:42 . 2006-11-20 21:36 258048 ----a-w- c:\windows\system32\hpzids01.dll
2009-05-29 05:42 . 2006-12-16 06:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll
2009-05-29 05:42 . 2006-12-16 06:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2009-05-29 05:42 . 2006-12-16 06:19 573440 ----a-w- c:\windows\system32\hpotscl1.dll
2009-05-29 05:30 . 2009-06-01 17:13 -------- d-----w- c:\programdata\HP
2009-05-29 02:34 . 2009-05-30 01:40 -------- d-----w- c:\users\John\AppData\Local\Google
2009-05-29 02:34 . 2009-05-29 02:34 -------- d-----w- c:\program files\Google
2009-05-28 21:00 . 2009-05-28 21:00 269312 ----a-w- c:\windows\system32\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 14:43 . 2009-06-26 11:48 262144 ----a-w- c:\programdata\ntuser.dat
2009-06-27 11:19 . 2009-05-28 06:03 64048 ----a-w- c:\programdata\nvModes.dat
2009-06-27 06:22 . 2006-12-29 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-26 11:48 . 2006-12-29 13:19 -------- d-----w- c:\program files\Yahoo!
2009-06-25 18:32 . 2006-12-29 12:59 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 09:50 . 2006-12-29 12:44 -------- d-----w- c:\programdata\Sonic
2009-06-25 09:41 . 2006-12-29 12:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-25 09:39 . 2006-12-29 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 09:30 . 2006-12-29 13:06 -------- d-----w- c:\program files\HP
2009-06-25 09:14 . 2006-12-29 13:07 -------- d-----w- c:\programdata\CyberLink
2009-06-23 19:22 . 2006-12-29 13:34 -------- d-----w- c:\program files\Java
2009-06-23 18:19 . 2009-05-28 05:07 -------- d-----w- c:\program files\McAfee
2009-06-13 15:43 . 2006-12-29 13:05 -------- d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-06-13 15:43 . 2006-12-29 13:13 -------- d-----w- c:\programdata\WildTangent
2009-06-13 15:43 . 2006-12-29 12:44 -------- d-----w- c:\programdata\Roxio
2009-06-13 15:43 . 2006-12-29 13:02 -------- d-----w- c:\programdata\Microsoft Help
2009-06-13 15:41 . 2006-12-29 13:21 -------- d-----w- c:\program files\DivX
2009-06-13 15:41 . 2006-12-29 13:17 -------- d-----w- c:\program files\earthlink totalaccess
2009-06-13 15:41 . 2006-12-29 12:48 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-13 15:41 . 2006-12-29 12:44 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-13 15:41 . 2006-12-29 13:24 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-13 15:40 . 2006-12-29 13:05 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-06-13 06:43 . 2009-05-28 05:08 -------- d-----w- c:\programdata\McAfee
2009-06-13 06:43 . 2009-05-28 05:07 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-11 12:57 . 2009-06-11 12:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-09 15:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-09 15:05 . 2006-12-29 13:03 -------- d-----w- c:\program files\Microsoft.NET
2009-06-08 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-08 12:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-08 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-08 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-08 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-08 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-08 12:11 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-08 11:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-08 11:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-05 17:01 . 2009-05-28 04:33 91184 ----a-w- c:\users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 08:55 . 2009-05-28 04:17 -------- d-----w- c:\users\John\AppData\Roaming\Hewlett-Packard
2009-05-30 08:53 . 2006-12-29 13:30 -------- d-----w- c:\programdata\Hewlett-Packard
2009-05-29 06:37 . 2006-12-29 13:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 22:06 . 2006-12-29 12:35 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-28 07:47 . 2009-05-28 07:47 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-28 07:47 . 2009-05-28 07:47 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-28 07:47 . 2009-05-28 07:47 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-28 07:47 . 2009-05-28 07:47 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-28 07:44 . 2009-05-28 07:44 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-28 07:44 . 2009-05-28 07:44 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-28 07:44 . 2009-05-28 07:44 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-05-28 07:33 . 2009-05-28 07:33 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-28 07:31 . 2009-05-28 07:31 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-28 07:29 . 2009-05-28 07:29 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-28 07:27 . 2009-05-28 07:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-28 07:27 . 2009-05-28 07:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-28 07:25 . 2009-05-28 07:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-28 07:25 . 2009-05-28 07:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-28 07:25 . 2009-05-28 07:25 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-28 07:24 . 2009-05-28 07:24 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-28 07:23 . 2009-05-28 07:23 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-28 07:23 . 2009-05-28 07:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-28 07:17 . 2009-05-28 07:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-28 07:14 . 2009-05-28 07:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-28 07:14 . 2009-05-28 07:14 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-28 07:14 . 2009-05-28 07:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-28 07:06 . 2009-05-28 07:06 2927104 ----a-w- c:\windows\explorer.exe
2009-05-28 06:58 . 2009-05-28 06:58 4875776 ----a-w- c:\windows\system32\NlsData0009.dll
2009-05-28 06:54 . 2009-05-28 06:54 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-28 06:54 . 2009-05-28 06:54 988216 ----a-w- c:\windows\system32\winload.exe
2009-05-28 06:54 . 2009-05-28 06:54 927288 ----a-w- c:\windows\system32\winresume.exe
2009-05-28 06:54 . 2009-05-28 06:54 40960 ----a-w- c:\windows\system32\srclient.dll
2009-05-28 06:54 . 2009-05-28 06:54 378368 ----a-w- c:\windows\system32\srcore.dll
2009-05-28 06:54 . 2009-05-28 06:54 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-05-28 06:54 . 2009-05-28 06:54 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-05-28 06:54 . 2009-05-28 06:54 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-05-28 06:54 . 2009-05-28 06:54 615992 ----a-w- c:\windows\system32\ci.dll
2009-05-28 06:54 . 2009-05-28 06:54 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-05-28 06:48 . 2009-05-28 06:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-28 06:48 . 2009-05-28 06:48 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-28 06:48 . 2009-05-28 06:48 441400 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-28 06:48 . 2009-05-28 06:48 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-28 06:48 . 2009-05-28 06:48 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-28 06:48 . 2009-05-28 06:48 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-05-28 06:46 . 2009-05-28 06:46 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-05-28 06:46 . 2009-05-28 06:46 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-28 06:46 . 2009-05-28 06:46 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-05-28 06:43 . 2009-05-28 06:43 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-28 06:43 . 2009-05-28 06:43 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-28 06:43 . 2009-05-28 06:43 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-28 06:43 . 2009-05-28 06:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-05-28 06:40 . 2009-05-28 06:40 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-05-28 06:38 . 2009-05-28 06:38 268288 ----a-w- c:\windows\system32\schannel.dll
2009-05-28 06:22 . 2009-05-28 06:22 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-05-28 06:22 . 2009-05-28 06:22 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-28 06:22 . 2009-05-28 06:22 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-05-28 06:22 . 2009-05-28 06:22 83968 ----a-w- c:\windows\system32\mscories.dll
2009-05-28 06:22 . 2009-05-28 06:22 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-05-28 06:05 . 2009-05-28 06:05 98816 ----a-w- c:\windows\system32\mfps.dll
2009-05-28 06:05 . 2009-05-28 06:05 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-05-28 06:05 . 2009-05-28 06:05 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-28 06:05 . 2009-05-28 06:05 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-28 06:05 . 2009-05-28 06:05 24576 ----a-w- c:\windows\system32\mfpmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"SansaDispatch"="c:\users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-30 79872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-29 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-03-10 323216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-31 1366528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-12-01 15:15 475136 ----a-w- c:\program files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7D2D91B-2F93-4D98-89DA-EAA8221D97E4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8553FFE4-2978-492C-B2EF-BDFD62B4FAEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8487480D-1C86-41BC-88D2-2F94CEFB5506}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{2323E63B-77E5-49DA-AB6C-674CAE419990}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{BA87D380-4483-441F-8DE3-F17AFA5472AB}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{85087D8B-AF97-4EB9-A26E-D8B9AB8F767F}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{935C2EF6-A603-4F13-8463-5A832EC27F6B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D75EE1D6-182D-42A7-BE19-058BA7449A8C}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E274B2FC-F54F-4631-BB1B-F63DD15BA9A2}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{694F75FE-AD5C-4AB0-BB36-7C2CAA098EAF}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6014D925-779E-4517-9853-F48EE1F54858}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0158754C-0CAA-4651-A1BC-C0CA90A95F43}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44A7F39C-5F3C-4878-86B5-5C42F49CA0E1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C2105CA8-6F50-4906-9F35-ADCC317BB1B5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0AE3926-EEC5-4F02-A564-C24AE84F922B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9403EDE5-FA94-449F-A7F9-2006D330B0EF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8B404CC6-953A-48D8-932E-58CB127457DD}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{F0439937-9980-44CF-87A9-D8E5FFBB39E0}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{CAA53EA4-BA33-4BD4-91C1-D1FBF520A3C6}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{3E07AFB6-8FCA-46D2-910B-8F59279C5C5F}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{EDA71227-8EFC-42D0-BB48-EC05A8F2359E}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{7197F488-5FAF-4820-A173-E3B189FFAABC}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"TCP Query User{BBD98525-3EB5-47E3-9C08-152F4E936853}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster
"UDP Query User{EFC47051-C3BC-494B-A227-1495616EBC1A}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster
"{3DDA1D5C-8CBA-4943-8990-9432E1C6AA27}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{177E252E-C9A3-4356-8A57-1E5646C8182E}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 SDManager;SDManager;c:\program files\SpywareDetector\SDManager.sys [6/10/2009 1:02 PM 13696]
R2 InquisitorService;Inquisitor Service;c:\program files\Yahoo!\Inquisitor\InquisitorService.exe [10/17/2008 4:32 PM 185624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/13/2009 2:43 AM 210216]
R2 SDMainSvc;SDMainSvc;c:\program files\SpywareDetector\SDMainService.exe [6/10/2009 1:02 PM 923088]
R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [6/10/2009 1:02 PM 1720192]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
R3 SDActMon;SDActMon;c:\program files\SpywareDetector\SDActMon.sys [6/10/2009 1:02 PM 21888]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\HPCeeScheduleForJohn.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-29 00:08]

2009-06-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-27 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-27 c:\windows\Tasks\User_Feed_Synchronization-{4417BFAA-8C31-45D1-97BA-82A6D543719A}.job
- c:\windows\system32\msfeedssync.exe [2009-06-08 07:33]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
uLocal Page = \blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 10:43
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-27 10:46
ComboFix-quarantined-files.txt 2009-06-27 14:46

Pre-Run: 43,335,536,640 bytes free
Post-Run: 43,384,508,416 bytes free

377 --- E O F --- 2009-06-25 18:32
1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#9 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 27 June 2009 - 05:39 PM

Hi Hoov, I just did a scan with Max Secure Spyware Detector 2009 and it found 4 Trojans where are all these things coming from could it be from when I ran Combofix without AV cause you have to disable them when you run that. I'm begining to wonder if this will ever stop.What do you think about Reformatting the Hard Drives.I need to get rid of these things once and for all.This has been going on now for almost 2 months.I don't know how much longer I can deal with this issue before throwing in the towel.And just reformat the hard drives without saving anything can you help me through that.I'm posting the logs now, my wife and I are going out to dinner so I'll be back later tonight.I had 1 Rogue scanner already I'm wondering if this is another (Spyware Detector)

Information :
Date: 6/27/2009 18-09-50
OS Version: Windows Vista
Computer Name: JVLIMV

Log:
Spyware Name Threat Type Threat Action
Trojan.Agent Registry Key hkey_users\s-1-5-21-2523252335-1243555773-1894852246-1000\software\microsoft\windows\currentversion\drivers Scan
Trojan.Agent Registry Key hkey_users\s-1-5-21-2523252335-1243555773-1894852246-1000\software\microsoft\windows\currentversion\drivers\video Scan
Trojan.Agent Registry Key hkey_users\s-1-5-21-2523252335-1243555773-1894852246-1000\software\microsoft\windows\currentversion\drivers\video\options Scan
Trojan.Agent Registry Key hkey_users\s-1-5-21-2523252335-1243555773-1894852246-1000\software\wget Scan
1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:58 AM

Posted 27 June 2009 - 07:11 PM

Have you been running this program the whole time you have been having Trojan problems? I can find no real references to this program either good or bad. Try uninstallingit, do an update in Malwarebytes' Anti-Malware and then run a full scan, and then do your normal web browsing for a day, and then run a full Malwarebytes' Anti-Malware scan. Give me the logs from both Malwarebytes' Anti-Malware scans and we will see what happens. I am going to ask others about that program to see if anyone has heard anything about it.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 27 June 2009 - 09:25 PM

Hi Hoov here is a link to take a look at it I just saved it from my favorites check the site with mcafee site advisor but this is the program it has been around for awhile so it is not brand new just google (Max Secure Spyware Detector 2009) but this is the link so you can take alook Thanks

http://www.spywaredetector.net/spyware_enc...tm%20-%20Cached

And here is another link it is a reveiw I'm going to see if I can get my money back tomorrow:


http://www.pcmag.com/article2/0,2817,2073458,00.asp

Now this reveiw was from 12/15/06 so it was 3 years ago now it is called max secure spyware detector 2009 the version reveiwed is V 2.0

Edited by T1000, 28 June 2009 - 09:52 AM.

1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:58 AM

Posted 29 June 2009 - 02:27 AM

Did you uninstall it? How did the computer run without it installed?

I am going to be going out of town on Wednesday morning and won't be near a computer till sometime Sunday Evening. If you don't mind, we can pick up then.

Or if you want I can arrange to have someone else try to figure out what I am missing.

Let me know.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 29 June 2009 - 01:26 PM

Hi Hoov, I researched it it is not a Rogue I have a 30 day money back option I put in my request for a refund if it was a rogue that money would be long gone and I wouldn't of been able to get in touch with them period. It's from Max Secure Software.They are from India.I'm thinking of getting Prevx 3.0 or Kaspersky I did the scans with MBAM and SAS again nothing was found except tracking cookies it seems like I do scans nothing is found for a few days then there is more like there is a hidden downloader that downloads things in time intervals.I had it uninstalled yesterday Spyware Detector 2009 that is the one that found the last trojans real time protection stinks though.

Hoov please transfer to someone else I've been dealing with this since beginning of May this is going on too long I would like my life back.If you are going to gone for 5 days then I'll need help. Thank You for the help you have provided so far :thumbup2:


Malwarebytes' Anti-Malware 1.38
Database version: 2346
Windows 6.0.6001 Service Pack 1

6/28/2009 12:40:06 PM
mbam-log-2009-06-28 (12-40-06).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 219470
Time elapsed: 1 hour(s), 32 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/28/2009 at 04:42 PM

Application Version : 4.26.1006

Core Rules Database Version : 3960
Trace Rules Database Version: 1901

Scan type : Quick Scan
Total Scan Time : 03:17:27

Memory items scanned : 742
Memory threats detected : 0
Registry items scanned : 491
Registry threats detected : 0
File items scanned : 283384
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[1].txt
C:\Documents and Settings\John\AppData\Roaming\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[2].txt
C:\Documents and Settings\John\Application Data\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[1].txt
C:\Documents and Settings\John\Application Data\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[2].txt
C:\Documents and Settings\John\Cookies\Low\john@server.iad.liveperson[1].txt
C:\Documents and Settings\John\Cookies\Low\john@server.iad.liveperson[2].txt
C:\Users\John\Application Data\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[1].txt
C:\Users\John\Application Data\Microsoft\Windows\Cookies\Low\john@server.iad.liveperson[2].txt
C:\Users\John\Cookies\Low\john@server.iad.liveperson[1].txt
C:\Users\John\Cookies\Low\john@server.iad.liveperson[2].txt

These tracking cookies are from the people I was in touch with yesterday about this software

Edited by T1000, 29 June 2009 - 01:29 PM.

1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:58 AM

Posted 29 June 2009 - 04:01 PM

What problems are you still having? If it just the tracking cookies, those are something you need to live with.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 T1000

T1000
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Third Stone From The Sun
  • Local time:07:58 AM

Posted 29 June 2009 - 11:46 PM

I know the tracking cookies I'll have to live with, it is the Trojans that I'm worried about. I had backdoor Trojans on this thing, now I'm afraid to do anything on this thing that is what I need you for.Were you able to find anything in the logs and will I ever get a clean bill of health for this computer or should I just go ahead and format the hard drives.The same thing has been happening for 2 months.I'll get a bunch of Trojans on my computer when I do a scan then the anti-spyware scanners clean it up and Quarantine them then a week later there is more, on like the third or fourth scan I do from the last infection.Which is funny because I haven't been on any sites other than this one and I don't go to any site unless my McAfee Site Advisor says it's a green site.This is why I think there is a Trojan Downloader really hidden on this thing that the scanners aren't pickin-up.I really need to get this cleaned up or it is going in the trash,or going to be sold or I'm going to get my 16 lb sledgehammer I would prefer to get some help with this.If I can't get help then I will format what other choice do I have are you going to transfer to someone else,if you do it was nice to meet you Hoov and Thank You for your assistance I realy appreciate your help. :thumbup2: and guidance as I'm a newbie and don't know my a_ _ from my elbow when it comes to computers. Thanks to Grinlers Tutorials I have been learning faster than I was, but at this point I'm still very much a "NEWBIE"

I need to know if you will transfer because If I have to format I want to get started right away as it will no doubt take a week to reinstall everything then update everything that will be quite time consuming but I want 100% guarantee that these Trojans are gone for good.What do you think about Prevx or Kaspersky I need to replace Spyware detector because that is the only real-time protection I have other than my Anti-Virus McAfee Thank You Again Regards ~ JOHN

P.S. the same thing was happening when Garmanma(Moderator) was helping me, we would find trojans clean it up and then rescan nothing found and then a couple more scans with some other scanner (Dr.Web) and we would find more trojans that is why I'm on this forum HJT.We are missing something !!!!!

Hoov I know you are going to be away for a few days I would prefer if you could transfer as I don't want to wait any longer as I said it has been 2 months of nothing but scans do you know what I mean it is getting old.I would love to meet the people who are creating these trojans it would be very brief.I would be doing society a favor really.They are nothing but Scumbags.

Edited by T1000, 30 June 2009 - 01:46 PM.

1.) HP Pavilion DV 9230us, 17" Laptop, Windows Vista Home Premium SP2 32-Bit , Intel Dual Core T5500 1.66 GHz , 100GB Dual HD, 200 GB Total HDD, 2 GB Ram DDR2, WD 1TB external HDD, My Book Essential.

2.) Dell Inspiron 1764 17" Laptop, Windows 7 Home Premium 64-Bit, Intel Dual Core i5 2.53 GHz w/Turbo Boost Technology, (3MB cache) Media Graphics Accelerator, 500 GB HDD, 4 GB Ram DDR3, Western Digital 1TB external HDD, My Book Essential.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users