Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP infected with my security wall and antivirus suite


  • This topic is locked This topic is locked
15 replies to this topic

#1 huskermule

huskermule

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 02 April 2010 - 11:06 PM

Pleas help. I have been infected with my security wall and antivirus suite. I can not get rid of them. Have run spybot, malwarbytes, superantispywar, and others. None of them seem to help.

I can't seem to stay connected to internet for more that 10 minutes and then it won't work. I'm guessing its something to do with a virus. I have to reboot and then internet works for like 10 minutes again.


Posting hjt log.

Thanks in advance for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:50 PM, on 4/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ghpxwxtc] C:\Documents and Settings\Nicole\Local Settings\Application Data\ugwuiiefi\ipvkfabtssd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www5.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205292681515
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5254 bytes

Edited by Orange Blossom, 02 April 2010 - 11:27 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 03 April 2010 - 12:49 AM

Ok im going out of my mind. I can not figure this virus out. It is totally jacking up my computer.

PLEASE HELP ME>

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 03 April 2010 - 02:05 AM.


#3 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 06 April 2010 - 03:33 PM

Hello, huskermule.

If you still require help for this issue, please follow the steps here

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Post the logs from DDS and gmer rootkit scanner, and we'll go from there. HijackThis is simply not detailed enough for today's infections.
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#4 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 08 April 2010 - 11:06 PM

thanks, here are the logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Cole at 21:28:04.03 on Thu 04/08/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.158 [GMT -5:00]

AV: My Security Wall *On-access scanning enabled* (Updated) {15EAB361-D0B2-4563-88D3-1B20BFB89832}
FW: My Security Wall *enabled* {4FEF4395-906D-4A82-8D8E-50720FAD891D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cole\Desktop\virus fix\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www5.snapfish.com/SnapfishActivia.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205292681515
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
IFEO: image file execution options - svchost.exe

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 03314172;03314172 Boot Guard Driver;c:\windows\system32\drivers\03314172.sys [2010-4-6 37392]
R0 77143832;77143832 Boot Guard Driver;c:\windows\system32\drivers\77143832.sys [2010-4-6 37392]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-3-14 33920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-19 217032]
R1 03314171;03314171;c:\windows\system32\drivers\03314171.sys [2010-4-6 128016]
R1 77143831;77143831;c:\windows\system32\drivers\77143831.sys [2010-4-6 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-5-28 394192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-19 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-19 30104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]

=============== Created Last 30 ================

2010-04-07 04:11:19 37392 ----a-w- c:\windows\system32\drivers\03314172.sys
2010-04-07 04:11:19 315408 ----a-w- c:\windows\system32\drivers\0331417.sys
2010-04-07 04:11:19 128016 ----a-w- c:\windows\system32\drivers\03314171.sys
2010-04-07 02:11:50 37392 ----a-w- c:\windows\system32\drivers\77143832.sys
2010-04-07 02:11:50 315408 ----a-w- c:\windows\system32\drivers\7714383.sys
2010-04-07 02:11:50 128016 ----a-w- c:\windows\system32\drivers\77143831.sys
2010-04-04 06:23:16 0 d-----w- c:\program files\Windows Installer Clean Up
2010-04-03 21:06:56 0 d-----w- c:\documents and settings\cole\.SunDownloadManager
2010-04-03 18:38:09 0 d-----w- C:\_OTL
2010-04-03 03:38:11 0 d-----w- c:\program files\Trend Micro
2010-04-03 01:56:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-20 18:41:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-19 08:01:38 0 d-----w- C:\47b070a7f10ab543b62ceee0272ee47d
2010-03-19 07:38:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-19 07:38:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-19 07:37:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-19 06:31:55 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-19 06:31:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-19 06:31:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-19 06:31:41 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-19 06:31:41 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-19 06:31:41 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-19 06:31:09 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-19 06:31:09 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-19 06:30:46 0 d-----w- c:\program files\Spyware Doctor
2010-03-19 06:30:46 0 d-----w- c:\program files\common files\PC Tools
2010-03-19 06:30:46 0 d-----w- c:\docume~1\cole\applic~1\PC Tools
2010-03-19 05:57:35 0 d-----w- c:\windows\system32\KB905474
2010-03-19 05:50:30 0 d-----w- C:\766c3efb06b4fcb8602a6c40bb3191
2010-03-19 05:45:55 0 d-----w- c:\windows\system32\ar-SA
2010-03-19 05:09:05 0 d-----w- c:\docume~1\cole\applic~1\Malwarebytes
2010-03-14 17:34:23 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-14 05:29:48 0 d-----w- c:\docume~1\cole\applic~1\GetRightToGo
2010-03-14 01:27:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 01:27:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-13 22:07:12 0 d-----w- c:\docume~1\cole\applic~1\AVG8
2010-03-13 21:30:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-13 21:30:26 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 21:30:25 0 d-----w- c:\docume~1\cole\applic~1\SUPERAntiSpyware.com
2010-03-13 20:49:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-13 20:48:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-13 19:34:14 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-11 05:39:25 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 05:38:07 0 d-----w- c:\program files\Panda Security
2010-03-10 05:20:51 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-03-29 20:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 06:32:56 2724 ----a-w- c:\windows\system32\tmp.reg
2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 21:29:01.15 ===============

Attached Files



#5 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 08 April 2010 - 11:25 PM

Great. Before we proceed, can you tell me what your current AntiVirus solution is? I see parts of AVG but it doesn't seem fully installed.
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#6 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 08 April 2010 - 11:40 PM

Also, please do this:

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    c:\windows\system32\drivers\03314172.sys

  • Next, click the Open button.
  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

  • Please repeat for the following files:

  • c:\windows\system32\drivers\03314171.sys
    c:\windows\system32\drivers\0331417.sys


Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#7 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 12:42 AM

Well as for my antivirus, I have tried to download avg but it stops and gives me an error every time. I am not able to download certain things. I was told on an earlier website to delete and reinstall my JRE. Well I deleted and not it will not reinstall either. Keeps giving me a invalid signature or something with a cab1 file. I don't know whats going on for sure. It all started with my security wall and then antivirus suite. They have totally jacked up my computer.


Thanks again for you help.

here are the VirusTotal links for the three files you asked for.


c:\windows\system32\drivers\03314172.sys


http://www.virustotal.com/analisis/a3f8d91...8935-1270563249


c:\windows\system32\drivers\03314171.sys


http://www.virustotal.com/analisis/16b77fb...68d8-1270877593



c:\windows\system32\drivers\0331417.sys


http://www.virustotal.com/analisis/d30daff...7884-1270877748




#8 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 12:46 AM

Ok, thanks.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.

Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#9 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 03:53 PM

ok I understand everything so far. Here is the combofix txt file. i'll wait for further instructions. Thanks again for your help.

ComboFix 10-04-10.01 - Cole 04/10/2010 15:26:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.133 [GMT -5:00]
Running from: c:\documents and settings\Cole\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\temp\tpBe12
c:\windows\system32\dumphive.exe
c:\windows\system32\ineWc01
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 04:27 . 2010-04-09 04:38 -------- d-----w- C:\TFTM3Data
2010-04-09 04:25 . 2010-04-09 04:25 9662 ----a-r- c:\documents and settings\Cole\Application Data\Microsoft\Installer\{CE0CA87D-4352-4E68-A823-8166A7ADA3AF}\TFTM3.exe1_CE0CA87D43524E68A8238166A7ADA3AF.exe
2010-04-09 04:25 . 2010-04-09 04:25 9662 ----a-r- c:\documents and settings\Cole\Application Data\Microsoft\Installer\{CE0CA87D-4352-4E68-A823-8166A7ADA3AF}\ARPPRODUCTICON.exe
2010-04-09 04:23 . 2010-04-09 04:24 -------- d-----w- c:\program files\Common Files\Dao
2010-04-09 04:23 . 2010-04-09 04:23 -------- d-----w- c:\program files\Common Files\Business Objects
2010-04-09 04:23 . 2010-04-09 04:23 -------- d-----w- C:\Hy-Sport
2010-04-08 05:16 . 2010-04-08 05:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-04-07 04:11 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\03314172.sys
2010-04-07 04:11 . 2009-10-10 04:31 315408 ----a-w- c:\windows\system32\drivers\0331417.sys
2010-04-07 04:11 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\03314171.sys
2010-04-07 02:11 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\77143832.sys
2010-04-07 02:11 . 2009-10-10 04:31 315408 ----a-w- c:\windows\system32\drivers\7714383.sys
2010-04-07 02:11 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\77143831.sys
2010-04-04 06:36 . 2010-04-04 06:36 79488 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_19\gtapi.dll
2010-04-04 06:36 . 2010-04-04 06:36 152576 ----a-w- c:\documents and settings\Nicole\Application Data\Sun\Java\jre1.6.0_19\lzma.dll
2010-04-04 06:23 . 2010-04-04 06:23 3584 ----a-r- c:\documents and settings\Nicole\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-04 06:23 . 2010-04-04 06:23 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-04 05:31 . 2010-04-04 05:35 -------- d-----w- c:\documents and settings\Nicole\.SunDownloadManager
2010-04-03 21:06 . 2010-04-03 21:08 -------- d-----w- c:\documents and settings\Cole\.SunDownloadManager
2010-04-03 18:38 . 2010-04-03 18:38 -------- d-----w- C:\_OTL
2010-04-03 03:38 . 2010-04-03 03:38 -------- d-----w- c:\program files\Trend Micro
2010-04-03 01:56 . 2010-03-20 18:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-03 00:23 . 2010-04-03 00:23 52224 ----a-w- c:\documents and settings\Nicole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 00:23 . 2010-04-03 00:23 117760 ----a-w- c:\documents and settings\Nicole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 00:22 . 2010-04-03 00:22 -------- d-----w- c:\documents and settings\Nicole\Application Data\SUPERAntiSpyware.com
2010-03-30 18:41 . 2010-03-30 18:41 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-03-20 18:41 . 2010-03-20 18:41 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-20 18:41 . 2010-03-20 18:41 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-20 18:41 . 2010-03-30 18:41 329560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-20 18:41 . 2010-03-30 18:41 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-20 18:41 . 2010-03-20 18:41 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-20 18:40 . 2010-03-20 18:40 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-20 18:40 . 2010-03-30 18:41 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-20 18:40 . 2010-03-30 18:41 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-20 18:40 . 2010-03-30 18:41 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-20 18:40 . 2010-03-30 18:40 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-20 18:40 . 2010-03-30 18:40 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-20 18:40 . 2010-03-30 18:40 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-19 20:47 . 2010-03-19 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-19 08:01 . 2010-03-19 08:01 -------- d-----w- C:\47b070a7f10ab543b62ceee0272ee47d
2010-03-19 07:38 . 2010-03-19 07:38 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-19 07:38 . 2010-03-19 07:38 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-19 07:37 . 2010-03-19 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-19 06:31 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-19 06:31 . 2010-03-10 16:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-19 06:31 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-19 06:31 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-19 06:30 . 2010-03-24 03:23 -------- d-----w- c:\program files\Spyware Doctor
2010-03-19 06:30 . 2010-03-19 20:28 -------- d-----w- c:\documents and settings\Cole\Application Data\PC Tools
2010-03-19 06:30 . 2010-03-19 06:38 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-19 05:57 . 2009-03-11 03:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-03-19 05:57 . 2010-03-19 05:57 -------- d-----w- c:\windows\system32\KB905474
2010-03-19 05:57 . 2009-03-11 03:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-03-19 05:50 . 2010-03-19 05:50 -------- d-----w- C:\766c3efb06b4fcb8602a6c40bb3191
2010-03-19 05:09 . 2010-03-19 05:09 -------- d-----w- c:\documents and settings\Cole\Application Data\Malwarebytes
2010-03-14 17:34 . 2010-03-14 17:34 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-14 05:29 . 2010-03-14 05:30 -------- d-----w- c:\documents and settings\Cole\Application Data\GetRightToGo
2010-03-14 01:27 . 2010-03-14 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-14 01:27 . 2010-03-14 01:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-13 22:22 . 2010-03-13 22:22 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Threat Expert
2010-03-13 22:07 . 2010-03-13 22:07 -------- d-----w- c:\documents and settings\Cole\Application Data\AVG8
2010-03-13 21:31 . 2010-03-13 21:31 52224 ----a-w- c:\documents and settings\Cole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-13 21:31 . 2010-03-13 22:09 117760 ----a-w- c:\documents and settings\Cole\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-13 21:30 . 2010-03-13 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-13 21:30 . 2010-03-13 21:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 21:30 . 2010-03-13 21:30 -------- d-----w- c:\documents and settings\Cole\Application Data\SUPERAntiSpyware.com
2010-03-13 20:49 . 2010-03-13 20:49 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-13 20:48 . 2010-03-13 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-13 19:47 . 2010-03-13 19:47 -------- d-----w- c:\documents and settings\Randy\Application Data\AVG8
2010-03-13 19:34 . 2010-03-13 19:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-13 19:34 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-13 19:04 . 2010-03-13 19:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 20:25 . 2009-01-05 01:13 -------- d-----w- c:\documents and settings\Cole\Application Data\HPAppData
2010-04-05 02:05 . 2008-04-20 01:30 -------- d-----w- c:\program files\K-Lite Pro
2010-04-05 01:28 . 2008-05-15 02:31 39120 ----a-w- c:\documents and settings\Cole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 06:22 . 2010-02-03 03:22 -------- d-----w- c:\program files\MSECache
2010-04-04 05:51 . 2008-12-30 20:52 -------- d-----w- c:\documents and settings\Nicole\Application Data\HPAppData
2010-04-03 21:05 . 2008-01-20 22:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-03 19:01 . 2008-12-26 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 02:26 . 2010-03-07 22:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-01 12:57 . 2009-01-04 06:06 -------- d-----w- c:\documents and settings\Randy\Application Data\HPAppData
2010-03-30 18:41 . 2010-03-20 18:41 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-30 18:41 . 2010-03-20 18:41 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-03-30 18:41 . 2010-03-20 18:41 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-30 18:41 . 2010-03-20 18:41 565392 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-03-30 18:41 . 2010-03-30 18:41 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-03-30 18:41 . 2010-03-20 18:41 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-03-30 18:41 . 2010-03-20 18:41 432032 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-03-30 18:41 . 2010-03-20 18:41 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-03-29 20:24 . 2008-12-26 07:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24 . 2008-12-26 07:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 14:07 . 2010-03-22 03:41 -------- d-----w- c:\documents and settings\Jake\Application Data\HPAppData
2010-03-22 04:27 . 2007-08-10 17:39 -------- d-----w- c:\program files\Cartoon Network
2010-03-22 04:27 . 2007-07-30 07:10 -------- d-----w- c:\program files\HotPotatoes6
2010-03-22 04:26 . 2008-08-30 04:53 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-22 04:26 . 2008-03-04 21:07 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-22 04:25 . 2007-05-23 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-22 04:24 . 2008-03-11 04:40 -------- d-----w- c:\program files\Best Buy Rhapsody
2010-03-20 18:41 . 2010-03-20 18:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-20 18:41 . 2010-03-20 18:41 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-20 18:41 . 2010-03-20 18:41 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-20 18:41 . 2010-03-20 18:41 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-20 18:41 . 2010-03-20 18:41 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-19 20:42 . 2007-05-27 01:00 -------- d-----w- c:\program files\AIM
2010-03-19 20:42 . 2008-07-16 19:00 -------- d-----w- c:\documents and settings\Cole\Application Data\Aim
2010-03-19 20:40 . 2007-05-24 01:43 -------- d-----w- c:\program files\Google
2010-03-19 20:39 . 2010-03-10 05:38 -------- d-----w- c:\program files\Panda Security
2010-03-19 20:38 . 2007-12-07 05:07 -------- d-----w- c:\program files\Yahoo!
2010-03-19 20:36 . 2007-12-13 06:49 -------- d-----w- c:\documents and settings\Cole\Application Data\Yahoo!
2010-03-19 20:36 . 2007-12-07 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-13 20:44 . 2007-05-27 01:00 -------- d-----w- c:\program files\Viewpoint
2010-03-13 19:34 . 2007-07-21 06:34 -------- d-----w- c:\program files\Lavasoft
2010-03-11 22:12 . 2007-12-07 05:30 -------- d-----w- c:\documents and settings\Randy\Application Data\Yahoo!
2010-03-11 03:41 . 2010-03-11 03:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-08 06:37 . 2009-12-04 06:29 256 ----a-w- c:\documents and settings\Randy\pool.bin
2010-03-08 06:13 . 2009-08-13 23:59 256 ----a-w- c:\windows\system32\pool.bin
2010-03-07 22:21 . 2010-03-07 22:21 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2010-03-07 15:46 . 2010-03-07 15:44 20616488 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2010_03_06_02_28_34_full.dmp.zip
2010-03-02 02:44 . 2008-07-01 02:41 41 ----a-w- c:\documents and settings\Randy\jagex_runescape_preferences.dat
2010-03-02 02:36 . 2009-11-25 03:03 69 ----a-w- c:\documents and settings\Randy\jagex_runescape_preferences2.dat
2010-03-02 01:48 . 2010-03-02 01:48 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-03-02 01:47 . 2010-03-02 01:47 -------- d-----w- c:\program files\TechSmith
2010-02-26 06:12 . 2008-03-08 08:33 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 04:48 . 2008-03-12 07:20 39120 ----a-w- c:\documents and settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 01:42 . 2009-08-08 04:36 -------- d-----w- c:\documents and settings\Randy\Application Data\U3
2010-02-16 01:16 . 2008-07-08 00:18 -------- d-----w- c:\program files\Microsoft Silverlight
.

------- Sigcheck -------

[-] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wuauclt.exe
[7] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Randy^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgsys]
regedit [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
2003-07-08 08:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2007-03-05 18:57 1103480 ----a-w- c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-03-09 14:40 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 18:05 233304 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-17 01:21 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-10-13 20:38 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2009-12-07 10:22 266888 ----a-w- c:\documents and settings\Randy\Application Data\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 22:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2007-03-09 05:02 919280 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SeaPort"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 03314172;03314172 Boot Guard Driver;c:\windows\system32\drivers\03314172.sys [4/6/2010 11:11 PM 37392]
R0 77143832;77143832 Boot Guard Driver;c:\windows\system32\drivers\77143832.sys [4/6/2010 9:11 PM 37392]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [3/14/2010 12:34 PM 33920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/19/2010 1:31 AM 217032]
R1 03314171;03314171;c:\windows\system32\drivers\03314171.sys [4/6/2010 11:11 PM 128016]
R1 77143831;77143831;c:\windows\system32\drivers\77143831.sys [4/6/2010 9:11 PM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/19/2010 2:38 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/19/2010 2:38 AM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/26/2008 2:29 AM 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/2/2010 4:11 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1265264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:41]

2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 09:11]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 09:11]

2010-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-03-19 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-My Security Wall - c:\documents and settings\All Users\Application Data\d03ec96\MSd03e.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 15:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-04-10 15:44:40
ComboFix-quarantined-files.txt 2010-04-10 20:44

Pre-Run: 158,052,589,568 bytes free
Post-Run: 158,078,779,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 5504EA5E0FA57BB0A6D997B034E075EB


#10 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 05:09 PM

I'm trying to understand why there are so many Kaspersky boot drivers showing in the log (the files I had you scan at VirusTotal appear to be Kaspersky drivers), and no Kaspersky products shown as installed. Have you run any specialized Kaspersky tools before posting?
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#11 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 05:12 PM

well someone tried to help me earlier from another support forum and they had me do a scan with kapersky... if I remember right the scan never would load correctly.

#12 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 05:14 PM

but that was a week or so ago before you started helping me. I haven't run anything since you started helping except what you have told me to do : )

#13 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 06:41 PM

QUOTE
they had me do a scan with kapersky


An online scan with Kaspersky would not drop those drivers, but a different tool might.

Let's address some other issues.

You mentioned not being able to download or install AVG. Has that changed now?

I think it might be best to use the AVG removal tool,

http://www.avg.com/ww-en/download-tools << top link 32bit

and then post new logs from DDS.
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#14 tetonbob

tetonbob

  • Malware Response Team
  • 797 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 06:46 PM

QUOTE
well someone tried to help me earlier from another support forum


It might be helpful if you provided a link to that topic so I can see what was done.

If this is it

http://www.geekstogo.com/forum/My-Security....html&st=15

Then my help here is done.

It's counterproductive to have more than one volunteer helping on the same issue.
Practice Safe Surfing

Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015

#15 huskermule

huskermule
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 April 2010 - 06:54 PM

here are the dds logs. I used the avg uninstall you told me to use.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Cole at 18:48:25.75 on Sat 04/10/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.178 [GMT -5:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Cole\Desktop\virus fix\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www5.snapfish.com/SnapfishActivia.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205292681515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 03314172;03314172 Boot Guard Driver;c:\windows\system32\drivers\03314172.sys [2010-4-6 37392]
R0 77143832;77143832 Boot Guard Driver;c:\windows\system32\drivers\77143832.sys [2010-4-6 37392]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-3-14 33920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-19 217032]
R1 03314171;03314171;c:\windows\system32\drivers\03314171.sys [2010-4-6 128016]
R1 77143831;77143831;c:\windows\system32\drivers\77143831.sys [2010-4-6 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-5-28 394192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-19 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-19 30104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]

=============== Created Last 30 ================

2010-04-10 20:23:04 0 d-sha-r- C:\cmdcons
2010-04-10 19:50:37 98816 ----a-w- c:\windows\sed.exe
2010-04-10 19:50:37 77312 ----a-w- c:\windows\MBR.exe
2010-04-10 19:50:37 261632 ----a-w- c:\windows\PEV.exe
2010-04-10 19:50:37 161792 ----a-w- c:\windows\SWREG.exe
2010-04-09 04:27:16 0 d-----w- C:\TFTM3Data
2010-04-09 04:23:47 0 d-----w- c:\program files\common files\Dao
2010-04-09 04:23:47 0 d-----w- c:\program files\common files\Business Objects
2010-04-09 04:23:47 0 d-----w- C:\Hy-Sport
2010-04-07 04:11:19 37392 ----a-w- c:\windows\system32\drivers\03314172.sys
2010-04-07 04:11:19 315408 ----a-w- c:\windows\system32\drivers\0331417.sys
2010-04-07 04:11:19 128016 ----a-w- c:\windows\system32\drivers\03314171.sys
2010-04-07 02:11:50 37392 ----a-w- c:\windows\system32\drivers\77143832.sys
2010-04-07 02:11:50 315408 ----a-w- c:\windows\system32\drivers\7714383.sys
2010-04-07 02:11:50 128016 ----a-w- c:\windows\system32\drivers\77143831.sys
2010-04-04 06:23:16 0 d-----w- c:\program files\Windows Installer Clean Up
2010-04-03 21:06:56 0 d-----w- c:\documents and settings\cole\.SunDownloadManager
2010-04-03 18:38:09 0 d-----w- C:\_OTL
2010-04-03 03:38:11 0 d-----w- c:\program files\Trend Micro
2010-04-03 01:56:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-20 18:41:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-19 08:01:38 0 d-----w- C:\47b070a7f10ab543b62ceee0272ee47d
2010-03-19 07:38:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-19 07:38:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-19 07:37:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-19 06:31:55 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-19 06:31:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-19 06:31:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-19 06:31:41 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-19 06:31:41 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-19 06:31:41 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-19 06:31:09 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-19 06:31:09 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-19 06:30:46 0 d-----w- c:\program files\Spyware Doctor
2010-03-19 06:30:46 0 d-----w- c:\program files\common files\PC Tools
2010-03-19 06:30:46 0 d-----w- c:\docume~1\cole\applic~1\PC Tools
2010-03-19 05:57:35 0 d-----w- c:\windows\system32\KB905474
2010-03-19 05:50:30 0 d-----w- C:\766c3efb06b4fcb8602a6c40bb3191
2010-03-19 05:45:55 0 d-----w- c:\windows\system32\ar-SA
2010-03-19 05:09:05 0 d-----w- c:\docume~1\cole\applic~1\Malwarebytes
2010-03-14 17:34:23 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-14 05:29:48 0 d-----w- c:\docume~1\cole\applic~1\GetRightToGo
2010-03-14 01:27:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 01:27:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-13 22:07:12 0 d-----w- c:\docume~1\cole\applic~1\AVG8
2010-03-13 21:30:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-13 21:30:26 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-13 21:30:25 0 d-----w- c:\docume~1\cole\applic~1\SUPERAntiSpyware.com
2010-03-13 20:49:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-13 20:48:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-13 19:34:14 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

==================== Find3M ====================

2010-03-29 20:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 20:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 06:12:23 662016 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 18:50:23.15 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users