Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER scan error, Frozen computer


  • Please log in to reply
19 replies to this topic

#1 marym

marym

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 23 August 2010 - 05:37 AM

While creating a GMER log per instructions, my computer froze. It took 6-1/2 HOURS for my computer to run through the rootkits with GMER. When FINALLY finished, I clicked SAVE but my computer froze up. I couldn't run Task Manager either. I didn't receive any error messages and finally after about another HOUR I had to manually turn off the computer. In step 8 (Fig. 13) the instructions did say running the scan may "take a while" but 6-1/2 hours? In any event, my log was lost. Should I try and run this scan again? DDS.scr, Attach.txt and DDS.txt are already saved on my desktop.
I was so frustrated because I couldn't use my computer all day once the scan started. Any suggestions?

Here is the Attach.txt file:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume2
Install Date: 4/24/2008 2:35:39 PM
System Uptime: 8/22/2010 9:22:04 AM (6 hours ago)

Motherboard: Dell Inc. | | 0HN338
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 87.178 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCIVEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_024&1E93A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCIVEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_024&1E93A591&0&00E5
Service: b57w2k

==== System Restore Points ===================

RP1: 7/1/2010 11:39:02 AM - anti badware
RP2: 7/1/2010 7:33:19 PM - Installed Java™ 6 Update 20
RP3: 7/2/2010 11:43:36 PM - System Checkpoint
RP4: 7/3/2010 2:00:00 PM - Removed AVG Free 8.5
RP5: 7/3/2010 3:47:22 PM - avast! Free Antivirus Setup
RP6: 7/3/2010 3:59:08 PM - Removed Browser Address Error Redirector.
RP7: 7/3/2010 4:01:31 PM - Removed Rhapsody Player Engine
RP8: 7/3/2010 4:02:23 PM - Removed Roxio Creator Audio
RP9: 7/3/2010 4:03:19 PM - Removed Roxio Creator BDAV Plugin
RP10: 7/3/2010 4:04:29 PM - Removed Roxio Creator Copy
RP11: 7/3/2010 4:05:18 PM - Removed Roxio Creator Data
RP12: 7/3/2010 4:07:04 PM - Removed Roxio Creator DE
RP13: 7/3/2010 4:07:59 PM - Removed Roxio Creator Tools
RP14: 7/3/2010 4:08:46 PM - Removed Roxio Drag-to-Disc
RP15: 7/3/2010 4:09:28 PM - Removed Roxio Express Labeler
RP16: 7/3/2010 4:10:04 PM - Removed Roxio Update Manager
RP17: 7/3/2010 7:48:22 PM - Installed Windows Internet Explorer 8.
RP18: 7/5/2010 3:43:00 PM - System Checkpoint
RP19: 7/6/2010 4:34:15 PM - System Checkpoint
RP20: 7/7/2010 9:59:38 PM - System Checkpoint
RP21: 7/9/2010 12:49:59 PM - System Checkpoint
RP22: 7/10/2010 5:04:49 PM - System Checkpoint
RP23: 7/11/2010 5:13:09 PM - System Checkpoint
RP24: 7/12/2010 8:30:15 PM - System Checkpoint
RP25: 7/13/2010 8:40:15 PM - System Checkpoint
RP26: 7/15/2010 9:41:08 AM - System Checkpoint
RP27: 7/17/2010 9:10:55 AM - System Checkpoint
RP28: 7/18/2010 8:43:22 AM - Spyware Doctor: Cleaning Threats
RP29: 7/19/2010 10:07:33 AM - System Checkpoint
RP30: 7/21/2010 10:10:45 AM - System Checkpoint
RP31: 7/22/2010 6:49:13 PM - System Checkpoint
RP32: 7/25/2010 3:40:55 PM - System Checkpoint
RP33: 7/26/2010 7:37:37 PM - System Checkpoint
RP34: 7/28/2010 2:15:37 AM - Spyware Doctor: Cleaning Threats
RP35: 7/29/2010 3:46:39 AM - Spyware Doctor: Cleaning Threats
RP36: 7/30/2010 11:31:42 AM - System Checkpoint
RP37: 7/31/2010 4:11:48 PM - System Checkpoint
RP38: 8/1/2010 8:28:26 AM - Spyware Doctor: Cleaning Threats
RP39: 8/1/2010 4:48:41 PM - Restore Operation
RP40: 8/2/2010 7:55:21 PM - System Checkpoint
RP41: 8/4/2010 10:54:43 AM - System Checkpoint
RP42: 8/5/2010 7:20:59 AM - Spyware Doctor: Cleaning Threats
RP43: 8/6/2010 10:11:18 AM - System Checkpoint
RP44: 8/7/2010 2:23:02 PM - System Checkpoint
RP45: 8/9/2010 9:22:51 AM - System Checkpoint
RP46: 8/10/2010 9:49:49 AM - System Checkpoint
RP47: 8/11/2010 7:33:56 PM - System Checkpoint
RP48: 8/12/2010 8:23:29 PM - System Checkpoint
RP49: 8/15/2010 2:56:32 PM - System Checkpoint
RP50: 8/16/2010 9:00:58 PM - System Checkpoint
RP51: 8/18/2010 11:27:02 AM - System Checkpoint
RP52: 8/19/2010 6:40:34 PM - System Checkpoint
RP53: 8/21/2010 10:23:24 AM - System Checkpoint
RP54: 8/22/2010 11:32:03 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Mobile Device Support
Apple Software Update
Aqua Panorama Wallpaper
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Broadcom ASF Management Applications
Broadcom Management Programs
Business Contact Manager for Outlook 2007 SP2
Citrix Presentation Server Client
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
GemSafe Standard Edition 5.1
Google Desktop
GoToAssist 8.0.0.508
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 450 printer Uninstaller
HPSSupply
Intel® PROSet/Wireless Software
IntelliSonic Speech Enhancement
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
Java Auto Updater
Java™ 6 Update 20
KONICA MINOLTA PageScope Net Care
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MFCLOC
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.0.9)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PowerDVD
Preboot Manager
Private Information Manager
QuickBooks Remote Access
QuickSet
QuickTime
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Wizards
Sonic Activation Module
Spyware Doctor 7.0
SUPERAntiSpyware
The Print Shop 21
Trusted Drive Manager
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Viewpoint Media Player
Wave Infrastructure Installer
Wave Support Software
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/19/2010 9:52:24 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/19/2010 9:52:24 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Okay, I tried running the scan AGAIN. This time, after I saw there was no additional information being posted, I stopped the scan and attempted to SAVE it as ark.txt. Unfortunately my computer FROZE AGAIN. It seems I am unable to save the information after a scan. Everything LOCKS UP. Now I'm really in a bind. I still get redirected to random sites when clicking on links. Thank goodness I have long hair because I'm starting to pull it out!

I'm still getting redirected to random sites. My computer is now having trouble shutting down. I'm not sure if it's because I ran GMER and my computer froze. What a mess. In any event, I think I was supposed to include the attach.txt as an attachment and copy and paste the DDS logfile into the post. So here's the DDS logfile:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Anthony at 15:36:48.51 on Sun 08/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1110 [GMT -4:00]

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\MyBuddy.exe\pctsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MyBuddy.exe\pctsAuxs.exe
C:\Program Files\MyBuddy.exe\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Desktop\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aol.com/
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [\\MARYSLAPTOP\EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiafa.exe /p40 "\\maryslaptop\EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ISTray] "c:\program files\mybuddy.exe\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: gotoassist.com
Trusted Zone: sumtotalsystems.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\mysuperbuddy\SASWINLO.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\mysuperbuddy\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\epno0qul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-30 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-3 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\mysuperbuddy\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\mysuperbuddy\SASKUTIL.SYS [2010-5-10 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\mybuddy.exe\pctsAuxs.exe [2010-6-30 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\mybuddy.exe\pctsSvc.exe [2010-6-30 1142224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-4 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys --> c:\windows\system32\drivers\hpzs2k12.sys [?]

=============== Created Last 30 ================

2010-08-20 19:13:17 0 d-----w- C:\MDT
2010-08-01 20:53:33 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-07-23 11:08:53 812344 ----a-w- c:\program files\HJTInstall.exe
2010-07-21 12:50:49 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-05 04:44:20 67555 ----a-w- c:\windows\system32\nvModes.dat
2010-07-03 19:46:55 53785488 ----a-w- c:\program files\av_free.exe
2010-07-01 01:20:33 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-01 01:20:31 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-10 11:17:11 1068544 ----a-w- c:\program files\CouponPrinter.exe
2010-01-22 02:08:09 2596008 -c--a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
2010-01-21 17:48:53 2318024 -c----w- c:\program files\AquaPanorama.exe
2008-09-09 21:36:07 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 15:38:41.40 ===============


and I'm attaching the attach.txt as an attachment. I hope I'm doing this correctly and posting to the right place.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 23 August 2010 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 28 August 2010 - 08:23 AM

Whether or not I click on a link, I keep getting redirected to random sites. I've run Malwarebytes, Spyware Doctor, SuperAntiSpyware, Windows Defender, HijackThis and my antivirus program, Avast. I removed or quarantined whatever I could but I keep getting redirected. For some reason I was unable to run GMER as it took over 6 hours to scan then my computer froze.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Anthony at 9:10:13.93 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.864 [GMT -4:00]

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\MyBuddy.exe\pctsTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MyBuddy.exe\pctsAuxs.exe
C:\Program Files\MyBuddy.exe\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\D2RK647J\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aol.com/
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [\\MARYSLAPTOP\EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiafa.exe /p40 "\\maryslaptop\EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISTray] "c:\program files\mybuddy.exe\pctsTray.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1150_1300\SetConfig.exe -c Direct -p LPT1: -pn "" -n 0 -l -sl 120000
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myprin~1.lnk - c:\program files\hewlett-packard\hp deskjet 450 printer\toolbox\mpm.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: gotoassist.com
Trusted Zone: sumtotalsystems.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\mysuperbuddy\SASWINLO.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\mysuperbuddy\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\epno0qul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-30 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-3 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\mysuperbuddy\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\mysuperbuddy\SASKUTIL.SYS [2010-5-10 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\mybuddy.exe\pctsAuxs.exe [2010-6-30 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\mybuddy.exe\pctsSvc.exe [2010-6-30 1142224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-4 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys --> c:\windows\system32\drivers\hpzs2k12.sys [?]

=============== Created Last 30 ================

2010-08-25 12:31:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 19:13:17 0 d-----w- C:\MDT
2010-08-01 20:53:33 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-07-23 11:08:53 812344 ----a-w- c:\program files\HJTInstall.exe
2010-07-21 12:50:49 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-05 04:44:20 67555 ----a-w- c:\windows\system32\nvModes.dat
2010-07-03 19:46:55 53785488 ----a-w- c:\program files\av_free.exe
2010-07-01 01:20:33 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-01 01:20:31 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-10 11:17:11 1068544 ----a-w- c:\program files\CouponPrinter.exe
2010-01-22 02:08:09 2596008 -c--a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
2010-01-21 17:48:53 2318024 -c----w- c:\program files\AquaPanorama.exe
2008-09-09 21:36:07 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 9:12:26.12 ===============

Attached Files


Edited by Orange Blossom, 28 August 2010 - 10:32 PM.
Merged topics. ~ OB


#3 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 29 August 2010 - 02:58 PM

Hi marym,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#4 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 11:20 AM

THIS IS MY THIRD ATTEMPT AT SENDING THE LOGS. I can send the MBAM and GMER logs no problem but when I copy and paste the OTL log, I lose the internet connection. I'll try to send the first two now and the OTL separately after. Thank you for any help you can offer.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4507

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/30/2010 11:37:52 AM
mbam-log-2010-08-30 (11-37-52).txt

Scan type: Quick scan
Objects scanned: 165320
Time elapsed: 22 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-30 10:23:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Anthony\LOCALS~1\Temp\fwlyqfoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF743D112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF741C2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF741C4C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF743D900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF743DBB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF743BE12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF743E020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF743D3D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF741BF44]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\system32\svchost.exe[1148] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat B9605D20
Device \FileSystem\Fastfat \Fat B95FE60A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#5 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 11:28 AM

I've tried three times to send the OTL log but I keep losing internet connection when trying to do so. Can I send this as an attachment rather than a reply in this post? I don't know why that's happening but it's very frustrating. I'm copying and pasting the OTL log in the reply box but when I click reply (in both fast reply and regular reply), I get a screen that says I'm no longer connected to the internet.

#6 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 11:31 AM

I'm going to try and send the OTL as an attachment. I hope this is okay and I really appreciate all your help...

OTL logfile created on: 8/30/2010 11:48:49 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Desktop\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 91.93 Gb Free Space | 82.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALLSTATE-01
Current User Name: Anthony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MySuperBuddy\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\MyBuddy.exe\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\MyBuddy.exe\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\MyBuddy.exe\pctsAuxs.exe (PC Tools)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\All Users\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\MyBuddy.exe\smum32.dll (PC Tools)
MOD - C:\Program Files\MyBuddy.exe\PCTGMhk.dll (PC Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\MyBuddy.exe\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\MyBuddy.exe\pctsAuxs.exe (PC Tools)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (HPZs2k12) Storage Class Driver for IEEE-1284.4 (HPZ12) -- C:\WINDOWS\System32\Drivers\hpzs2k12.sys File not found
DRV - (HPZius12) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys File not found
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (SASKUTIL) -- C:\Program Files\MySuperBuddy\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\MySuperBuddy\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\hppaufd0.sys (HP)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080418
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080418

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 19:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 08:46:18 | 000,000,000 | ---D | M]

[2008/12/22 21:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Extensions
[2010/07/08 12:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\epno0qul.default\extensions
[2010/07/01 14:50:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\epno0qul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/01 11:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\epno0qul.default\extensions\plugin@yontoo.com
[2010/07/08 09:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 19:34:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/25 19:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2004/06/09 17:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [\\MARYSLAPTOP\EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HPLJ Config] c:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\MyBuddy.exe\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: allstate.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway1] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([allianceweb] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([mymail] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstatehelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: custhelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: deerbrook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: encompassinsurance.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gotoassist.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sumtotalsystems.com ([]* in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\MySuperBuddy\SASWINLO.DLL - C:\Program Files\MySuperBuddy\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\MySuperBuddy\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89a3eba4-c79b-11dd-9b0b-001d09c4e58f}\Shell - "" = AutoRun
O33 - MountPoints2\{89a3eba4-c79b-11dd-9b0b-001d09c4e58f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a3eba4-c79b-11dd-9b0b-001d09c4e58f}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (83893153811136512)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/30 11:47:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\Desktop\OTL.exe
[2010/08/25 08:31:53 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/08/25 08:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/08/22 15:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Desktop\gmer
[2010/08/20 15:13:17 | 000,000,000 | ---D | C] -- C:\MDT
[2010/08/20 13:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/08/04 08:48:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony\Recent
[2010/07/23 07:08:38 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe
[2010/06/10 07:16:56 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/01/21 22:07:44 | 002,596,008 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleToolbarInstaller_en32_signed.exe

========== Files - Modified Within 30 Days ==========

[2010/08/30 11:47:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\Desktop\OTL.exe
[2010/08/30 11:47:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/30 10:40:10 | 000,067,555 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/08/30 10:40:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 10:38:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 10:38:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\WavXMapDrive.bat
[2010/08/30 10:38:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/30 10:38:05 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/30 10:28:23 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\IconCache.db
[2010/08/30 09:01:11 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Anthony\NTUSER.DAT
[2010/08/28 11:01:15 | 001,883,485 | ---- | M] () -- C:\Documents and Settings\Anthony\My Documents\ULine Combo.pdf
[2010/08/25 16:39:15 | 005,171,866 | ---- | M] () -- C:\Documents and Settings\Anthony\My Documents\wood doors.pdf
[2010/08/25 08:11:07 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop\WindowsDefender.msi
[2010/08/24 07:15:22 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/24 07:15:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 07:15:22 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010/08/24 06:35:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Anthony\ntuser.ini
[2010/08/22 15:51:37 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop\gmer.zip
[2010/08/22 15:36:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop\dds.scr
[2010/08/22 11:06:35 | 000,288,398 | ---- | M] () -- C:\Documents and Settings\Anthony\My Documents\newgardencrossing.pdf
[2010/08/19 14:47:24 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/17 21:37:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/08/30 10:38:05 | 2145,353,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/28 11:01:15 | 001,883,485 | ---- | C] () -- C:\Documents and Settings\Anthony\My Documents\ULine Combo.pdf
[2010/08/25 16:39:15 | 005,171,866 | ---- | C] () -- C:\Documents and Settings\Anthony\My Documents\wood doors.pdf
[2010/08/25 08:10:52 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop\WindowsDefender.msi
[2010/08/24 06:34:35 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/08/24 06:34:35 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\myPrintMileage.lnk
[2010/08/22 15:51:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop\gmer.zip
[2010/08/22 15:36:05 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop\dds.scr
[2010/08/22 11:06:35 | 000,288,398 | ---- | C] () -- C:\Documents and Settings\Anthony\My Documents\newgardencrossing.pdf
[2010/07/21 08:50:49 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/07/03 15:46:44 | 053,785,488 | ---- | C] () -- C:\Program Files\av_free.exe
[2010/06/30 20:48:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/01/21 13:48:34 | 002,318,024 | ---- | C] () -- C:\Program Files\AquaPanorama.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/12 12:14:09 | 000,000,311 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/01/12 12:14:08 | 000,001,021 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/12 12:13:56 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\HPBVNSTP.DLL
[2009/01/08 15:50:03 | 000,007,837 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2009/01/08 15:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/05/12 12:32:00 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/24 14:36:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\WavXMapDrive.bat
[2008/04/18 11:46:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/18 11:28:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 11:17:34 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/04/18 11:14:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/04/18 11:14:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/04/18 10:44:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/18 10:44:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/18 10:44:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/18 10:44:06 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/18 10:42:22 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/03/24 04:58:36 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2005/02/01 21:39:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2004/11/17 02:16:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2004/10/15 02:09:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 18:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 18:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 18:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 18:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/07/31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1996/11/17 11:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/24 07:15:22 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/18 10:46:52 | 000,007,218 | RH-- | M] () -- C:\dell.sdr
[2010/08/30 10:38:05 | 2145,353,728 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/24 16:02:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/10/12 15:27:58 | 000,001,102 | -H-- | M] () -- C:\IPH.PH
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/09 17:25:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/30 10:37:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/11/14 02:43:58 | 000,029,152 | R--- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL
[2008/11/04 13:46:44 | 000,280,576 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp083.dll
[2003/01/07 20:04:10 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPPRN05.DLL
[2008/02/12 13:45:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/06/06 17:54:32 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Anthony\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/01/21 13:48:53 | 002,318,024 | ---- | M] () -- C:\Program Files\AquaPanorama.exe
[2010/07/03 15:46:55 | 053,785,488 | ---- | M] () -- C:\Program Files\av_free.exe
[2010/06/10 07:17:11 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Program Files\CouponPrinter.exe
[2010/01/21 22:08:09 | 002,596,008 | ---- | M] (Google Inc.) -- C:\Program Files\GoogleToolbarInstaller_en32_signed.exe
[2010/07/23 07:08:53 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/09 17:29:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/04/18 11:20:01 | 000,000,837 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\wave_license.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-28 00:15:09

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

[edited to open logs ~ mp]

Attached Files

  • Attached File  OTL.txt   79.45KB   3 downloads

Edited by mpascal, 30 August 2010 - 11:45 AM.


#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 30 August 2010 - 11:48 AM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 02:17 PM

Okay, MPascal, here is the Combofix.txt... (I have to tell you that I was nervous about disabling all my anti-virus, spyware, etc. programs and downloading ones whose signature couldn't be verified...hopefully all this effort on your part and mine will finally rectify the redirection situation.)

ComboFix 10-08-29.04 - Anthony 08/30/2010 14:27:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-25 12:31 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-25 12:12 . 2010-08-25 12:12 -------- d-----w- c:\program files\Windows Defender
2010-08-20 19:13 . 2010-08-30 17:53 -------- d-----w- C:\MDT
2010-08-20 17:52 . 2010-08-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-08-11 15:43 . 2010-08-11 15:43 61440 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-sse.dll
2010-08-11 15:43 . 2010-08-11 15:43 503808 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcp71.dll
2010-08-11 15:43 . 2010-08-11 15:43 499712 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\jmc.dll
2010-08-11 15:43 . 2010-08-11 15:43 348160 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcr71.dll
2010-08-11 15:43 . 2010-08-11 15:43 12800 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-d3d.dll
2010-08-01 20:53 . 2010-08-01 20:53 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 18:48 . 2008-10-16 17:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 18:32 . 2010-07-01 00:47 -------- d-----w- c:\program files\MyBuddy.exe
2010-08-30 17:53 . 2008-04-24 18:36 0 -c--a-w- c:\documents and settings\Anthony\Local Settings\Application Data\WavXMapDrive.bat
2010-08-30 17:44 . 2010-01-21 19:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 14:53 . 2010-07-01 11:01 63488 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 14:53 . 2010-07-01 11:01 117760 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 13:35 . 2008-04-18 15:36 -------- d-----w- c:\program files\Google
2010-08-28 13:30 . 2010-08-28 13:30 118784 ----a-w- c:\windows\Web\Wallpaper\Aqua Panorama.exe
2010-08-03 13:15 . 2010-07-01 11:00 -------- d-----w- c:\program files\MySuperBuddy
2010-07-23 11:09 . 2010-07-23 11:09 -------- d-----w- c:\program files\Trend Micro
2010-07-23 11:08 . 2010-07-23 11:08 812344 ----a-w- c:\program files\HJTInstall.exe
2010-07-21 12:50 . 2010-07-21 12:50 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-10 12:49 . 2010-05-12 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 12:46 . 2010-07-10 12:46 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-10 12:46 . 2010-07-10 12:46 -------- d-----w- c:\program files\NOS
2010-07-05 04:44 . 2008-04-18 14:50 67555 ----a-w- c:\windows\system32\nvModes.dat
2010-07-03 20:10 . 2008-04-18 15:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-03 20:08 . 2008-04-18 15:28 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-03 19:59 . 2008-04-18 15:09 -------- d-----w- c:\program files\Dell
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Alwil Software
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-03 19:46 . 2010-07-03 19:46 53785488 ----a-w- c:\program files\av_free.exe
2010-07-02 19:36 . 2010-07-02 19:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-01 23:33 . 2008-04-18 15:07 -------- d-----w- c:\program files\Java
2010-07-01 11:01 . 2010-07-01 11:01 52224 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 01:20 . 2010-07-01 00:48 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-01 01:20 . 2010-07-01 00:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 20:57 . 2010-07-03 19:47 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-03 19:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-03 19:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-03 19:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-03 19:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-03 19:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-03 19:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-03 19:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-03 19:47 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-10 11:17 . 2010-06-10 11:16 1068544 ----a-w- c:\program files\CouponPrinter.exe
2010-01-22 02:08 . 2010-01-22 02:07 2596008 -c--a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
2010-01-21 17:48 . 2010-01-21 17:48 2318024 -c----w- c:\program files\AquaPanorama.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MARYSLAPTOP\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISTray"="c:\program files\MyBuddy.exe\pctsTray.exe" [2010-07-01 1287120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-23 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-18 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\MySuperBuddy\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\MySuperBuddy\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-25 13:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/30/2010 8:48 PM 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2010 3:48 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\MySuperBuddy\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\MySuperBuddy\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2010 3:48 PM 17744]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\MyBuddy.exe\pctsAuxs.exe [6/30/2010 8:47 PM 366840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/4/2008 8:59 PM 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\Drivers\hpzs2k12.sys --> c:\windows\system32\Drivers\hpzs2k12.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: gotoassist.com
Trusted Zone: sumtotalsystems.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-HPLJ Config - c:\program files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 14:48
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\MySuperBuddy\SASWINLO.DLL
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-30 14:57:13
ComboFix-quarantined-files.txt 2010-08-30 18:57

Pre-Run: 98,551,558,144 bytes free
Post-Run: 99,448,123,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 9569FC5166B45475AA96A912A631F86D


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 30 August 2010 - 04:37 PM

Hi there,

Redirects should be gone now. Maybe search around a bit to confirm.

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\program files\MyBuddy.exe
c:\program files\CouponPrinter.exe
c:\program files\AquaPanorama.exe
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 05:41 PM

Here is the latest ComboFixlog.txt as you requested:
ComboFix 10-08-29.04 - Anthony 08/30/2010 18:04:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\AquaPanorama.exe"
"c:\program files\CouponPrinter.exe"
"c:\program files\MyBuddy.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AquaPanorama.exe
c:\program files\CouponPrinter.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 20:44 . 2010-08-30 20:44 -------- d-----w- c:\windows\LastGood
2010-08-25 12:31 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-25 12:12 . 2010-08-25 12:12 -------- d-----w- c:\program files\Windows Defender
2010-08-20 19:13 . 2010-08-30 17:53 -------- d-----w- C:\MDT
2010-08-20 17:52 . 2010-08-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-08-11 15:43 . 2010-08-11 15:43 61440 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-sse.dll
2010-08-11 15:43 . 2010-08-11 15:43 503808 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcp71.dll
2010-08-11 15:43 . 2010-08-11 15:43 499712 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\jmc.dll
2010-08-11 15:43 . 2010-08-11 15:43 348160 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcr71.dll
2010-08-11 15:43 . 2010-08-11 15:43 12800 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-d3d.dll
2010-08-01 20:53 . 2010-08-01 20:53 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 21:55 . 2008-10-16 17:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 21:53 . 2010-07-01 00:47 -------- d-----w- c:\program files\MyBuddy.exe
2010-08-30 17:53 . 2008-04-24 18:36 0 -c--a-w- c:\documents and settings\Anthony\Local Settings\Application Data\WavXMapDrive.bat
2010-08-30 17:44 . 2010-01-21 19:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 14:53 . 2010-07-01 11:01 63488 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 14:53 . 2010-07-01 11:01 117760 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 13:35 . 2008-04-18 15:36 -------- d-----w- c:\program files\Google
2010-08-28 13:30 . 2010-08-28 13:30 118784 ----a-w- c:\windows\Web\Wallpaper\Aqua Panorama.exe
2010-08-03 13:15 . 2010-07-01 11:00 -------- d-----w- c:\program files\MySuperBuddy
2010-07-23 11:09 . 2010-07-23 11:09 -------- d-----w- c:\program files\Trend Micro
2010-07-23 11:08 . 2010-07-23 11:08 812344 ----a-w- c:\program files\HJTInstall.exe
2010-07-21 12:50 . 2010-07-21 12:50 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-10 12:49 . 2010-05-12 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 12:46 . 2010-07-10 12:46 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-10 12:46 . 2010-07-10 12:46 -------- d-----w- c:\program files\NOS
2010-07-05 04:44 . 2008-04-18 14:50 67555 ----a-w- c:\windows\system32\nvModes.dat
2010-07-03 20:10 . 2008-04-18 15:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-03 20:08 . 2008-04-18 15:28 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-03 19:59 . 2008-04-18 15:09 -------- d-----w- c:\program files\Dell
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Alwil Software
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-03 19:46 . 2010-07-03 19:46 53785488 ----a-w- c:\program files\av_free.exe
2010-07-02 19:36 . 2010-07-02 19:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-01 23:33 . 2008-04-18 15:07 -------- d-----w- c:\program files\Java
2010-07-01 11:01 . 2010-07-01 11:01 52224 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 01:20 . 2010-07-01 00:48 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-01 01:20 . 2010-07-01 00:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 20:57 . 2010-07-03 19:47 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-03 19:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-03 19:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-03 19:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-03 19:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-03 19:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-03 19:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-03 19:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-03 19:47 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 02:08 . 2010-01-22 02:07 2596008 -c--a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MARYSLAPTOP\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISTray"="c:\program files\MyBuddy.exe\pctsTray.exe" [2010-07-01 1287120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-23 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-18 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\MySuperBuddy\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\MySuperBuddy\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-25 13:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/30/2010 8:48 PM 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2010 3:48 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\MySuperBuddy\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\MySuperBuddy\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2010 3:48 PM 17744]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\MyBuddy.exe\pctsAuxs.exe [6/30/2010 8:47 PM 366840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/4/2008 8:59 PM 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\Drivers\hpzs2k12.sys --> c:\windows\system32\Drivers\hpzs2k12.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: gotoassist.com
Trusted Zone: sumtotalsystems.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 18:23
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\MySuperBuddy\SASWINLO.DLL
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-30 18:32:02
ComboFix-quarantined-files.txt 2010-08-30 22:31
ComboFix2.txt 2010-08-30 19:02

Pre-Run: 99,124,346,880 bytes free
Post-Run: 99,148,636,160 bytes free

- - End Of File - - A5A7892F3EE5B3881BA85821FC10B558


#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 30 August 2010 - 05:56 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\windows\Web\Wallpaper\Aqua Panorama.exe
c:\program files\av_free.exe

Folder::
c:\program files\MyBuddy.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#12 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 30 August 2010 - 08:50 PM

Here is the ComboFix.txt file you requested in your last post.

ComboFix 10-08-29.04 - Anthony 08/30/2010 21:04:34.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1361 [GMT -4:00]
Running from: c:\documents and settings\All Users\Desktop\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\av_free.exe"
"c:\windows\Web\Wallpaper\Aqua Panorama.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\av_free.exe
c:\program files\MyBuddy.exe
c:\program files\MyBuddy.exe\Alert.exe
c:\program files\MyBuddy.exe\alert.wav
c:\program files\MyBuddy.exe\avdb\201008300701\BLST.bin
c:\program files\MyBuddy.exe\avdb\201008300701\ecmldr32.DLL
c:\program files\MyBuddy.exe\avdb\201008300701\ecmsvr32.DLL
c:\program files\MyBuddy.exe\avdb\201008300701\info.dbsdk
c:\program files\MyBuddy.exe\avdb\201008300701\naveng32.dll
c:\program files\MyBuddy.exe\avdb\201008300701\navex32a.dll
c:\program files\MyBuddy.exe\avdb\201008300701\pctdefdb.dat
c:\program files\MyBuddy.exe\avdb\201008300701\SCRAUTH.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\sdef.dbsdk
c:\program files\MyBuddy.exe\avdb\201008300701\SFS2.bin
c:\program files\MyBuddy.exe\avdb\201008300701\TCDEFS.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TCSCAN7.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TCSCAN8.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TCSCAN9.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TINF.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TINFIDX.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TINFL.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TSCAN1.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\TSCAN1HD.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN.INF
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN1.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN2.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN3.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN4.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN5.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN6.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN7.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN8.DAT
c:\program files\MyBuddy.exe\avdb\201008300701\VIRSCAN9.DAT
c:\program files\MyBuddy.exe\avdb\av10-000.vdb
c:\program files\MyBuddy.exe\avdb\av10-001.vdb
c:\program files\MyBuddy.exe\avdb\av10-002.vdb
c:\program files\MyBuddy.exe\avdb\av10-003.vdb
c:\program files\MyBuddy.exe\avdb\av10-004.vdb
c:\program files\MyBuddy.exe\avdb\av10-005.vdb
c:\program files\MyBuddy.exe\avdb\av10-006.vdb
c:\program files\MyBuddy.exe\avdb\av10-007.vdb
c:\program files\MyBuddy.exe\avdb\av10-008.vdb
c:\program files\MyBuddy.exe\avdb\av10-009.vdb
c:\program files\MyBuddy.exe\avdb\av10-010.vdb
c:\program files\MyBuddy.exe\avdb\av10-011.vdb
c:\program files\MyBuddy.exe\avdb\av10-012.vdb
c:\program files\MyBuddy.exe\avdb\av10-013.vdb
c:\program files\MyBuddy.exe\avdb\av10-014.vdb
c:\program files\MyBuddy.exe\avdb\av10-015.vdb
c:\program files\MyBuddy.exe\avdb\av10-016.vdb
c:\program files\MyBuddy.exe\avdb\av10-017.vdb
c:\program files\MyBuddy.exe\avdb\av10-018.vdb
c:\program files\MyBuddy.exe\avdb\av10-019.vdb
c:\program files\MyBuddy.exe\avdb\av10-020.vdb
c:\program files\MyBuddy.exe\avdb\av10-100.vdb
c:\program files\MyBuddy.exe\avdb\av10-101.vdb
c:\program files\MyBuddy.exe\avdb\av10-daily.vdb
c:\program files\MyBuddy.exe\avdb\Bsdb.bin
c:\program files\MyBuddy.exe\avdb\vdb.xml
c:\program files\MyBuddy.exe\avengine\PCTAVEng.dll
c:\program files\MyBuddy.exe\avengine\pctdefdb.dll
c:\program files\MyBuddy.exe\avengine\PCTPatch.dll
c:\program files\MyBuddy.exe\avengine\SDAVgate.dll
c:\program files\MyBuddy.exe\avengine\sdkBSCtrl.dll
c:\program files\MyBuddy.exe\BDT\drm\ISDRMHelper.dll
c:\program files\MyBuddy.exe\BDT\drm\SDDRMHelper.dll
c:\program files\MyBuddy.exe\BDT\firefox\chrome.manifest
c:\program files\MyBuddy.exe\BDT\firefox\chrome\bdtoolbar.jar
c:\program files\MyBuddy.exe\BDT\firefox\components\autocomplete.js
c:\program files\MyBuddy.exe\BDT\firefox\components\IHeuristics.xpt
c:\program files\MyBuddy.exe\BDT\firefox\data\hash.dat
c:\program files\MyBuddy.exe\BDT\firefox\data\ISDRMHelper.dll
c:\program files\MyBuddy.exe\BDT\firefox\data\SDDRMHelper.dll
c:\program files\MyBuddy.exe\BDT\firefox\data\sites.txt
c:\program files\MyBuddy.exe\BDT\firefox\install.rdf
c:\program files\MyBuddy.exe\BDT\firefox\platform\linux_x86-gcc3\components\libheuristic.so
c:\program files\MyBuddy.exe\BDT\firefox\platform\linux_x86_64-gcc3\components\libheuristic.so
c:\program files\MyBuddy.exe\BDT\firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
c:\program files\MyBuddy.exe\BDT\InnoHelpers.dll
c:\program files\MyBuddy.exe\BDT\PCTBDUpdate.exe.old
c:\program files\MyBuddy.exe\BDT\PCTBrowserDefender.dll.old
c:\program files\MyBuddy.exe\BDT\settings.ini
c:\program files\MyBuddy.exe\BDT\ShastaCache
c:\program files\MyBuddy.exe\BDT\uc.dat
c:\program files\MyBuddy.exe\BH.dll
c:\program files\MyBuddy.exe\BH2.dll
c:\program files\MyBuddy.exe\bpo-sdhelp.chm
c:\program files\MyBuddy.exe\bugreport.txt
c:\program files\MyBuddy.exe\bul-sdhelp.chm
c:\program files\MyBuddy.exe\Bulgarian.lng
c:\program files\MyBuddy.exe\cdialogs.dll
c:\program files\MyBuddy.exe\ChineseSimp.lng
c:\program files\MyBuddy.exe\ChineseTrad.lng
c:\program files\MyBuddy.exe\commhlpr.dll
c:\program files\MyBuddy.exe\commlib.dll
c:\program files\MyBuddy.exe\commlib32.dll
c:\program files\MyBuddy.exe\commom.dll
c:\program files\MyBuddy.exe\cro-sdhelp.chm
c:\program files\MyBuddy.exe\Croatian.lng
c:\program files\MyBuddy.exe\csi-sdhelp.chm
c:\program files\MyBuddy.exe\ctr-sdhelp.chm
c:\program files\MyBuddy.exe\cze-sdhelp.chm
c:\program files\MyBuddy.exe\Czech.lng
c:\program files\MyBuddy.exe\dan-sdhelp.chm
c:\program files\MyBuddy.exe\Danish.lng
c:\program files\MyBuddy.exe\data\AU_SD_en.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_FS.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_BG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_BHG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_CG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_NG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_PG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_SG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_IG_SUG.dat
c:\program files\MyBuddy.exe\data\AU_SD_en_PS.dat
c:\program files\MyBuddy.exe\data\AU_SD_uk.dat
c:\program files\MyBuddy.exe\data\AU_SD_uk_FS.dat
c:\program files\MyBuddy.exe\data\AU_SDA_en.dat
c:\program files\MyBuddy.exe\data\AU_SDA_en_FS.dat
c:\program files\MyBuddy.exe\data\AU_SDA_uk.dat
c:\program files\MyBuddy.exe\data\AU_SDA_uk_FS.dat
c:\program files\MyBuddy.exe\data\ER_SD_en.dat
c:\program files\MyBuddy.exe\data\ER_SD_uk.dat
c:\program files\MyBuddy.exe\data\ER_SDA_en.dat
c:\program files\MyBuddy.exe\data\ER_SDA_uk.dat
c:\program files\MyBuddy.exe\data\FU_SD_en.dat
c:\program files\MyBuddy.exe\data\FU_SD_en_FS.dat
c:\program files\MyBuddy.exe\data\FU_SD_uk.dat
c:\program files\MyBuddy.exe\data\FU_SD_uk_FS.dat
c:\program files\MyBuddy.exe\data\FU_SDA_en.dat
c:\program files\MyBuddy.exe\data\FU_SDA_en_FS.dat
c:\program files\MyBuddy.exe\data\FU_SDA_uk.dat
c:\program files\MyBuddy.exe\data\FU_SDA_uk_FS.dat
c:\program files\MyBuddy.exe\data\TB_SD_en.dat
c:\program files\MyBuddy.exe\data\TB_SD_uk.dat
c:\program files\MyBuddy.exe\data\TB_SDA_en.dat
c:\program files\MyBuddy.exe\data\TB_SDA_uk.dat
c:\program files\MyBuddy.exe\deu-sdhelp.chm
c:\program files\MyBuddy.exe\Deutsch.lng
c:\program files\MyBuddy.exe\drvctl.exe
c:\program files\MyBuddy.exe\Dutch.lng
c:\program files\MyBuddy.exe\eng-sdhelp.chm
c:\program files\MyBuddy.exe\English.lng
c:\program files\MyBuddy.exe\EnglishBritish.lng
c:\program files\MyBuddy.exe\ErrorReport.txt
c:\program files\MyBuddy.exe\esp-sdhelp.chm
c:\program files\MyBuddy.exe\euk-sdhelp.chm
c:\program files\MyBuddy.exe\ff_check.dat
c:\program files\MyBuddy.exe\FileCache
c:\program files\MyBuddy.exe\FileCache_cs
c:\program files\MyBuddy.exe\filehlpr.dll
c:\program files\MyBuddy.exe\FileStorage.sdp
c:\program files\MyBuddy.exe\fin-sdhelp.chm
c:\program files\MyBuddy.exe\Finnish.lng
c:\program files\MyBuddy.exe\fre-sdhelp.chm
c:\program files\MyBuddy.exe\French.lng
c:\program files\MyBuddy.exe\gdcrt.dat
c:\program files\MyBuddy.exe\gre-sdhelp.chm
c:\program files\MyBuddy.exe\Greek.lng
c:\program files\MyBuddy.exe\history\syslog.dad
c:\program files\MyBuddy.exe\history\syslog.das
c:\program files\MyBuddy.exe\history\userlog.dad
c:\program files\MyBuddy.exe\history\userlog.das
c:\program files\MyBuddy.exe\homepage.url
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Bulgarian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_ChineseSimp.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_ChineseTrad.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Croatian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Czech.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Danish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Deutsch.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Dutch.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_English.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_EnglishBritish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Finnish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_French.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Greek.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Hungarian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Italian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Japanese.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Korean.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Norwegian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Polski.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Portuguese.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_PortugueseBrazilian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Romanian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Russian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Slovakian.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Spanish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Swedish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Thai.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SD_Turkish.html
c:\program files\MyBuddy.exe\html\SiteBlockResp_SDR_ChineseSimp.html
c:\program files\MyBuddy.exe\hun-sdhelp.chm
c:\program files\MyBuddy.exe\Hungarian.lng
c:\program files\MyBuddy.exe\IDBLib.sdp
c:\program files\MyBuddy.exe\Immunizer.sdp
c:\program files\MyBuddy.exe\inethlpr.dll
c:\program files\MyBuddy.exe\InnoHelpers.dll
c:\program files\MyBuddy.exe\InnoUtils.dll
c:\program files\MyBuddy.exe\ita-sdhelp.chm
c:\program files\MyBuddy.exe\Italian.lng
c:\program files\MyBuddy.exe\jap-sdhelp.chm
c:\program files\MyBuddy.exe\Japanese.lng
c:\program files\MyBuddy.exe\KG_XP.KGD
c:\program files\MyBuddy.exe\kor-sdhelp.chm
c:\program files\MyBuddy.exe\Korean.lng
c:\program files\MyBuddy.exe\Languages.xml
c:\program files\MyBuddy.exe\libeay32.dll
c:\program files\MyBuddy.exe\Localizer.sdp
c:\program files\MyBuddy.exe\LuLng\Bulgarian.lng
c:\program files\MyBuddy.exe\LuLng\ChineseSimp.lng
c:\program files\MyBuddy.exe\LuLng\ChineseTrad.lng
c:\program files\MyBuddy.exe\LuLng\Croatian.lng
c:\program files\MyBuddy.exe\LuLng\Czech.lng
c:\program files\MyBuddy.exe\LuLng\Danish.lng
c:\program files\MyBuddy.exe\LuLng\Deutsch.lng
c:\program files\MyBuddy.exe\LuLng\Dutch.lng
c:\program files\MyBuddy.exe\LuLng\English.lng
c:\program files\MyBuddy.exe\LuLng\EnglishBritish.lng
c:\program files\MyBuddy.exe\LuLng\Finnish.lng
c:\program files\MyBuddy.exe\LuLng\French.lng
c:\program files\MyBuddy.exe\LuLng\Greek.lng
c:\program files\MyBuddy.exe\LuLng\Hungarian.lng
c:\program files\MyBuddy.exe\LuLng\Italian.lng
c:\program files\MyBuddy.exe\LuLng\Japanese.lng
c:\program files\MyBuddy.exe\LuLng\Korean.lng
c:\program files\MyBuddy.exe\LuLng\Norwegian.lng
c:\program files\MyBuddy.exe\LuLng\Polski.lng
c:\program files\MyBuddy.exe\LuLng\Portuguese.lng
c:\program files\MyBuddy.exe\LuLng\PortugueseBrazilian.lng
c:\program files\MyBuddy.exe\LuLng\Romanian.lng
c:\program files\MyBuddy.exe\LuLng\Russian.lng
c:\program files\MyBuddy.exe\LuLng\Slovakian.lng
c:\program files\MyBuddy.exe\LuLng\Spanish.lng
c:\program files\MyBuddy.exe\LuLng\Swedish.lng
c:\program files\MyBuddy.exe\LuLng\Thai.lng
c:\program files\MyBuddy.exe\LuLng\Turkish.lng
c:\program files\MyBuddy.exe\ned-sdhelp.chm
c:\program files\MyBuddy.exe\NetworkLayer\blacklistlsp.txt
c:\program files\MyBuddy.exe\NetworkLayer\blacklistlsp.txt.sig
c:\program files\MyBuddy.exe\NetworkLayer\InstSGTool.dll
c:\program files\MyBuddy.exe\NetworkLayer\Microsoft.VC80.CRT.manifest
c:\program files\MyBuddy.exe\NetworkLayer\msvcm80.dll
c:\program files\MyBuddy.exe\NetworkLayer\msvcp80.dll
c:\program files\MyBuddy.exe\NetworkLayer\msvcr80.dll
c:\program files\MyBuddy.exe\NetworkLayer\PCTCFFix.exe
c:\program files\MyBuddy.exe\NetworkLayer\PCTCFHook.dll
c:\program files\MyBuddy.exe\NetworkLayer\PCTLsp.dll
c:\program files\MyBuddy.exe\NetworkLayer\PCTSecUtility.dll
c:\program files\MyBuddy.exe\NetworkLayer\PCTSecUtility64.dll
c:\program files\MyBuddy.exe\NetworkLayer\PluginDllSG.dll
c:\program files\MyBuddy.exe\NfyMan.sdp
c:\program files\MyBuddy.exe\nor-sdhelp.chm
c:\program files\MyBuddy.exe\Norwegian.lng
c:\program files\MyBuddy.exe\PCTGMhk.dll
c:\program files\MyBuddy.exe\PCTMime.dll
c:\program files\MyBuddy.exe\PCToolsComponents.bpl
c:\program files\MyBuddy.exe\pctsAuxs.exe
c:\program files\MyBuddy.exe\PCTSDInj32.sys
c:\program files\MyBuddy.exe\pctsGui.exe
c:\program files\MyBuddy.exe\pctsSvc.exe
c:\program files\MyBuddy.exe\pctsTray.exe
c:\program files\MyBuddy.exe\pcttMD3.exe
c:\program files\MyBuddy.exe\PCTWSC.dll
c:\program files\MyBuddy.exe\PDialogs.dll
c:\program files\MyBuddy.exe\plugins\Behavior.sdp
c:\program files\MyBuddy.exe\plugins\Browsers.SDP
c:\program files\MyBuddy.exe\plugins\cookie.sdp
c:\program files\MyBuddy.exe\plugins\email.sdp
c:\program files\MyBuddy.exe\plugins\grAV.sdp
c:\program files\MyBuddy.exe\plugins\grfiles.SDP
c:\program files\MyBuddy.exe\plugins\grImmunizer.SDP
c:\program files\MyBuddy.exe\plugins\grregistry.SDP
c:\program files\MyBuddy.exe\plugins\Network.SDP
c:\program files\MyBuddy.exe\plugins\Process.SDP
c:\program files\MyBuddy.exe\plugins\ScriptEngine.SDP
c:\program files\MyBuddy.exe\plugins\SDNet.cfg
c:\program files\MyBuddy.exe\plugins\SDNET.SDP
c:\program files\MyBuddy.exe\plugins\Site.sdp
c:\program files\MyBuddy.exe\plugins\StartUp.SDP
c:\program files\MyBuddy.exe\pol-sdhelp.chm
c:\program files\MyBuddy.exe\Polski.lng
c:\program files\MyBuddy.exe\por-sdhelp.chm
c:\program files\MyBuddy.exe\Portuguese.lng
c:\program files\MyBuddy.exe\PortugueseBrazilian.lng
c:\program files\MyBuddy.exe\PWindow.dll
c:\program files\MyBuddy.exe\quarantine.sdp
c:\program files\MyBuddy.exe\RebootManager.sdp
c:\program files\MyBuddy.exe\RefDB.bin6
c:\program files\MyBuddy.exe\RefDB.old
c:\program files\MyBuddy.exe\RegHelper.dll
c:\program files\MyBuddy.exe\rom-sdhelp.chm
c:\program files\MyBuddy.exe\Romanian.lng
c:\program files\MyBuddy.exe\rtl100.bpl
c:\program files\MyBuddy.exe\rus-sdhelp.chm
c:\program files\MyBuddy.exe\Russian.lng
c:\program files\MyBuddy.exe\scaneng.sdp
c:\program files\MyBuddy.exe\SDContextExt32.dll
c:\program files\MyBuddy.exe\sdcore.dll
c:\program files\MyBuddy.exe\sdextra.sdp
c:\program files\MyBuddy.exe\SDInfo.sdp
c:\program files\MyBuddy.exe\sdinvoker.exe
c:\program files\MyBuddy.exe\sdloader.exe
c:\program files\MyBuddy.exe\sdnet\MANIFEST.1
c:\program files\MyBuddy.exe\SDNetPlugin.dll
c:\program files\MyBuddy.exe\SDNetPlugin.ini
c:\program files\MyBuddy.exe\SDNetPlugin.txt
c:\program files\MyBuddy.exe\sdSTasks.def
c:\program files\MyBuddy.exe\sdwvhlp.dll
c:\program files\MyBuddy.exe\Settings.cfg
c:\program files\MyBuddy.exe\Settings.sdp
c:\program files\MyBuddy.exe\SH.dll
c:\program files\MyBuddy.exe\silentdb.ini
c:\program files\MyBuddy.exe\slo-sdhelp.chm
c:\program files\MyBuddy.exe\Slovakian.lng
c:\program files\MyBuddy.exe\smum32.dll
c:\program files\MyBuddy.exe\SOFactory.sdp
c:\program files\MyBuddy.exe\Spanish.lng
c:\program files\MyBuddy.exe\Sqlite3DB.dll
c:\program files\MyBuddy.exe\ssleay32.dll
c:\program files\MyBuddy.exe\stasks.sdp
c:\program files\MyBuddy.exe\SUErrorLog.txt
c:\program files\MyBuddy.exe\swe-sdhelp.chm
c:\program files\MyBuddy.exe\Swedish.lng
c:\program files\MyBuddy.exe\SysAccess.dll
c:\program files\MyBuddy.exe\SystemMonitor.sdp
c:\program files\MyBuddy.exe\TFEngine\ATL80.dll
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\01917B80.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\0493B220.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\09310E0B.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\1049C77F.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\1EBBD48A.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\231647C3.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\29D58CE0.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\3DF35F3A.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\427FE618.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\4A920122.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\4AF8CDC6.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\4DD46199.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\552A0FD8.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\5D5E30BB.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\64C44AFE.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\8796C1F1.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\8907D2D7.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\9E5D7233.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\AEA930F2.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\B798438E.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\BABEA9D6.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\C2E37938.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\C9C4A20A.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\D9B9191F.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\E877A478.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\EB218948.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\EB8AE881.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\EE7A8FAA.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\F588800A.out
c:\program files\MyBuddy.exe\TFEngine\BpDatabase\tf1000.out
c:\program files\MyBuddy.exe\TFEngine\Microsoft.VC80.ATL.manifest
c:\program files\MyBuddy.exe\TFEngine\Microsoft.VC80.CRT.manifest
c:\program files\MyBuddy.exe\TFEngine\msvcm80.dll
c:\program files\MyBuddy.exe\TFEngine\msvcp80.dll
c:\program files\MyBuddy.exe\TFEngine\msvcr80.dll
c:\program files\MyBuddy.exe\TFEngine\TFAPI.dll
c:\program files\MyBuddy.exe\TFEngine\TFCfg.dll
c:\program files\MyBuddy.exe\TFEngine\TFDBM.dll
c:\program files\MyBuddy.exe\TFEngine\TFE.dll
c:\program files\MyBuddy.exe\TFEngine\TFExt.dll
c:\program files\MyBuddy.exe\TFEngine\TFExtCli.dll
c:\program files\MyBuddy.exe\TFEngine\TfFsMon.sys
c:\program files\MyBuddy.exe\TFEngine\TFLog.dll
c:\program files\MyBuddy.exe\TFEngine\TFMisc.dll
c:\program files\MyBuddy.exe\TFEngine\TFMon.dll
c:\program files\MyBuddy.exe\TFEngine\TfNetMon.sys
c:\program files\MyBuddy.exe\TFEngine\TFNI.dll
c:\program files\MyBuddy.exe\TFEngine\TFO.dll
c:\program files\MyBuddy.exe\TFEngine\TFPA.dll
c:\program files\MyBuddy.exe\TFEngine\TFQT.dll
c:\program files\MyBuddy.exe\TFEngine\TFRK.dll
c:\program files\MyBuddy.exe\TFEngine\TFScan.dll
c:\program files\MyBuddy.exe\TFEngine\TFServer.dll
c:\program files\MyBuddy.exe\TFEngine\TFService.exe
c:\program files\MyBuddy.exe\TFEngine\TFSF.dll
c:\program files\MyBuddy.exe\TFEngine\TfSysMon.sys
c:\program files\MyBuddy.exe\TFEngine\TFTM.dll
c:\program files\MyBuddy.exe\TFEngine\TFUN.exe
c:\program files\MyBuddy.exe\TFEngine\TFUndo.dll
c:\program files\MyBuddy.exe\TFEngine\TFWAH.dll
c:\program files\MyBuddy.exe\TFEngine\TFWL.db5
c:\program files\MyBuddy.exe\TFEngine\TFWS.dll
c:\program files\MyBuddy.exe\tha-sdhelp.chm
c:\program files\MyBuddy.exe\Thai.lng
c:\program files\MyBuddy.exe\tur-sdhelp.chm
c:\program files\MyBuddy.exe\Turkish.lng
c:\program files\MyBuddy.exe\ugLng\Bulgarian.lng
c:\program files\MyBuddy.exe\ugLng\ChineseSimp.lng
c:\program files\MyBuddy.exe\ugLng\ChineseTrad.lng
c:\program files\MyBuddy.exe\ugLng\Croatian.lng
c:\program files\MyBuddy.exe\ugLng\Czech.lng
c:\program files\MyBuddy.exe\ugLng\Danish.lng
c:\program files\MyBuddy.exe\ugLng\Deutsch.lng
c:\program files\MyBuddy.exe\ugLng\Dutch.lng
c:\program files\MyBuddy.exe\ugLng\English.lng
c:\program files\MyBuddy.exe\ugLng\EnglishBritish.lng
c:\program files\MyBuddy.exe\ugLng\Finnish.lng
c:\program files\MyBuddy.exe\ugLng\French.lng
c:\program files\MyBuddy.exe\ugLng\Greek.lng
c:\program files\MyBuddy.exe\ugLng\Hungarian.lng
c:\program files\MyBuddy.exe\ugLng\Italian.lng
c:\program files\MyBuddy.exe\ugLng\Japanese.lng
c:\program files\MyBuddy.exe\ugLng\Korean.lng
c:\program files\MyBuddy.exe\ugLng\Norwegian.lng
c:\program files\MyBuddy.exe\ugLng\Polski.lng
c:\program files\MyBuddy.exe\ugLng\Portuguese.lng
c:\program files\MyBuddy.exe\ugLng\PortugueseBrazilian.lng
c:\program files\MyBuddy.exe\ugLng\Romanian.lng
c:\program files\MyBuddy.exe\ugLng\Russian.lng
c:\program files\MyBuddy.exe\ugLng\Slovakian.lng
c:\program files\MyBuddy.exe\ugLng\Spanish.lng
c:\program files\MyBuddy.exe\ugLng\Swedish.lng
c:\program files\MyBuddy.exe\ugLng\Thai.lng
c:\program files\MyBuddy.exe\ugLng\Turkish.lng
c:\program files\MyBuddy.exe\ugLng\Ukrainian.lng
c:\program files\MyBuddy.exe\umcat_01.db
c:\program files\MyBuddy.exe\UmInject32.exe
c:\program files\MyBuddy.exe\unins000.dat
c:\program files\MyBuddy.exe\unins000.exe
c:\program files\MyBuddy.exe\unins000.msg
c:\program files\MyBuddy.exe\Update.exe
c:\program files\MyBuddy.exe\UpdateHlpr.dll
c:\program files\MyBuddy.exe\upgrade.cfg
c:\program files\MyBuddy.exe\Upgrade.exe
c:\program files\MyBuddy.exe\UserModeFileCache.dll
c:\program files\MyBuddy.exe\vcl100.bpl
c:\program files\MyBuddy.exe\whitelist.sdp
c:\program files\MyBuddy.exe\wlDefines.cfg
c:\windows\Web\Wallpaper\Aqua Panorama.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sdAuxService
-------\Legacy_sdAuxService
-------\Service_sdAuxService
-------\Service_sdAuxService


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-25 12:31 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-25 12:12 . 2010-08-25 12:12 -------- d-----w- c:\program files\Windows Defender
2010-08-20 19:13 . 2010-08-31 01:36 -------- d-----w- C:\MDT
2010-08-20 17:52 . 2010-08-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-08-01 20:53 . 2010-08-01 20:53 -------- d-----w- c:\windows\system32\wbem\Repository
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 01:36 . 2008-04-24 18:36 0 -c--a-w- c:\documents and settings\Anthony\Local Settings\Application Data\WavXMapDrive.bat
2010-08-31 01:33 . 2008-10-16 17:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 17:44 . 2010-01-21 19:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 14:53 . 2010-07-01 11:01 63488 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 14:53 . 2010-07-01 11:01 117760 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-28 13:35 . 2008-04-18 15:36 -------- d-----w- c:\program files\Google
2010-08-11 15:43 . 2010-08-11 15:43 61440 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-sse.dll
2010-08-11 15:43 . 2010-08-11 15:43 503808 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcp71.dll
2010-08-11 15:43 . 2010-08-11 15:43 499712 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\jmc.dll
2010-08-11 15:43 . 2010-08-11 15:43 348160 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fb10eb9-n\msvcr71.dll
2010-08-11 15:43 . 2010-08-11 15:43 12800 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e2a8b62-n\decora-d3d.dll
2010-08-03 13:15 . 2010-07-01 11:00 -------- d-----w- c:\program files\MySuperBuddy
2010-07-23 11:09 . 2010-07-23 11:09 -------- d-----w- c:\program files\Trend Micro
2010-07-23 11:08 . 2010-07-23 11:08 812344 ----a-w- c:\program files\HJTInstall.exe
2010-07-21 12:50 . 2010-07-21 12:50 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-10 12:49 . 2010-05-12 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 12:46 . 2010-07-10 12:46 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-07-10 12:46 . 2010-07-10 12:46 -------- d-----w- c:\program files\NOS
2010-07-05 04:44 . 2008-04-18 14:50 67555 ----a-w- c:\windows\system32\nvModes.dat
2010-07-03 20:10 . 2008-04-18 15:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-03 20:08 . 2008-04-18 15:28 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-03 19:59 . 2008-04-18 15:09 -------- d-----w- c:\program files\Dell
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\program files\Alwil Software
2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-02 19:36 . 2010-07-02 19:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-01 11:01 . 2010-07-01 11:01 52224 ----a-w- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-01 01:20 . 2010-07-01 00:48 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-01 01:20 . 2010-07-01 00:48 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-28 20:57 . 2010-07-03 19:47 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-03 19:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-03 19:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-03 19:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-03 19:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-03 19:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-07-03 19:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-07-03 19:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-07-03 19:47 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 02:08 . 2010-01-22 02:07 2596008 -c--a-w- c:\program files\GoogleToolbarInstaller_en32_signed.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MARYSLAPTOP\EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-23 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-18 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\MySuperBuddy\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\MySuperBuddy\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-25 13:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/30/2010 8:48 PM 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/3/2010 3:48 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\MySuperBuddy\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\MySuperBuddy\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/3/2010 3:48 PM 17744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/4/2008 8:59 PM 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\Drivers\hpzs2k12.sys --> c:\windows\system32\Drivers\hpzs2k12.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: gotoassist.com
Trusted Zone: sumtotalsystems.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Spyware Doctor - c:\program files\MyBuddy.exe\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 21:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\MySuperBuddy\SASWINLO.DLL
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\StacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-08-30 21:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 01:46
ComboFix2.txt 2010-08-30 22:32
ComboFix3.txt 2010-08-30 19:02

Pre-Run: 99,002,490,880 bytes free
Post-Run: 98,822,344,704 bytes free

- - End Of File - - 62240573F9C609C352A212055247E64F


#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 30 August 2010 - 08:58 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 marym

marym
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New York
  • Local time:08:13 AM

Posted 31 August 2010 - 11:51 AM

I started the Kaspersky scan last night but it took so long I went to bed. This morning I saw the scan froze so I had to start it again which took over three hours. Here are the two logs requested...finally...;)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4507

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/30/2010 11:37:52 AM
mbam-log-2010-08-30 (11-37-52).txt

Scan type: Quick scan
Objects scanned: 165320
Time elapsed: 22 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 31, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 31, 2010 07:03:05
Records in database: 4169549
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 71283
Threats found: 2
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:26:54


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\MyBuddy.exe\PCTGMhk.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Program Files\MyBuddy.exe\smum32.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0006789.sys Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0007226.dll Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0007227.dll Infected: Packed.Win32.Krap.hc 1

Selected area has been scanned.


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:13 AM

Posted 31 August 2010 - 11:56 AM

Hi there,

Everything is looking good, how is your computer running now?

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users