Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

am I being hijacked?


  • This topic is locked This topic is locked
22 replies to this topic

#1 adwizard

adwizard

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 07 December 2009 - 01:27 PM

Hi. Just joined. I hope somebody can steer me in the right direction. I have an emachines T4060 windows xp computer. It has been a stellar performer until recently. Here are my problems... no audio, no recognition of Avance Audio in my device manager. My computer cannot find my floppy drive as well. (Yellow exclamation point saying driver installed but cannot find floppy drive.) My computer also freezes every time I click on my user icon when logging on to my computer. Only after numerous rebooting attempts will I able to luck out and log on to my computer. I have run numerous spyware (Spybot S&D, Spyware Terminator, Ad-Aware, Advance System care) and anti-virus programs (Windows live One Care and AVG Anti-virus) over the past several days. I have only ONE anti-virus program on my computer. I have done a hijack this scan. Log below. Can anyone help me determine if I'm being hijacked -- or is it time to restore my operating system and start all over? HiJackThis log below. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:03 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Rebit\bin\RebitSvc.exe
C:\Program Files\Rebit\bin\RebitSysMon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Rebit\bin\RebitTray.exe
C:\Program Files\Rebit\bin\RebitAutoPlay.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Extract Flash Video with Bytescout... - {2A154956-903C-4C89-919E-AEF8FFAE8571} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RebitSvc - Unknown owner - C:\Program Files\Rebit\bin\RebitSvc.exe
O23 - Service: Rebit System Monitor (RebitSysMonSvc) - Unknown owner - C:\Program Files\Rebit\bin\RebitSysMon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10665 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 20 December 2009 - 04:35 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 22 December 2009 - 11:43 PM

Here is the info you requested. I hope I did this right. Issue 1: Audio icon in system tray gone. Cannot find audio hardware Avance Audio in device manager. Sometimes would load when starting computer but eventually "disappeared." When the icon did appear, computer would freeze when trying to play CD music or audio on youtube. Issue 2. Computer would freeze when trying to log on to my user account. Now partially resolved. Issue 3. Computer does not recognize floppy drive in device manager. Yellow triangle with exclamation Point. Latest driver installed but cannot find device. Error Code: 41. I have run numerous spyware and anti-virus programs. Spyware: Ad Aware, Spybot S&D, Spyware Terminator, Super anti-spyware, SpywareBlaster. AVG anti-virus and Windows Live One Care. See scans and logs below as per your instructions. PLEASE NOTE: I am also having temporary internet problems. Cannot log onto internet. I hope to take advantage of this opportunity. Thanks. I look forward to your reply.

Attach Txt Document

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2005 12:10:59 AM
System Uptime: 12/21/2009 9:51:10 AM (6 hours ago)

Motherboard: First International Computer, Inc. | | VG31
Processor: Intel® Pentium® 4 CPU 2.00GHz | Socket 478 | 1992/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 8.228 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 37 GiB total, 21.636 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&33BC18FA&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&33BC18FA&0&0
Service: flpydisk

==== System Restore Points ===================

RP1214: 11/10/2009 1:58:29 PM - Software Distribution Service 3.0
RP1215: 11/10/2009 2:03:40 PM - Software Distribution Service 3.0
RP1216: 11/11/2009 2:39:58 PM - System Checkpoint
RP1217: 11/11/2009 11:07:08 PM - Software Distribution Service 3.0
RP1218: 11/12/2009 2:57:28 PM - Software Distribution Service 3.0
RP1219: 11/13/2009 3:36:21 PM - System Checkpoint
RP1220: 11/14/2009 4:54:11 PM - System Checkpoint
RP1221: 11/15/2009 6:01:56 PM - System Checkpoint
RP1222: 11/16/2009 6:56:22 PM - System Checkpoint
RP1223: 11/17/2009 1:22:21 PM - Software Distribution Service 3.0
RP1224: 11/18/2009 1:24:47 PM - System Checkpoint
RP1225: 11/19/2009 2:02:44 PM - System Checkpoint
RP1226: 11/20/2009 9:19:15 AM - Software Distribution Service 3.0
RP1227: 11/21/2009 11:23:45 AM - System Checkpoint
RP1228: 11/22/2009 11:33:17 AM - System Checkpoint
RP1229: 11/23/2009 2:25:38 PM - System Checkpoint
RP1230: 11/23/2009 6:23:07 PM - Software Distribution Service 3.0
RP1231: 11/24/2009 7:55:08 PM - System Checkpoint
RP1232: 11/25/2009 8:36:13 AM - Software Distribution Service 3.0
RP1233: 11/25/2009 9:37:29 PM - Restore Operation
RP1234: 11/25/2009 9:53:26 PM - Avg8 Update
RP1235: 11/25/2009 11:06:41 PM - Software Distribution Service 3.0
RP1236: 11/26/2009 12:07:23 AM - Restore Operation
RP1237: 11/26/2009 12:23:41 AM - Restore Operation
RP1238: 11/26/2009 12:41:28 AM - Avg8 Update
RP1239: 11/26/2009 9:26:57 AM - Software Distribution Service 3.0
RP1240: 11/26/2009 9:04:01 PM - Software Distribution Service 3.0
RP1241: 11/27/2009 11:12:48 AM - Restore Operation
RP1242: 11/27/2009 11:41:45 AM - Avg8 Update
RP1243: 11/27/2009 11:55:23 AM - Restore Operation
RP1244: 11/27/2009 4:34:58 PM - 1st Restore Point
RP1245: 11/28/2009 12:24:21 AM - Restore Operation
RP1246: 11/28/2009 1:04:28 AM - Restore Operation
RP1247: 11/29/2009 2:34:33 PM - System Checkpoint
RP1248: 11/29/2009 8:33:29 PM - Software Distribution Service 3.0
RP1249: 11/30/2009 7:26:09 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1250: 12/1/2009 1:33:52 AM - Software Distribution Service 3.0
RP1251: 12/2/2009 5:34:19 AM - System Checkpoint
RP1252: 12/3/2009 5:41:38 AM - System Checkpoint
RP1253: 12/3/2009 4:18:02 PM - Software Distribution Service 3.0
RP1254: 12/4/2009 7:18:51 PM - System Checkpoint
RP1255: 12/5/2009 8:01:34 PM - System Checkpoint
RP1256: 12/6/2009 8:15:44 PM - System Checkpoint
RP1257: 12/7/2009 9:13:58 PM - System Checkpoint
RP1258: 12/8/2009 2:05:35 AM - Software Distribution Service 3.0
RP1259: 12/9/2009 3:00:36 AM - Software Distribution Service 3.0
RP1260: 12/9/2009 8:11:06 AM - Avg8 Update
RP1261: 12/10/2009 10:09:47 AM - System Checkpoint
RP1262: 12/10/2009 3:20:13 PM - Software Distribution Service 3.0
RP1263: 12/11/2009 4:00:06 PM - System Checkpoint
RP1264: 12/12/2009 8:40:21 AM - Avg8 Update
RP1265: 12/12/2009 8:42:32 AM - Avg8 Update
RP1266: 12/13/2009 8:56:48 AM - System Checkpoint
RP1267: 12/14/2009 9:19:41 AM - System Checkpoint
RP1268: 12/14/2009 1:31:06 PM - Software Distribution Service 3.0
RP1269: 12/15/2009 1:45:43 PM - System Checkpoint
RP1270: 12/16/2009 2:43:19 PM - System Checkpoint
RP1271: 12/17/2009 3:12:33 PM - System Checkpoint
RP1272: 12/17/2009 9:37:04 PM - Software Distribution Service 3.0
RP1273: 12/18/2009 12:11:28 PM - Removed SUPERAntiSpyware Free Edition
RP1274: 12/18/2009 1:45:16 PM - Installed SUPERAntiSpyware Free Edition
RP1275: 12/19/2009 2:42:00 PM - System Checkpoint
RP1276: 12/20/2009 3:29:19 PM - System Checkpoint
RP1277: 12/21/2009 9:21:47 AM - Avg8 Update

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced SystemCare 3
AI RoboForm (All Users)
AIM 6.0
AMX Mod X Installer 1.60
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
Audacity 1.2.6
AudioMove V1.10
Avance AC'97 Audio
Avanquest update
AVG Free 8.5
AVI Movie Player
Belarc Advisor 7.0
BigFix
Bonjour
CCleaner (remove only)
CMN
Compatibility Pack for the 2007 Office system
Conexant SoftK56 Modem(M)
Counter-Strike: Condition Zero
Critical Update for Windows Media Player 11 (KB959772)
Debut
DVD-CLONER V4.50 Build 922
Express Burn
exPressit S.E. 2.2
FaxTools
ffdshow (remove only)
FlipViewer 2.3
Golden Records Vinyl to CD Converter
Google Earth
Google Toolbar for Internet Explorer
Handbrake 2.4.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ICQ
Intel® Extreme Graphics Driver
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java™ 6 Update 13
Lexmark X1100 Series
LightScribe 1.4.52.1
LimeWire 4.12.11
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash MX
Magic ISO Maker v5.5 (build 0276)
MaxMedia Light 2.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox (3.5.5)
MSN Money Investment Toolbox
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFonts Order M1659146
MyTunes 1.0
NCH Toolbox
Nero Suite
NVIDIA Drivers
PowerDVD
Prism Video Converter
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Rebit v3.0.258.6452
RecordPad Sound Recorder
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
SpeedFan (remove only)
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
Steam
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
System Requirements Lab
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
USB Multimedia Keyboard Driver Ver1.5a
Ventrilo Client
Video Converter 3
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual IP InSight(SBC)
WavePad Uninstall
Web Easy Professional
Web Easy Professional 7
WebFldrs XP
Winamp (remove only)
Windows Backup Utility
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinPcap 3.0
WinZip Self-Extractor
Xfire (remove only)
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/21/2009 9:23:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.
12/18/2009 12:00:30 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
12/18/2009 11:33:46 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 15:42:22.87 on Mon 12/21/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.96 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Rebit\bin\RebitSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Rebit\bin\RebitSysMon.exe
C:\Program Files\Rebit\bin\RebitAutoPlay.exe
C:\Program Files\Rebit\bin\RebitTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.emachines.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page =
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipviewer\fplaunch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2A154956-903C-4C89-919E-AEF8FFAE8571} - c:\program files\bytescout movies extractor scout\flashextract_ie.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE}
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE}
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\rastjumk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\rastjumk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-5-15 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-12 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 RebitSvc;RebitSvc;c:\program files\rebit\bin\RebitSvc.exe [2009-11-28 1817088]
R2 RebitSysMonSvc;Rebit System Monitor;c:\program files\rebit\bin\RebitSysMon.exe [2009-11-28 161784]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 oflpydin;oflpydin;\??\c:\docume~1\michael\locals~1\temp\oflpydin.sys --> c:\docume~1\michael\locals~1\temp\oflpydin.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2009-12-16 21:29:44 12288 --sha-w- c:\windows\Thumbs.db
2009-12-16 21:29:40 6144 --sha-w- c:\windows\system32\Thumbs.db
2009-11-29 18:57:45 0 d-----w- c:\docume~1\mike\applic~1\AVG8
2009-11-29 18:17:57 0 d-----w- c:\program files\Trend Micro
2009-11-28 18:51:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 18:00:29 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 17:46:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 07:06:19 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-27 18:02:20 0 d-----w- c:\program files\Avance Sound Manager
2009-11-27 15:34:05 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-11-27 15:34:05 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2009-11-27 01:47:22 141016 ------w- c:\windows\system32\alsndmgr.wav
2009-11-26 17:25:55 0 d-----w- c:\docume~1\mike\applic~1\Uniblue

==================== Find3M ====================

2009-11-09 17:39:25 352256 ----a-w- c:\windows\system32\rbvss.exe
2009-11-04 20:05:53 52088 ----a-w- c:\docume~1\mike\applic~1\GDIPFONTCACHEV1.DAT
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-05-03 21:52:51 36465208 ------w- c:\program files\iTunesSetup.exe
2006-05-03 21:43:58 21249848 ------w- c:\program files\QuickTimeInstaller.exe
2005-12-08 23:39:44 7380195 ------w- c:\program files\amxmodx-installer-1.60.exe
2005-09-04 00:50:57 353888 ------w- c:\program files\LimeWireWin.exe
2008-03-30 16:01:56 56 --sh--r- c:\windows\system32\046D029169.sys
2008-03-30 16:01:56 10022 --sh--w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:43:26.70 ===============


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:21 PM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Rebit\bin\RebitSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Rebit\bin\RebitSysMon.exe
C:\Program Files\Rebit\bin\RebitTray.exe
C:\Program Files\Rebit\bin\RebitAutoPlay.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Extract Flash Video with Bytescout... - {2A154956-903C-4C89-919E-AEF8FFAE8571} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} -
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RebitSvc - Unknown owner - C:\Program Files\Rebit\bin\RebitSvc.exe
O23 - Service: Rebit System Monitor (RebitSysMonSvc) - Unknown owner - C:\Program Files\Rebit\bin\RebitSysMon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10633 bytes

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 23 December 2009 - 07:36 AM

Hi,

First of all, you are low on disk space with only 8 GB free space. I would recommend you to free up space by uninstalling unused programs and moving data to your other fixed drive. If you need help with this, just let me know :(

Your audio software shows in the logs (Avans AC'97 Audio).

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 24 December 2009 - 11:34 AM

Hi. I thought I would doublecheck before proceeding. 1. As per your request, I downloaded ComboFix. I also downloaded the Setup boot disk version for Windows XP SP2 as per your request. (WindowsXP-KB310994-SP2-Home-BootDisk-ENU) Question... are you asking that I drag the Setup boot disk "setup" onto the ComboFix icon? Do I need to open up the "Setup" file and run it? Lastly, it says on the Windows download site that the "Setup boot version" should be used if all the following conditions are true:

* You are installing a new, full retail version of Windows XP.

Note An upgrade installation of Windows XP does not require the Setup disks.
* You have a working CD drive, but you cannot start your computer from your CD-ROM.
* You can start your computer from a floppy disk drive.

Keep in mind that I cannot start up my computer from a floppy drive. It doesn't work, or at least I can't get it to work. Please let me know if still ok to proceed. Thanks

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 24 December 2009 - 12:23 PM

are you asking that I drag the Setup boot disk "setup" onto the ComboFix icon?

Yes, thats what you need to do, no worries, no floppies needed here :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 24 December 2009 - 02:03 PM

FYI: For what it's worth...My computer did not automatically shut down after combofix did its scan... I was away when the screen went to black and after some time I decided to perform a forced shutdown. When it rebooted it said something like WindowsSystem 32 driver not found and then quickly launched into preparing the log file report. The log file is as follows:




ComboFix 09-12-23.06 - Mike 12/24/2009 12:04:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.332 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Thomas\My Documents\java.exe
c:\program files\Rebit\bin\pcgw32.dll
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\recycler\S-1-5-21-1275210071-1220945662-725345543-1003
c:\windows\Downloaded Program Files\Temp
c:\windows\EventSystem.log
c:\windows\patch.exe
c:\windows\system32\crosof~1.net
c:\windows\system32\curity~1
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ecurit~1
c:\windows\system32\fnts~1
c:\windows\system32\mbols~1
c:\windows\system32\Packet.dll
c:\windows\system32\ppatch~1
c:\windows\system32\pppatc~1
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sembly~1
c:\windows\system32\sfxzmtwbmail.dll
c:\windows\system32\sks~1
c:\windows\system32\stem~1
c:\windows\system32\stem32~1
c:\windows\system32\wnsxs~1
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-23 17:50 . 2009-12-23 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\Avance Sound Manager
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\AvRack
2009-12-23 17:36 . 2002-04-10 00:36 305100 ------w- c:\windows\system32\drivers\alcxwdm.sys
2009-12-23 17:36 . 2002-04-23 19:12 208896 ------w- c:\windows\alcupd.exe
2009-12-23 17:36 . 2002-04-23 18:13 135168 ------w- c:\windows\alcrmv.exe
2009-12-23 17:36 . 2002-02-05 22:05 46592 ------w- c:\windows\soundman.exe
2009-12-23 03:34 . 2009-12-23 03:34 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\PCHealth
2009-11-29 18:57 . 2009-11-29 18:57 -------- d-----w- c:\documents and settings\Mike\Application Data\AVG8
2009-11-29 18:17 . 2009-11-29 18:17 -------- d-----w- c:\program files\Trend Micro
2009-11-28 18:51 . 2009-11-28 18:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 17:46 . 2009-11-28 17:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 07:06 . 2009-11-28 07:06 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 15:34 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-11-27 15:34 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2009-11-26 17:25 . 2009-11-26 17:25 -------- d-----w- c:\documents and settings\Mike\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:36 . 2002-10-02 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Real
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Common Files\Real
2009-12-23 03:42 . 2007-01-02 20:14 -------- d-----w- c:\program files\Dvd-cloner
2009-12-21 13:47 . 2009-12-18 19:46 52224 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 18:15 . 2009-11-28 18:00 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 18:15 . 2009-11-28 18:00 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 18:15 . 2009-11-28 18:00 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 18:15 . 2009-11-28 18:00 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 18:14 . 2009-11-28 18:00 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 18:14 . 2009-11-28 18:00 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 18:06 . 2009-11-28 17:59 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-19 18:04 . 2009-11-28 17:59 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 18:04 . 2009-11-28 17:58 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 18:03 . 2009-11-28 17:58 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 18:03 . 2009-11-28 17:58 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 18:02 . 2009-11-28 17:58 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 18:02 . 2009-11-28 17:58 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 19:46 . 2009-12-18 19:46 117760 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2009-12-18 19:44 . 2005-07-24 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 18:26 . 2009-11-17 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 18:14 . 2007-07-12 16:24 -------- d-----w- c:\documents and settings\Mike\Application Data\Spyware Terminator
2009-12-18 18:13 . 2008-05-16 12:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-18 18:13 . 2008-05-16 12:14 -------- d-----w- c:\program files\SpywareBlaster
2009-12-16 20:57 . 2006-09-18 17:11 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-12-12 14:41 . 2009-12-12 14:42 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-30 04:26 . 2007-06-26 21:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-29 19:44 . 2005-05-02 18:23 -------- d-----w- c:\program files\Yahoo!
2009-11-29 19:18 . 2009-01-23 23:02 -------- d-----w- c:\program files\AVG
2009-11-29 19:17 . 2009-01-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-28 18:00 . 2009-11-28 18:00 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-28 18:00 . 2009-11-28 18:00 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-28 18:00 . 2009-11-28 18:00 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-28 18:00 . 2009-11-28 18:00 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-28 18:00 . 2009-11-28 18:00 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-28 18:00 . 2009-11-28 18:00 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-28 18:00 . 2009-11-28 18:00 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-28 17:59 . 2009-11-28 17:59 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-28 17:59 . 2009-11-28 17:59 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-28 17:59 . 2009-11-28 17:59 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 07:20 . 2009-11-09 17:38 -------- d-----w- c:\program files\Rebit
2009-11-28 06:25 . 2009-06-16 23:23 -------- d-----w- c:\documents and settings\Mike\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\DNA
2009-11-27 23:18 . 2009-06-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-27 23:18 . 2008-03-22 06:33 -------- d-----w- c:\documents and settings\Hal\Application Data\Ventrilo
2009-11-27 23:18 . 2005-07-08 22:53 -------- d-----w- c:\documents and settings\Russell\Application Data\Ventrilo
2009-11-27 23:17 . 2007-01-25 04:17 -------- d-----w- c:\program files\AIM6
2009-11-27 23:17 . 2005-09-04 00:52 -------- d-----w- c:\program files\LimeWire
2009-11-27 23:17 . 2005-07-17 00:54 -------- d-s---w- c:\program files\Xfire
2009-11-27 23:17 . 2005-05-02 16:40 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-11-27 23:17 . 2002-10-02 16:43 -------- d-----w- c:\program files\ICQ
2009-11-27 23:17 . 2002-10-02 16:42 -------- d-----w- c:\program files\aim
2009-11-27 23:17 . 2002-10-02 02:31 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 18:03 . 2005-05-02 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 17:59 . 2007-05-25 23:01 -------- d-----w- c:\documents and settings\Mike\Application Data\NCH Swift Sound
2009-11-27 17:27 . 2006-03-11 22:26 -------- d-----w- c:\program files\NCH Swift Sound
2009-11-27 17:26 . 2005-05-02 18:36 -------- d-----w- c:\program files\Common Files\Motive
2009-11-27 17:16 . 2002-10-02 16:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-26 18:27 . 2006-10-28 23:37 -------- d-----w- c:\program files\CCleaner
2009-11-26 06:41 . 2009-12-12 14:42 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-26 06:40 . 2009-12-12 14:42 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-25 20:20 . 2008-01-19 15:51 52088 ----a-w- c:\documents and settings\Hal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 19:11 . 2006-03-14 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-11-13 19:29 . 2007-05-27 18:40 52088 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 02:36 . 2007-06-27 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-11-09 17:39 . 2009-11-09 17:39 352256 ----a-w- c:\windows\system32\rbvss.exe
2009-11-09 17:39 . 2009-11-09 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PliE6QGS
2009-11-03 02:42 . 2009-10-05 04:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 05:38 . 2005-02-18 21:19 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-05-02 05:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2005-05-02 05:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2005-05-02 05:51 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2002-10-02 00:53 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-10-02 00:53 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-10-02 00:53 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-28 17:46 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2006-05-03 21:52 . 2006-05-03 21:52 36465208 ------w- c:\program files\iTunesSetup.exe
2006-05-03 21:43 . 2006-05-03 21:43 21249848 ------w- c:\program files\QuickTimeInstaller.exe
2005-12-08 23:39 . 2005-12-08 23:39 7380195 ------w- c:\program files\amxmodx-installer-1.60.exe
2005-09-04 00:50 . 2005-09-04 00:50 353888 ------w- c:\program files\LimeWireWin.exe
2008-03-30 16:01 . 2008-03-30 04:01 56 --sh--r- c:\windows\system32\046D029169.sys
2008-03-30 16:01 . 2008-03-30 04:01 10022 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2006-08-12 1519616]
"SoundMan"="soundman.exe" [2002-02-05 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 15:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoTrace
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpokeSysTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Usrr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- f:\program files\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- f:\program files\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 19:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ------w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 14:41 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-13 19:14 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-08-02 18:01 473600 ------w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 15:31 126976 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 15:36 155648 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-01-27 17:17 1381376 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
2003-06-11 06:52 380928 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
2003-06-11 06:52 122880 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 10:43 57344 ------w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-08-09 18:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-12 08:50 4112384 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-07-12 08:50 81920 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
2003-12-30 09:44 24576 ------r- c:\windows\system32\NVRTClk\NVRTClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-12 02:43 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 21:09 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2006-09-12 15:18 144448 ------w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-02-05 22:05 46592 ------w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-05-15 22:35 1817600 ------w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-16 22:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-20 03:30 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 16:43 407032 ------w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Condition Zero\\czero.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\condition zero\\hl.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero\\hl.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero deleted scenes\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Mike\\My Documents\\Russell\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\WebEasy.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\vcomFtp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2009 9:28 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/10/2009 9:28 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/15/2008 4:33 PM 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/12/2009 10:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/12/2009 10:14 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328]
R2 RebitSvc;RebitSvc;c:\program files\Rebit\bin\RebitSvc.exe [11/28/2009 1:20 AM 1817088]
R2 RebitSysMonSvc;Rebit System Monitor;c:\program files\Rebit\bin\RebitSysMon.exe [11/28/2009 1:20 AM 161784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 oflpydin;oflpydin;\??\c:\docume~1\Michael\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\Michael\LOCALS~1\Temp\oflpydin.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{2A154956-903C-4C89-919E-AEF8FFAE8571} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-strtas - lockx.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 12:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RebitSvc]
"ImagePath"="c:\program files\Rebit\bin\RebitSvc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Rebit\bin\RebitTray.exe
c:\program files\Rebit\bin\RebitAutoPlay.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-24 12:47:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-24 18:47

Pre-Run: 8,563,281,920 bytes free
Post-Run: 9,235,152,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - B362D1A3C65DEF277DF1ED924919BA5F

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 24 December 2009 - 03:56 PM

Hello adwizard,

First of all a question. Do you know what this is? SBC Yahoo! Online Protection

I have the impression its just a leftover, but before removing anything, I wanted to doublecheck with you.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Driver::
oflpydin

DDS::
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • Combofix.txt
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 December 2009 - 01:40 PM

UPDATE: (In response to your questions and/or concerns): First, I believe SBC (Now AT&T) Yahoo Online Protection is a leftover file or item from a previous time. It may be a link to AT&T Yahoo whereby I can download a free anti-virus program offered through my DSL service. Two: I have not thinned out the amount of data on my computer, however, I will certainly try in the days ahead. I'm not sure how to do this, yet. In any event, included are the logs/reports you requested: (ComboFix.txt and MBAM log) Thanks.

ComboFix 09-12-23.06 - Mike 12/26/2009 9:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.226 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin


((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-23 17:50 . 2009-12-23 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-11-29 18:57 . 2009-11-29 18:57 -------- d-----w- c:\documents and settings\Mike\Application Data\AVG8
2009-11-28 17:46 . 2009-11-28 17:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-26 17:25 . 2009-11-26 17:25 -------- d-----w- c:\documents and settings\Mike\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\Avance Sound Manager
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\AvRack
2009-12-23 17:36 . 2002-10-02 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Real
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Common Files\Real
2009-12-23 03:42 . 2007-01-02 20:14 -------- d-----w- c:\program files\Dvd-cloner
2009-12-21 13:47 . 2009-12-18 19:46 52224 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-19 18:15 . 2009-11-28 18:00 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 18:15 . 2009-11-28 18:00 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 18:15 . 2009-11-28 18:00 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 18:15 . 2009-11-28 18:00 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 18:14 . 2009-11-28 18:00 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 18:14 . 2009-11-28 18:00 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 18:06 . 2009-11-28 17:59 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-19 18:04 . 2009-11-28 17:59 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 18:04 . 2009-11-28 17:58 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 18:03 . 2009-11-28 17:58 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 18:03 . 2009-11-28 17:58 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 18:02 . 2009-11-28 17:58 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 18:02 . 2009-11-28 17:58 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 19:46 . 2009-12-18 19:46 117760 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2009-12-18 19:44 . 2005-07-24 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 18:26 . 2009-11-17 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 18:14 . 2007-07-12 16:24 -------- d-----w- c:\documents and settings\Mike\Application Data\Spyware Terminator
2009-12-18 18:13 . 2008-05-16 12:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-18 18:13 . 2008-05-16 12:14 -------- d-----w- c:\program files\SpywareBlaster
2009-12-16 20:57 . 2006-09-18 17:11 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-12-12 14:41 . 2009-12-12 14:42 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-30 04:26 . 2007-06-26 21:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-29 19:44 . 2005-05-02 18:23 -------- d-----w- c:\program files\Yahoo!
2009-11-29 19:18 . 2009-01-23 23:02 -------- d-----w- c:\program files\AVG
2009-11-29 19:17 . 2009-01-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-29 18:17 . 2009-11-29 18:17 -------- d-----w- c:\program files\Trend Micro
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-28 18:00 . 2009-11-28 18:00 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-28 18:00 . 2009-11-28 18:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 18:00 . 2009-11-28 18:00 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-28 18:00 . 2009-11-28 18:00 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-28 18:00 . 2009-11-28 18:00 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-28 18:00 . 2009-11-28 18:00 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-28 18:00 . 2009-11-28 18:00 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-28 18:00 . 2009-11-28 18:00 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-28 17:59 . 2009-11-28 17:59 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-28 17:59 . 2009-11-28 17:59 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-28 17:59 . 2009-11-28 17:59 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 07:20 . 2009-11-09 17:38 -------- d-----w- c:\program files\Rebit
2009-11-28 06:25 . 2009-06-16 23:23 -------- d-----w- c:\documents and settings\Mike\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\DNA
2009-11-27 23:18 . 2009-06-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-27 23:18 . 2008-03-22 06:33 -------- d-----w- c:\documents and settings\Hal\Application Data\Ventrilo
2009-11-27 23:18 . 2005-07-08 22:53 -------- d-----w- c:\documents and settings\Russell\Application Data\Ventrilo
2009-11-27 23:17 . 2007-01-25 04:17 -------- d-----w- c:\program files\AIM6
2009-11-27 23:17 . 2005-09-04 00:52 -------- d-----w- c:\program files\LimeWire
2009-11-27 23:17 . 2005-07-17 00:54 -------- d-s---w- c:\program files\Xfire
2009-11-27 23:17 . 2005-05-02 16:40 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-11-27 23:17 . 2002-10-02 16:43 -------- d-----w- c:\program files\ICQ
2009-11-27 23:17 . 2002-10-02 16:42 -------- d-----w- c:\program files\aim
2009-11-27 23:17 . 2002-10-02 02:31 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 18:03 . 2005-05-02 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 17:59 . 2007-05-25 23:01 -------- d-----w- c:\documents and settings\Mike\Application Data\NCH Swift Sound
2009-11-27 17:27 . 2006-03-11 22:26 -------- d-----w- c:\program files\NCH Swift Sound
2009-11-27 17:26 . 2005-05-02 18:36 -------- d-----w- c:\program files\Common Files\Motive
2009-11-27 17:16 . 2002-10-02 16:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-26 18:27 . 2006-10-28 23:37 -------- d-----w- c:\program files\CCleaner
2009-11-25 20:20 . 2008-01-19 15:51 52088 ----a-w- c:\documents and settings\Hal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 19:11 . 2006-03-14 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-11-13 19:29 . 2007-05-27 18:40 52088 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 02:36 . 2007-06-27 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-11-09 17:39 . 2009-11-09 17:39 352256 ----a-w- c:\windows\system32\rbvss.exe
2009-11-09 17:39 . 2009-11-09 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PliE6QGS
2009-11-03 02:42 . 2009-10-05 04:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 05:38 . 2005-02-18 21:19 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-05-02 05:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2005-05-02 05:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2005-05-02 05:51 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2002-10-02 00:53 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-10-02 00:53 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-10-02 00:53 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-28 17:46 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2006-05-03 21:52 . 2006-05-03 21:52 36465208 ------w- c:\program files\iTunesSetup.exe
2006-05-03 21:43 . 2006-05-03 21:43 21249848 ------w- c:\program files\QuickTimeInstaller.exe
2005-12-08 23:39 . 2005-12-08 23:39 7380195 ------w- c:\program files\amxmodx-installer-1.60.exe
2005-09-04 00:50 . 2005-09-04 00:50 353888 ------w- c:\program files\LimeWireWin.exe
2008-03-30 16:01 . 2008-03-30 04:01 56 --sh--r- c:\windows\system32\046D029169.sys
2008-03-30 16:01 . 2008-03-30 04:01 10022 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2006-08-12 1519616]
"SoundMan"="soundman.exe" [2002-02-05 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 15:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- f:\program files\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- f:\program files\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 19:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ------w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 14:41 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-13 19:14 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-08-02 18:01 473600 ------w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 15:31 126976 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 15:36 155648 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-01-27 17:17 1381376 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
2003-06-11 06:52 380928 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
2003-06-11 06:52 122880 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 10:43 57344 ------w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-08-09 18:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-12 08:50 4112384 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-07-12 08:50 81920 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
2003-12-30 09:44 24576 ------r- c:\windows\system32\NVRTClk\NVRTClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-12 02:43 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 21:09 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2006-09-12 15:18 144448 ------w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-02-05 22:05 46592 ------w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-05-15 22:35 1817600 ------w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-16 22:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-20 03:30 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 16:43 407032 ------w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Condition Zero\\czero.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\condition zero\\hl.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero\\hl.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero deleted scenes\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Mike\\My Documents\\Russell\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\WebEasy.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\vcomFtp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2009 9:28 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/10/2009 9:28 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/15/2008 4:33 PM 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/12/2009 10:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/12/2009 10:14 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328]
R2 RebitSvc;RebitSvc;c:\program files\Rebit\bin\RebitSvc.exe [11/28/2009 1:20 AM 1817088]
R2 RebitSysMonSvc;Rebit System Monitor;c:\program files\Rebit\bin\RebitSysMon.exe [11/28/2009 1:20 AM 161784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{2A154956-903C-4C89-919E-AEF8FFAE8571} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 09:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RebitSvc]
"ImagePath"="c:\program files\Rebit\bin\RebitSvc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Rebit\bin\RebitTray.exe
c:\program files\Rebit\bin\RebitAutoPlay.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-26 10:05:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-26 16:05
ComboFix2.txt 2009-12-24 18:47

Pre-Run: 9,133,723,648 bytes free
Post-Run: 9,108,525,056 bytes free

- - End Of File - - 41A714F3EE32EAC6382CD09EE75A75E7



Malwarebytes' Anti-Malware 1.42
Database version: 3434
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/26/2009 12:13:56 PM
mbam-log-2009-12-26 (12-13-56).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 291749
Time elapsed: 1 hour(s), 43 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Mike\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\QuarantineW\2009-04-17 11-29-320 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\QuarantineW\2009-04-17 11-30-230 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{3B9C8DC5-8289-4507-B0C9-5F1F0350373E}\RP1255\A0238544.exe (Rogue.RegistryEasy) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{3B9C8DC5-8289-4507-B0C9-5F1F0350373E}\RP1239\A0188954.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{3B9C8DC5-8289-4507-B0C9-5F1F0350373E}\RP1243\A0194293.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Logs\2009-04-17 11-24-040.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\QuarantineW\2009-04-17 11-29-320\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\QuarantineW\2009-04-17 11-30-230\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 26 December 2009 - 01:52 PM

Hello adwizard,

I included TFC in this fix, this will clean out all temporary files on your system and will free up some space. If you need more help freeing up space, just let me know :(

How are the sound issues now? What other problems do you have?

TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
SecCenter::
{17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 December 2009 - 05:05 PM

Hi... I'm back. I have performed the actions you requested. See latest ComboFix.txt below. Now onto issues... I continue to have no sound or "speaker" icon that appears in my system tray after start-up. Two: My computer runs slow... Although I understand that the TFC scan said it would make my computer run slow after first reboot... it continues to run slow after numerous reboots. Three: My computer will not perform an automatic restart when logging out of the computer. I have to do a force shutdown to turn it off. I have noticed that the C drive and the D(DVD) drive continue to remain lit during the shutdown process. Lastly, can we recap and go over what I've accomplished so far... have I rid my computer of malware? Did I have a bad case of malware? What exactly did we accomplish so far? Thanks - your help is very much appreciated.

ComboFix 09-12-23.06 - Mike 12/26/2009 13:25:53.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.279 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 16:17 . 2009-12-26 16:17 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2009-12-26 16:17 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 16:17 . 2009-12-26 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 16:17 . 2009-12-26 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 16:17 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 17:50 . 2009-12-23 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\Avance Sound Manager
2009-12-23 17:36 . 2009-12-23 17:36 -------- d-----w- c:\program files\AvRack
2009-12-23 17:36 . 2002-04-10 00:36 305100 ------w- c:\windows\system32\drivers\alcxwdm.sys
2009-12-23 17:36 . 2002-04-23 19:12 208896 ------w- c:\windows\alcupd.exe
2009-12-23 17:36 . 2002-04-23 18:13 135168 ------w- c:\windows\alcrmv.exe
2009-12-23 17:36 . 2002-02-05 22:05 46592 ------w- c:\windows\soundman.exe
2009-12-23 03:34 . 2009-12-23 03:34 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\PCHealth
2009-12-18 19:46 . 2009-12-21 13:47 52224 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-18 19:46 . 2009-12-18 19:46 117760 ----a-w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-12 14:42 . 2009-12-12 14:41 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-29 18:57 . 2009-11-29 18:57 -------- d-----w- c:\documents and settings\Mike\Application Data\AVG8
2009-11-29 18:17 . 2009-11-29 18:17 -------- d-----w- c:\program files\Trend Micro
2009-11-28 18:51 . 2009-11-28 18:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-28 17:59 . 2009-12-19 18:06 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-28 17:59 . 2009-11-28 17:59 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-28 17:59 . 2009-11-28 17:59 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-28 17:59 . 2009-12-19 18:04 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-28 17:59 . 2009-11-28 17:59 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 17:58 . 2009-12-19 18:04 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-28 17:58 . 2009-12-19 18:03 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-28 17:58 . 2009-12-19 18:03 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-28 17:58 . 2009-12-19 18:02 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-28 17:58 . 2009-12-19 18:02 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-28 17:46 . 2009-11-28 17:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 17:46 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-28 07:06 . 2009-11-28 07:06 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 15:34 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-11-27 15:34 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:36 . 2002-10-02 02:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Real
2009-12-23 16:43 . 2002-10-02 02:24 -------- d-----w- c:\program files\Common Files\Real
2009-12-23 03:42 . 2007-01-02 20:14 -------- d-----w- c:\program files\Dvd-cloner
2009-12-19 18:15 . 2009-11-28 18:00 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 18:15 . 2009-11-28 18:00 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 18:15 . 2009-11-28 18:00 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 18:15 . 2009-11-28 18:00 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 18:14 . 2009-11-28 18:00 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 18:14 . 2009-11-28 18:00 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 19:45 . 2007-07-02 16:06 -------- d-----w- c:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2009-12-18 19:44 . 2005-07-24 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 18:26 . 2009-11-17 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 18:14 . 2007-07-12 16:24 -------- d-----w- c:\documents and settings\Mike\Application Data\Spyware Terminator
2009-12-18 18:13 . 2008-05-16 12:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-18 18:13 . 2008-05-16 12:14 -------- d-----w- c:\program files\SpywareBlaster
2009-12-16 20:57 . 2006-09-18 17:11 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-11-30 04:26 . 2007-06-26 21:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-29 19:44 . 2005-05-02 18:23 -------- d-----w- c:\program files\Yahoo!
2009-11-29 19:18 . 2009-01-23 23:02 -------- d-----w- c:\program files\AVG
2009-11-29 19:17 . 2009-01-23 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 18:00 . 2009-11-28 18:00 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-28 18:00 . 2009-11-28 18:00 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-28 18:00 . 2009-11-28 18:00 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-28 18:00 . 2009-11-28 18:00 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-28 18:00 . 2009-11-28 18:00 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-28 18:00 . 2009-11-28 18:00 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-28 18:00 . 2009-11-28 18:00 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-28 18:00 . 2009-11-28 18:00 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-28 07:20 . 2009-11-09 17:38 -------- d-----w- c:\program files\Rebit
2009-11-28 06:25 . 2009-06-16 23:23 -------- d-----w- c:\documents and settings\Mike\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\BitTorrent
2009-11-28 06:25 . 2009-06-13 19:14 -------- d-----w- c:\documents and settings\Hal\Application Data\DNA
2009-11-27 23:18 . 2009-06-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-27 23:18 . 2008-03-22 06:33 -------- d-----w- c:\documents and settings\Hal\Application Data\Ventrilo
2009-11-27 23:18 . 2005-07-08 22:53 -------- d-----w- c:\documents and settings\Russell\Application Data\Ventrilo
2009-11-27 23:17 . 2007-01-25 04:17 -------- d-----w- c:\program files\AIM6
2009-11-27 23:17 . 2005-09-04 00:52 -------- d-----w- c:\program files\LimeWire
2009-11-27 23:17 . 2005-07-17 00:54 -------- d-s---w- c:\program files\Xfire
2009-11-27 23:17 . 2005-05-02 16:40 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-11-27 23:17 . 2002-10-02 16:43 -------- d-----w- c:\program files\ICQ
2009-11-27 23:17 . 2002-10-02 16:42 -------- d-----w- c:\program files\aim
2009-11-27 23:17 . 2002-10-02 02:31 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 18:03 . 2005-05-02 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-27 17:59 . 2007-05-25 23:01 -------- d-----w- c:\documents and settings\Mike\Application Data\NCH Swift Sound
2009-11-27 17:27 . 2006-03-11 22:26 -------- d-----w- c:\program files\NCH Swift Sound
2009-11-27 17:26 . 2005-05-02 18:36 -------- d-----w- c:\program files\Common Files\Motive
2009-11-27 17:16 . 2002-10-02 16:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-26 18:27 . 2006-10-28 23:37 -------- d-----w- c:\program files\CCleaner
2009-11-26 17:25 . 2009-11-26 17:25 -------- d-----w- c:\documents and settings\Mike\Application Data\Uniblue
2009-11-25 20:20 . 2008-01-19 15:51 52088 ----a-w- c:\documents and settings\Hal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 19:11 . 2006-03-14 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-11-13 19:29 . 2007-05-27 18:40 52088 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 02:36 . 2007-06-27 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-11-09 17:39 . 2009-11-09 17:39 352256 ----a-w- c:\windows\system32\rbvss.exe
2009-11-09 17:39 . 2009-11-09 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PliE6QGS
2009-11-03 02:42 . 2009-10-05 04:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 05:38 . 2005-02-18 21:19 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-05-02 05:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2005-05-02 05:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2005-05-02 05:51 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2002-10-02 00:53 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-10-02 00:53 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-10-02 00:53 79872 ----a-w- c:\windows\system32\raschap.dll
2006-05-03 21:52 . 2006-05-03 21:52 36465208 ------w- c:\program files\iTunesSetup.exe
2006-05-03 21:43 . 2006-05-03 21:43 21249848 ------w- c:\program files\QuickTimeInstaller.exe
2005-12-08 23:39 . 2005-12-08 23:39 7380195 ------w- c:\program files\amxmodx-installer-1.60.exe
2005-09-04 00:50 . 2005-09-04 00:50 353888 ------w- c:\program files\LimeWireWin.exe
2008-03-30 16:01 . 2008-03-30 04:01 56 --sh--r- c:\windows\system32\046D029169.sys
2008-03-30 16:01 . 2008-03-30 04:01 10022 --sh--w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2006-08-12 1519616]
"SoundMan"="soundman.exe" [2002-02-05 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 15:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- f:\program files\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- f:\program files\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 04:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 19:51 2335880 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ------w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 14:41 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-13 19:14 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2002-08-02 18:01 473600 ------w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 15:31 126976 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 15:36 155648 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-01-27 17:17 1381376 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
2003-06-11 06:52 380928 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
2003-06-11 06:52 122880 ------w- c:\program files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 10:43 57344 ------w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-08-09 18:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-12 08:50 4112384 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-07-12 08:50 81920 ----a-r- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
2003-12-30 09:44 24576 ------r- c:\windows\system32\NVRTClk\NVRTClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-12 02:43 1519616 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 21:09 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2006-09-12 15:18 144448 ------w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2002-02-05 22:05 46592 ------w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-05-15 22:35 1817600 ------w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-16 22:26 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-20 03:30 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 16:43 407032 ------w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Condition Zero\\czero.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\condition zero\\hl.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\assasin333\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero\\hl.exe"=
"c:\\Program Files\\aim\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mustardman123\\condition zero deleted scenes\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Mike\\My Documents\\Russell\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\WebEasy.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Avanquest\\Web Easy Professional 7\\vcomFtp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2009 9:28 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/10/2009 9:28 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5/15/2008 4:33 PM 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/12/2009 10:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/12/2009 10:14 AM 297752]
R2 RebitSvc;RebitSvc;c:\program files\Rebit\bin\RebitSvc.exe [11/28/2009 1:20 AM 1817088]
R2 RebitSysMonSvc;Rebit System Monitor;c:\program files\Rebit\bin\RebitSysMon.exe [11/28/2009 1:20 AM 161784]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{2A154956-903C-4C89-919E-AEF8FFAE8571} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\rastjumk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RebitSvc]
"ImagePath"="c:\program files\Rebit\bin\RebitSvc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-26 13:41:44
ComboFix-quarantined-files.txt 2009-12-26 19:41
ComboFix2.txt 2009-12-26 16:05
ComboFix3.txt 2009-12-24 18:47

Pre-Run: 9,225,740,288 bytes free
Post-Run: 9,191,923,712 bytes free

- - End Of File - - 0706F73EE0A515626709C48D834DCF4F

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 27 December 2009 - 05:43 AM

Hello adwizard,

Being low on diskspace can also slow down your computer. At the moment I see no active malware anymore, but we are going to check some more.

First about the sound issue....

Click Start > Run, type mmsys.cpl in the run box and press enter.

Let me know what is on the first tab. Is the audio device recognized? Is Mute unchecked?


UNINSTALL PROGRAMS
--------------------------------
The following programs can be uninstalled safely, you really don't need them. If there are more programs in the list you know you don't use, you can uninstall them as well. Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
Ad-Aware
Spybot - Search & Destroy
Spyware Terminator
Viewpoint Manager (Remove Only)
Viewpoint Media Player

If you are unsure of how to use Add or Remove Programs, then please see this tutorial:
How To Remove An Installed Program From Your Computer


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 27 December 2009 - 04:11 PM

Hi... When I ran mmsys.cpl in the run box, it came up... No Audio Device... mute box is unchecked... all greyed out. Also below are the results of the ESET Online Scan.

C:\Program Files\aim\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{3B9C8DC5-8289-4507-B0C9-5F1F0350373E}\RP1287\A0244716.EXE Win32/Adware.WBug.A application deleted - quarantined

Please advise. Thanks.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:12 PM

Posted 27 December 2009 - 04:13 PM

I have a feeling an uninstall and re-install of Avans AC'97 Audio would fix the issue. Do you have the drivers on CD?

If so, uninstall using add/remove programs, reboot and re-install.

If not, please post me the specs (model/make/number) of your computer and I will have a look for the driver you need. :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 adwizard

adwizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 27 December 2009 - 08:41 PM

I have tried to uninstall and reinstall the audio drivers from my emachines Restore CD but to no avail... There is no Avance AC97 audio driver showing up in my device manager. In legacy audio it says there is no AC97 audio driver. Maybe it's a hardware issue? My computer is an emachines T4060 windows xp. In any event my computer will no longer start properly.... it comes on and the C drive and DVD drive just stay lit and nothing starts. The screen stays black. It's only after turning it off and waiting a half hour that I can restart my computer. I'm getting extremely nervous about this and think it may be best to do an entire system restore. What you think? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users