Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Security Updated Files Fail To Install Everytime!


  • This topic is locked This topic is locked
2 replies to this topic

#1 mrcyber2000

mrcyber2000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 28 October 2009 - 09:27 PM

Hello all! Grea job going on here. Now I finally have some data for you to crunch. Thanks, in advance.

A few WinXP security patches continually fail to install. Never had that problem before 10 days or so ago. I've checked & cleaned as much as I could, time permitting. I need your help in verifying the PC is clean. Automatc updates is "ON".

The patches that won't install after about 5 attempts are:
KB971486 & KB958869

I ran Remove It Pro v4.46 & got some questionable scan reults. I didn't try to fix ANYTHING with that app.

Remove It Pro Scan Results: ("Infected Files")
Sys32.e_s40rp7
Sys32.fileobjinfo
Sys32.ssupdate
Sys32.cmdlgfr
Sys32.coinst_070614
Sys32.divxsm
Sys32.epmntdrv
Sys32.euepmgdi
Sys32.eugdidrv
Sys32.inetfr
Sys32.kpdpm
Sys32.kpdpmui
Sys32.kpdres
Sys32.mscmcfr
Sys32.mxntdfg
Sys32.pthreadgc2
Sys32.ptpitcp
Sys32.ssubtmr6
Sys32.tmcomm
Sys32.tvtxtdec
v.viscomqtde
Sys32.askbar
Sys32.askpopstp
Sys32.ctbcomm
Sys32.ctbr
Sys32.ctipsdef
Sys32.ctoolbar
Sys32.cupd
Sys32.defaultsearch
Sys32.npdrmv2
Sys32.npds
Sys32.psvince
Sys32.unins000
What do you think about those files listed above?

I've run Malwarebytes (clean), Super Antispyware (cookies - delated), DDS, HJT, etc. I need the HJT log reviewed and recommendations. Below are the copy/pasted log reports.


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:33 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3

SSRP\E_S40RP7.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\LanTool\LanTool.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LanTool\LTi.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default

Manager\DefMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\BearShare Applications\BearShare\BearShare.exe
C:\Program Files\Cricket\Cricket Broadband\bmctl.exe
c:\PROGRA~1\Crawler\CMail.exe
C:\PROGRA~1\ONLINE~2\ONLINE~1.EXE
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\PROGRAM FILES\GLARY UTILITIES\MEMDEFRAG.EXE
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\MrCyber2000\Desktop\Trend Micro HijackThis

2.0.2\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Search,Default_Search_URL =

http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-

966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-

4b9b06b376f0} - C:\Program Files\Gossiper\tbGos1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-

7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} -

C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} -

C:\Program Files\Gossiper\tbGos1.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -

C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -

C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer

- {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-

206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} -

C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

C:\Program Files\Microsoft\Search Enhancement Pack\Search

Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-

BB24-76C02E2E7C4E} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}

- C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -

C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-

4b9b06b376f0} - C:\Program Files\Gossiper\tbGos1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-

33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8}

- C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -

C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} -

C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP

Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir

Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit

SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program

Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -

resume
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program

Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6

\bin\jusched.exe
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System

Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit

Security 360\IS360tray.exe
O4 - HKCU\..\Run: [WinXP Task Manager] C:\WINDOWS\system32\taskman.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced

SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program

Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [CrawlerMail] c:\progra~1\crawler\cmail.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Cricket Broadband] C:\Program Files\Cricket\Cricket

Broadband\Cricket Broadband.exe
O4 - HKCU\..\Run: [BearShare] "C:\Program Files\BearShare

Applications\BearShare\BearShare.exe" --lightmode
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1

\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1

\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: AutorunsDisabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: WinRescue.lnk = C:\Program Files\WinRescue

XP\RescueXP.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutorunsDisabled (User 'Default user')
O4 - .DEFAULT Startup: WinRescue.lnk = C:\Program Files\WinRescue

XP\RescueXP.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: WinRescue.lnk = C:\Program Files\WinRescue

XP\RescueXP.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager -

tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download

Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager -

tbr:iemenudownload
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -

C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} -

C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration

- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://169.254.87.132
O15 - ESC Trusted IP range: http://169.254.87.132
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon...ad/DSL/Verizon%

20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class)

- http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/microsoftupdat...ls/en/x86/clien

t/wuweb_site.cab?1228623419186
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsoftupdat...ls/en/x86/clien

t/muweb_site.cab?1228623403280
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AE92DDF-DAC0-4D07-8CA0-

C3ADFC921477}: NameServer = 172.28.221.53 172.28.221.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA4C0CF-BD59-4041-9804-

3D5958EACB5F}: NameServer = 192.168.1.1,205.188.146.145
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -

C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

C:\PROGRA~1\Crawler\ctbr.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -

C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. -

C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) -

Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner -

C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON

CORPORATION - C:\Documents and Settings\All Users\Application

Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Eyeline Service (EyelineService) - Unknown owner -

C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. -

C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150

\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit

Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown

owner - C:\PROGRA~1\Java\jre6\lib\deploy\jqs\JQS~1.CON" (file missing)
O23 - Service: LanTool - N37dev - C:\Program Files\LanTool\LanTool.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program

Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology

Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService)

- Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -

Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service)

- Xacti Corporation - C:\Program Files\System

Protect\SysProtect_srv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 16049 bytes


DDS Log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by MrCyber2000 at 17:53:29.43 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\LanTool\LanTool.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LanTool\LTi.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\BearShare Applications\BearShare\BearShare.exe
C:\Program Files\Cricket\Cricket Broadband\bmctl.exe
c:\PROGRA~1\Crawler\CMail.exe
C:\PROGRA~1\ONLINE~2\ONLINE~1.EXE
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\PROGRAM FILES\GLARY UTILITIES\MEMDEFRAG.EXE
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\MrCyber2000\My Documents\Downloads\DDS Malware Scanner Free\dds.scr
C:\WINDOWS\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
uURLSearchHooks: Gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbGos1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: Gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbGos1.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: Gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbGos1.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WinXP Task Manager] c:\windows\system32\taskman.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [taskmgr.exe] c:\windows\system32\taskmgr.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [CrawlerMail] c:\progra~1\crawler\cmail.exe /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Cricket Broadband] c:\program files\cricket\cricket broadband\Cricket Broadband.exe
uRun: [BearShare] "c:\program files\bearshare applications\bearshare\BearShare.exe" --lightmode
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe /runcleanupscript
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [SystemProtect] c:\program files\system protect\SysProtect_Tray.exe
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mrcybe~1\startm~1\programs\startup\winres~1.lnk - c:\program files\winrescue xp\RescueXP.exe
StartupFolder: c:\docume~1\mrcybe~1\startm~1\programs\startup\autoru~1\azureu~1.lnk - c:\program files\azureus ultra accelerator\Azureus Ultra Accelerator.exe
IE: Crawler Search - tbr:iemenu
IE: Download Image with Download Manager - tbr:iemenudownload
IE: Download URL in selection with Download Manager - tbr:iemenudownsel
IE: Download URL with Download Manager - tbr:iemenudownload
IE: {FA32182A-EA44-4583-803B-AA827F0D4E06} - c:\progra~1\online~2\ONLINE~1.EXE
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://cache2.vuze.com/files/Azureus_Java_Installer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228623419186
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228623403280
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {3AE92DDF-DAC0-4D07-8CA0-C3ADFC921477} = 172.28.221.53 172.28.221.54
TCP: {BDA4C0CF-BD59-4041-9804-3D5958EACB5F} = 192.168.1.1,205.188.146.145
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mrcybe~1\applic~1\mozilla\firefox\profiles\xjccld4e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\progra~1\crawler\firefox\components\xcomm.dll
FF - component: c:\progra~1\crawler\firefox\components\xshared.dll
FF - component: c:\progra~1\crawler\firefox\components\xsupport.dll
FF - component: c:\progra~1\crawler\firefox\components\xwsg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\siteranker\firefox\components\siterank.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-1 206256]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-21 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-27 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-12 20560]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-19 309008]
R2 LanTool;LanTool;c:\program files\lantool\LanTool.exe [2009-2-25 75264]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-11-25 14976]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\system protect\SysProtect_srv.exe [2009-10-1 598528]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2009-10-20 38528]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2009-10-20 54656]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2009-10-20 54528]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2009-10-20 103424]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2009-10-20 54656]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2009-10-20 54656]
R3 PAC7302;PAC7302 VGA SoC PC-Camera;c:\windows\system32\drivers\PAC7302.SYS [2007-6-14 457856]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2009-10-1 12288]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2009-10-20 11520]
S3 BroadCamService;BroadCam Service;c:\program files\nch software\broadcam\broadCam.exe [2009-2-6 368644]
S3 CXFALCON;TD3101_3104 Video/Audio Card;c:\windows\system32\drivers\TD3101_3104AV.sys [2009-3-7 78592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-11-13 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-11-13 3072]
S3 EyelineService;Eyeline Service;c:\program files\nch software\eyeline\eyeline.exe [2009-2-6 425988]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-2-28 32512]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-19 348824]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-28 17:31:22 0 d-----w- c:\docume~1\alluse~1\applic~1\167D
2009-10-28 01:16:49 0 d-----w- c:\docume~1\mrcybe~1\applic~1\BitTorrent
2009-10-28 01:16:36 0 d-----w- c:\program files\BitTorrent
2009-10-26 16:28:58 0 d-----w- c:\program files\Digiarty
2009-10-26 12:50:09 0 d-----w- c:\docume~1\mrcybe~1\applic~1\BearShareTb
2009-10-26 12:50:01 0 d-----w- c:\program files\BearShareTb
2009-10-26 12:44:56 483328 ----a-w- c:\windows\system32\actskn45.ocx
2009-10-26 12:44:41 0 d-----w- c:\program files\BearShare Applications
2009-10-23 22:54:04 0 d-----w- c:\windows\r27
2009-10-23 03:17:57 0 d-----w- C:\50346c9f03cf73c5b2
2009-10-21 01:44:19 12891734 ----a-w- c:\windows\registry.daz
2009-10-20 16:58:00 444 ----a-w- c:\windows\sms.db
2009-10-20 16:58:00 12 ----a-w- c:\windows\sms.bak
2009-10-20 16:56:58 0 d-----w- c:\docume~1\mrcybe~1\applic~1\Cricket
2009-10-20 16:54:50 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2009-10-20 16:54:49 11520 ----a-w- c:\windows\system32\drivers\ATMFFLT.sys
2009-10-20 16:54:48 54656 ----a-w- c:\windows\system32\drivers\ATMFVsp.sys
2009-10-20 16:54:48 54656 ----a-w- c:\windows\system32\drivers\ATMFNVsp.sys
2009-10-20 16:54:48 54656 ----a-w- c:\windows\system32\drivers\ATMFCVsp.sys
2009-10-20 16:54:48 54528 ----a-w- c:\windows\system32\drivers\ATMFMdm.sys
2009-10-20 16:54:48 38528 ----a-w- c:\windows\system32\drivers\ATMFBUS.sys
2009-10-20 16:54:48 103424 ----a-w- c:\windows\system32\drivers\ATMFNET.sys
2009-10-20 16:51:39 0 d-----w- c:\program files\Cricket
2009-10-07 18:41:17 0 d-----w- c:\program files\InCode Solutions
2009-10-03 04:50:12 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 02:19:12 0 d-----w- C:\IObit
2009-10-01 21:49:16 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-01 21:46:48 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-01 21:46:47 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-01 21:46:47 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-01 21:43:32 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-01 06:17:45 0 d-----w- c:\docume~1\mrcybe~1\applic~1\CometNetwork
2009-10-01 06:04:40 12288 ----a-w- c:\windows\system32\drivers\sp_prot.sys
2009-10-01 06:04:25 0 d-----w- c:\program files\System Protect

==================== Find3M ====================

2009-10-26 00:02:01 921632 ----a-w- C:\PA7302.DAT
2009-09-15 03:32:00 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2009-09-13 03:53:34 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 15:45:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2008-11-27 16:34:06 2713 --sh--w- c:\windows\system32\huzomopo.exe
2008-11-28 10:35:36 2713 --sh--w- c:\windows\system32\wahoneza.exe

============= FINISH: 17:55:46.13 ===============

I hope that's enough info to get you started on this problem. Thanks, in advance again.
Oh, I'm attaching the DDS file attach.txt to this post

P.S. Pardon any typos.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:09 PM

Posted 03 November 2009 - 06:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:09 PM

Posted 06 November 2009 - 06:28 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users