Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:BHO-KD [Trj] Avast's Name Of Virus [RESOLVED]


  • This topic is locked This topic is locked

#1
bcoe

bcoe

    New Member

  • Member
  • Pip
  • 6 posts
Greetings,

I have a virus that is very simlar to others that g2g has been successful at removing. First noticed problems ~ Dec 15th.

Appologies to be long-winded but I want to give as much detail as possible. New to g2g and also new to getting viruses. HijackThis / Activescan / Uninstall Logs are pasted below as directed in the "read before posting" directive. AVG would not give a log.

Symptoms Of Virus
1) Redirect to Search-Daily when clicking links on Google.
2) Windows warning, yellow hazzard with exclamation mark. Comment stating I have spyware or something. It would take me to some sight which wanted me to click on a button for a free scan. It ultimately ended up taking me to a screen to purchase the software.

I have downloaded several spyware / adware removal tools. At first, nothing that I tried would find it. The 12/31 Avast definition update yielded a hit. So, I updated some of the others that previously failed retried those. A few of them began finding it as well. They mostly refer to it by different names. All says it lives in C:\WINNT\system32\dusero.dll. Two gave more details about where it lives.

The automated tools have not been successful in removing it.
•Spyware Detector says it is Adware.Smitfraud and claims to have successfully blocked the BHO only to have it immediatly duplicate a new and unblocked version of itself. (smitfraud scanner does not detect this as such)
•AVG says it is Trojan.BHO.agz and removes it, but it comes back.
•Avast says it is Win32:BHO-KD [Trj] and offers to clean it up during a boot scan. It would not allow Avast to restart the computer. Avast was successful in restarting on one attempt. The file was deleted and came back many many times. It was a stalemate and would not have stopped trying to delete them all. I turned it off after 20 minutes.
•Counter Spy quarantined it 888 times in a single scan. I had to cancel that scan as it was similar tot he Avast stalemate.
•AVG in safemode called it a Trojan.BHO.agz. I asked for the log to be generated, but it didn't provide one.
•Norton Security Scan calls it a Trojan.Adclicker and will not delete it. It offers to finish the job during restart but does not work. Symantec sugestion to delete the file from the regristry does not work either. Computer will not allow for it to be renamed or deleted. Norton and SUPERAnti Spyware both gave the same more detailed description about the location of the threat. Part of the name also matches the BHO from Spyware Detector. See log for SUPERAnti Spyware log.
•SUPERAnti Spyware claims to have quarantined it, but will not allow for it to be removed. I comes back.

Fake Windows alert doesn't show up anymore. Additionally, I have not been redirected in a week or more. It takes me to the google link or dies trying to redirect. I think some of my actions has removed some of the virus and causes it to not function as it once did.

I have tried everything that I know, even bought Spyware Detector after specifically asking if their software could remove the virus that had been detected with their free scanner. I will buy a new computer before buying more software.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2007 at 01:05 AM

Application Version : 3.9.1008

Core Rules Database Version : 3370
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 00:46:37

Memory items scanned : 587
Memory threats detected : 1
Registry items scanned : 6441
Registry threats detected : 5
File items scanned : 42586
File threats detected : 2

Adware.Vundo-Variant/B
C:\WINNT\SYSTEM32\DUSERO.DLL
C:\WINNT\SYSTEM32\DUSERO.DLL
HKLM\Software\Classes\CLSID\{110B173A-D443-4A35-8361-D4219F8AECB7}
HKCR\CLSID\{110B173A-D443-4A35-8361-D4219F8AECB7}
HKCR\CLSID\{110B173A-D443-4A35-8361-D4219F8AECB7}\InprocServer32
HKCR\CLSID\{110B173A-D443-4A35-8361-D4219F8AECB7}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{110B173A-D443-4A35-8361-D4219F8AECB7}

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt




Panda Activescan Log
Incident Status Location

Virus:Trj/Downloader.RKS Disinfected Operating system
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Virus:Trj/Downloader.RKS Disinfected C:\WINNT\system32\dusero.dll




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:16 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {110B173A-D443-4A35-8361-D4219F8AECB7} - C:\WINNT\system32\dusero.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R7M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_K4U~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_H5M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FSD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\Owner\LOCALS~1\History\History.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_yR0XU.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NNN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LB4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_wP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NHR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EXD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6EI~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZAL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YCW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XGQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_MOE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\S
O4 - HKUS\S-1-5-18\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 10881 bytes



Uninstall List
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Amazon Unbox Video
ArcSoft Software Suite
Auto Gordian Knot 2.45
AV DVD Player Morpher
avast! Antivirus
AVG Anti-Spyware 7.5
AviSynth 2.5
CCScore
Colors, Shapes & More
CR2
Creative Driver
CutePDF Writer 2.5
Do More 7.0
Driver Detective
DVD
DVD-TO-AVI V1.9
EMCO Malware Destroyer
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoCenter
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON SPRX620 Reference Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Event Planner
Gateway Drivers and Applications Recovery
Gateway Rhapsody
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTW V.92 Voicemodem
Hallmark Christian Card Studio
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp instant support
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
Intel® PRO Network Connections Software v10.1.41.0
Intel® PROSafe for Wired Connections
Intel® PROSafe for Wired Connections
InterActual Player
IrfanView (remove only)
kgcbase
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech SetPoint
Lowe's Home Plans Collection
Markosoft Interest Calculator
McAfee QuickClean 6.1
McAfee SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Photo 7.0
Microsoft Picture It! Publishing Silver 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Move Networks Player for Internet Explorer
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
netbrdg
Network Play System (Patching)
Norton Security Scan
Notifier
NVIDIA Drivers
OfotoXMI
Palmcorder File Converter 3.00
Palmcorder USB Device Driver 2.00
Panda ActiveScan
PC-Doctor for Windows
Pinnacle Hollywood FX 4.6
Pinnacle Hollywood FX Pack - Gateway FX
pressplay
Print Lab Series
PS/2 Millennium Keyboard
QuickTime
Readiris 7.5
RealPlayer
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Snowflake 3D 3D Screensaver
Spybot - Search & Destroy
Spyware Detector
staticcr
Studio 8
Studio Content CD
SUPERAntiSpyware Free Edition
Symantec Technical Support Web Controls
tooltips
Ulead Photo Express 3.0 SE
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VobSub v2.23 (Remove Only)
VPRINTOL
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WIRELESS
Wisdom-soft AutoScreenRecorder 2.0 Free
Wisdom-soft ScreenHunter 5.0 Free
XviD MPEG4 Video Codec (remove only)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINNT\system32\dusero.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINNT\system32\dusero.dll

  • Click Open.
  • Click Post.
Thank you!


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
bcoe

bcoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the reply. Followed your instructions. The requested logs are below.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-08 17:25:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-01-08 23:25:43 UTC - RP16 - Deckard's System Scanner Restore Point
9: 2008-01-08 23:00:49 UTC - RP15 - Software Distribution Service 3.0
8: 2008-01-08 17:33:52 UTC - RP14 - System Checkpoint
7: 2008-01-07 09:33:52 UTC - RP13 - System Checkpoint
6: 2008-01-06 06:28:35 UTC - RP12 - Installed Minitab 15 English.


-- First Restore Point --
1: 2008-01-03 03:32:38 UTC - RP7 - restore_1-2-07


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 9.39 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:45 PM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\nvsvc32.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {110B173A-D443-4A35-8361-D4219F8AECB7} - C:\WINNT\system32\dusero.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R7M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_K4U~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_H5M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FSD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\Owner\LOCALS~1\History\History.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_yR0XU.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NNN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LB4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_wP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NHR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EXD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6EI~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZAL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YCW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XGQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_MOE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\S
O4 - HKUS\S-1-5-18\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 10938 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pggnprsx - c:\winnt\system32\drivers\svahvzjy.dat
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 dvdmmg - c:\winnt\system32\drivers\dvdmmg.sys
R3 pfc (PADUS ASPI SHELL) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SBAPIFS - c:\winnt\system32\drivers\sbapifs.sys (file missing)

S2 MKEMUSB (Panasonic Digital Palmcorder) - c:\winnt\system32\drivers\mkemusb.sys <Not Verified; Matsushita Kotobuki Electronics Industries, Ltd.; Panasonic Digital Palmcorder>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\winnt\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 DCamUSBMke (USB Video Camera for Panasonic Digital Palmcorder) - c:\winnt\system32\drivers\mkeusbi.sys <Not Verified; Matsushita Kotobuki Electronics Industries,Ltd.; Panasonic Digital Palmcorder>
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\winnt\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-04 16:35:45 408 --a------ C:\WINNT\Tasks\Norton Security Scan.job
2007-12-27 21:22:30 432 --a------ C:\WINNT\Tasks\EasyShare Registration Task.job
2004-01-18 05:02:33 342 --a------ C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1052951221.job


-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-08 17:31:46 0 d-------- C:\Program Files\Trend Micro
2008-01-06 00:30:44 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-01-06 00:30:38 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-06 00:30:33 0 d-------- C:\WINNT\system32\E177E04D548C4006A465EEB92D3DE021
2008-01-06 00:28:40 0 d-------- C:\Program Files\Minitab 15
2008-01-06 00:12:42 0 d-------- C:\Program Files\SigmaZone
2008-01-04 19:25:08 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-03 18:29:25 8576 --a------ C:\WINNT\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-03 18:01:09 0 d-------- C:\WINNT\system32\ActiveScan
2008-01-02 23:55:52 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-01-02 23:36:18 0 d-------- C:\Program Files\QuickTime
2008-01-02 21:49:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-02 18:20:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-02 18:20:02 0 d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-01 17:44:50 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-01 17:43:14 0 d-------- C:\Program Files\Common Files\iS3
2007-12-30 17:00:50 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-29 15:58:33 6061835 --a------ C:\WINNT\system32\SBSP.dat
2007-12-29 13:31:08 528054 --a------ C:\WINNT\system32\SBFC.dat
2007-12-29 13:30:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-12-29 12:32:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-12-29 12:32:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-29 12:30:58 0 d-------- C:\Program Files\Sunbelt Software
2007-12-29 00:10:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 00:10:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 00:10:17 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-28 21:19:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-28 21:19:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-28 21:19:43 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-28 20:44:45 108025548 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-12-28 13:45:53 0 d-------- C:\Program Files\Dvd-to-avi
2007-12-28 12:06:39 0 d-------- C:\temp
2007-12-28 12:06:01 0 d-------- C:\Program Files\Avex
2007-12-28 12:03:10 0 d-------- C:\Program Files\MSXML 6.0
2007-12-28 11:32:57 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-28 11:14:00 0 d-------- C:\Program Files\MSBuild
2007-12-28 11:08:24 0 d-------- C:\WINNT\system32\XPSViewer
2007-12-28 11:07:23 0 d-------- C:\Program Files\Reference Assemblies
2007-12-28 10:58:15 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-12-28 10:58:12 0 d-------- C:\Program Files\iSofter
2007-12-27 13:54:56 0 d-------- C:\Program Files\AV DVD Player Morpher
2007-12-26 17:35:39 270336 --a------ C:\WINNT\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-12-26 17:35:37 0 d-------- C:\Program Files\SpywareDetector
2007-12-21 13:09:37 43698 --a------ C:\WINNT\system32\xvid-uninstall.exe
2007-12-21 13:09:13 0 d-------- C:\Program Files\AviSynth 2.5
2007-12-21 13:08:15 0 d-------- C:\Program Files\Gabest
2007-12-21 13:07:47 0 d-------- C:\Program Files\AutoGK
2007-12-20 14:47:07 0 d-------- C:\Program Files\STOPzilla!
2007-12-20 02:37:55 0 d-------- C:\Program Files\Enigma Software Group
2007-12-20 01:47:52 0 d-------- C:\Program Files\Retina-X Spyware Cleaner
2007-12-20 00:32:16 123 --a------ C:\WINNT\system\SysSD.dll
2007-12-19 23:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-19 22:08:44 0 d-------- C:\Program Files\EMCO Malware Destroyer
2007-12-17 15:25:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 17:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 15:17:55 0 d-------- C:\WINNT\Google Toolbar
2007-12-11 12:23:35 235008 --a------ C:\WINNT\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-12-11 12:23:34 208896 --a------ C:\WINNT\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-12-11 12:23:19 0 d-------- C:\Program Files\Comodo
2007-12-10 19:16:39 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-12-10 18:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!


-- Find3M Report ---------------------------------------------------------------

2008-01-08 17:21:10 118914 --a------ C:\logfile
2008-01-08 17:12:19 288 --a------ C:\WINNT\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-01-08 17:12:19 288 --a------ C:\WINNT\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-01-06 00:28:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-04 20:38:05 0 d-------- C:\Program Files\Norton Security Scan
2008-01-04 17:55:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 19:07:54 0 d-------- C:\Program Files\Google
2008-01-01 17:43:14 0 d-------- C:\Program Files\Common Files
2007-12-29 13:58:06 3064 --a------ C:\WINNT\system32\d3d9caps.dat
2007-12-29 00:09:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 13:00:50 540 --a------ C:\Documents and Settings\Owner\Application Data\AutoGK.ini
2007-12-21 13:07:04 0 d-------- C:\Program Files\DivX
2007-12-21 13:06:05 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 02:58:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-20 01:22:17 0 d-------- C:\Program Files\Christmas Time 3D Screensaver
2007-12-20 00:12:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-12-19 23:12:19 0 d-------- C:\Program Files\Kodak
2007-12-16 19:12:51 0 d-------- C:\Program Files\InterActual
2007-12-11 15:57:34 0 d-------- C:\Program Files\Quicken
2007-12-11 15:55:50 0 d-------- C:\Program Files\Panasonic
2007-12-11 15:47:23 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-11 15:39:14 0 d-------- C:\Program Files\Maxis
2007-12-11 15:30:53 0 d-------- C:\Program Files\Broderbund
2007-12-11 15:05:56 0 d-------- C:\Program Files\McAfee.com
2007-11-03 16:05:02 3061 --a------ C:\WINNT\3ccfd126-c5b1-47fd-acf4-f9d755eb0157
2007-11-02 23:05:02 3029 --a------ C:\WINNT\cf9a3731-67d6-431a-bf0c-28a2778a4cbc
2007-11-02 22:05:02 3029 --a------ C:\WINNT\dd5b5eb3-f1b9-413d-87ae-09c3d2a966d9
2007-11-02 21:05:02 3029 --a------ C:\WINNT\aeef6d58-caa7-42b8-a907-1151aacbe1fd
2007-11-02 20:05:02 3029 --a------ C:\WINNT\1933ac9d-eeb1-4af4-8220-8efcbbd63ee3
2007-11-02 19:05:04 3029 --a------ C:\WINNT\b94be552-dd74-419a-a58c-3da9450ec128
2007-11-02 18:05:02 3029 --a------ C:\WINNT\cba8db8e-ed07-4eb7-97cd-570f3105d1f0
2007-11-02 17:05:02 3029 --a------ C:\WINNT\1c6e315b-be49-4fbe-97ff-9706e3201279
2007-11-02 16:05:02 3029 --a------ C:\WINNT\7c04de2e-cae6-453d-b597-edf2752301e3
2007-11-01 23:05:02 3029 --a------ C:\WINNT\59b809f8-98a8-471e-98e5-ca5450e94bf4
2007-11-01 22:05:02 3029 --a------ C:\WINNT\2d5166de-b28f-4897-a3ce-3f025dc80a1d
2007-11-01 21:05:04 3029 --a------ C:\WINNT\42d2e502-eed7-4b06-86c3-01eff4cd7280
2007-11-01 20:05:02 3029 --a------ C:\WINNT\c51a3d17-b54d-4306-bafc-49053bebcade
2007-11-01 19:05:02 3029 --a------ C:\WINNT\2c1215fd-6bdf-4322-9470-31b410539a6c
2007-11-01 18:05:02 3029 --a------ C:\WINNT\f209fd87-b44c-4c36-a78a-3ef84516d9a6
2007-11-01 17:05:02 3029 --a------ C:\WINNT\7fc1f98d-4500-44c0-8549-2ccc9e766d14
2007-11-01 16:05:02 3029 --a------ C:\WINNT\68f85088-3c7d-4b09-8b2c-2ab1e12ed94e
2007-10-31 23:05:02 2531 --a------ C:\WINNT\a2d69b70-129d-4c30-9657-92abf66bae05
2007-10-31 22:05:02 2531 --a------ C:\WINNT\51b89f92-d17d-49b8-8cc6-e343b42989f6
2007-10-31 21:05:04 2531 --a------ C:\WINNT\12ee2f0c-6724-49e3-bd1a-ce6058348e83
2007-10-31 20:05:02 2531 --a------ C:\WINNT\42ad5ce4-fee1-41e3-a604-ba6666b2ea71
2007-10-31 19:05:04 2531 --a------ C:\WINNT\2dc60356-1aad-44b8-82df-1a944cdef187
2007-10-31 18:05:04 2531 --a------ C:\WINNT\2a89e178-3f66-454f-9d1a-50a6467a75d1
2007-10-26 19:22:29 1156 --a------ C:\WINNT\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{110B173A-D443-4A35-8361-D4219F8AECB7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [01/27/2003 02:16 PM C:\WINNT\system32\cthelper.exe]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [01/03/2001 12:50 PM C:\WINNT\system32\SK9910DM.EXE]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINNT\system32\rundll32.exe]
"GWMDMMSG"="GWMDMMSG.exe" [08/06/2002 01:24 PM C:\WINNT\GWMDMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 06:21 PM]
"nwiz"="nwiz.exe" [11/11/2005 01:47 PM C:\WINNT\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINNT\LOGI_MWX.EXE]
"EPSON Stylus Photo RX620 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [05/19/2004 02:00 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINNT\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINNT\KHALMNPR.Exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 09:33 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/11/2002 03:19 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [12/24/2007 05:39 PM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [12/24/2007 05:28 PM]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [11/28/2007 12:57 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"@"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02/17/2007 06:58 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2007 10:18 PM]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [12/01/2005 06:01 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R7M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_K4U~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_H5M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FSD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\Owner\LOCALS~1\History\History.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_yR0XU.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NNN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LB4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_wP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NHR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EXD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6EI~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZAL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YCW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XGQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_MOE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQ665C~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZHL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_KHQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWG~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_4CJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RE1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R6V~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_JOJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_5O2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LGK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_GHV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EAK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_4KJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YIY~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_TKV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HYS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_9EK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF861C.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF860F.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso31C.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso30D.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2FE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2FD.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2EE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2CE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso203.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso1E4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_UEJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RZE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ASP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YNH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_V9B~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_g.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XVM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_UUT~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_BJ4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_3AU~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SIM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RJF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_PTT~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6OD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SXN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_KSO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FUM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EHP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XLA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_JQE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_J.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_GBX~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\XGIBMVD7\WPSDTV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~2.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~3.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF3309.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - C:\Sierra\Planner\PLNRnote.exe [5/18/2003 7:12:59 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 12:20:58 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [1/26/2007 3:46:12 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2/17/2007 6:58:37 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/13/2007 10:27:11 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 2:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 12/06/2007 11:41 AM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)

*Newly Created Service* - SBAPIFS



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.test.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com

874 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-08 17:34:29 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 510.8 MiB / 175.11 MiB
Pagefile Memory (total/avail): 1247.82 MiB / 724.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.65 MiB

C: is Fixed (NTFS) - 76.33 GiB total, 9.47 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.33 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080108-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\WINNT\\system32\\d3m0.exe"="C:\\WINNT\\system32\\d3m0.exe:*:Disabled:d3m0"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GATEWAY1
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\GATEWAY1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=GATEWAY1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Amazon Unbox Video --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{54A4839E-87F8-4BD1-9682-A349E9943F0A}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
Auto Gordian Knot 2.45 --> C:\Program Files\AutoGK\uninst.exe
AV DVD Player Morpher --> C:\Program Files\AV DVD Player Morpher\uninstall.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Colors, Shapes & More --> C:\WINNT\unvise32.exe C:\Program Files\sz8049_6\uninstal.log
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative Driver --> C:\WINNT\System32\ctdrvins /s /u /g
CutePDF Writer 2.5 --> C:\WINNT\System32\uninscpw.exe C:\Program Files\
Do More 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2B7C41F-C63D-4935-B323-B60673724D63}\SETUP.EXE" -l0x9
Driver Detective --> MsiExec.exe /I{B62EBBB6-314A-4908-819B-53EE0D471932}
DVD-TO-AVI V1.9 --> "C:\Program Files\Dvd-to-avi\unins000.exe"
DVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
EMCO Malware Destroyer --> "C:\Program Files\EMCO Malware Destroyer\unins000.exe"
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON PhotoCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\Setup.exe" -l0x9 anything
EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON SPRX620 Reference Guide --> C:\Program Files\epson\guide\rx620_e\uninstall.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Event Planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{741849D8-E8D9-49CF-B373-0D7507ED0A56}\setup.exe"
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Rhapsody --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
Google Earth --> MsiExec.exe /I{374F03BB-9C09-4DB3-9C9B-C71E63292950}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
Hallmark Christian Card Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91029CA6-FAA2-40BB-829B-974D2DDD5298}\setup.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\Security\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
hp psc 2200 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
Intel® PRO Network Connections Software v10.1.41.0 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_15fd55\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lowe's Home Plans Collection --> MsiExec.exe /X{3EE4FA6E-A28C-43B6-B986-0F95D1A92D89}
Markosoft Interest Calculator -->
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {110B173A-D443-4A35-8361-D4219F8AECB7} - C:\WINNT\system32\dusero.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\winnt\system32\drivers\svahvzjy.dat
    C:\WINNT\system32\dusero.dll
    C:\WINNT\system32\d3m0.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.




Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINNT\3ccfd126-c5b1-47fd-acf4-f9d755eb0157

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Reboot and post a new DSS log


Then do this

Please download and unzip Icesword to its own folder


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1: Run IceSword. Click the "Processes" tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Note the filenames of processes in red color. Also, make a note of the folders.

Step 2: Click the "Win32 Services" tab and look out for red colored entry in the services list. This red colored service entry indicates that it’s rooted. Note the name of this service.

Step 3: Now, click "SSDT" tab and check for red colored entries. If there are any, note the file and folder names.

Now post all of the data collected under the headings

Processes
Win32 Services
SSDT

  • 0

#5
bcoe

bcoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Followed instructions. Reboot was necessary with OldTimer. DSS only gave a main log and no extra log this time. IceSword's SSDT identified red font items. How does one tab in while posting. Some of the pasting and copying logs are shifting the columns to not align.



OTMoveIt Log
File move failed. c:\winnt\system32\drivers\svahvzjy.dat scheduled to be moved on reboot.
LoadLibrary failed for C:\WINNT\system32\dusero.dll
C:\WINNT\system32\dusero.dll NOT unregistered.
File move failed. C:\WINNT\system32\dusero.dll scheduled to be moved on reboot.
File/Folder C:\WINNT\system32\d3m0.exe not found.

Created on 01/09/2008 19:20:24


Virus Total File Scan Results
File 3ccfd126-c5b1-47fd-acf4-f9d755eb0 received on 01.10.2008 03:16:47 (CET)
0 / 30 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.10.10 2008.01.09 -
AntiVir 7.6.0.46 2008.01.09 -
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.09 -
AVG 7.5.0.516 2008.01.09 -
BitDefender 7.2 2008.01.10 -
CAT-QuickHeal 9.00 2008.01.09 -
ClamAV 0.91.2 2008.01.10 -
DrWeb 4.44.0.09170 2008.01.09 -
eSafe 7.0.15.0 2008.01.09 -
eTrust-Vet 31.3.5444 2008.01.09 -
Ewido 4.0 2008.01.09 -
FileAdvisor 1 2008.01.10 -
Fortinet 3.14.0.0 2008.01.10 -
F-Prot 4.4.2.54 2008.01.09 -
F-Secure 6.70.13030.0 2008.01.10 -
Ikarus T3.1.1.20 2008.01.10 -
Kaspersky 7.0.0.125 2008.01.10 -
McAfee 5203 2008.01.09 -
Microsoft 1.3109 2008.01.10 -
NOD32v2 2779 2008.01.09 -
Norman 5.80.02 2008.01.09 -
Panda 9.0.0.4 2008.01.10 -
Prevx1 V2 2008.01.10 -
Rising 20.26.21.00 2008.01.09 -
Sophos 4.24.0 2008.01.09 -
Sunbelt 2.2.907.0 2008.01.09 -
Symantec 10 2008.01.10 -
TheHacker 6.2.9.185 2008.01.09 -
VBA32 3.12.2.5 2008.01.10 -
VirusBuster 4.3.26:9 2008.01.09 -
Webwasher-Gateway 6.6.2 2008.01.09 -

Additional information
File size: 3061 bytes
MD5: 43bbc02e7cf432edabfe9ec486a508e2
SHA1: a60d65fd3722e3bce53b0edf216d033a19d75f73
PEiD: -


Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-09 20:50:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 9.45 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:55 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {110B173A-D443-4A35-8361-D4219F8AECB7} - C:\WINNT\system32\dusero.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R7M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_K4U~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_H5M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FSD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\Owner\LOCALS~1\History\History.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_yR0XU.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NNN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LB4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_wP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NHR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EXD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6EI~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZAL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YCW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XGQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_MOE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\S
O4 - HKUS\S-1-5-18\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 11028 bytes

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-08 18:24:37 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-08 17:31:46 0 d-------- C:\Program Files\Trend Micro
2008-01-06 00:30:44 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-01-06 00:30:38 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-06 00:30:33 0 d-------- C:\WINNT\system32\E177E04D548C4006A465EEB92D3DE021
2008-01-06 00:28:40 0 d-------- C:\Program Files\Minitab 15
2008-01-06 00:12:42 0 d-------- C:\Program Files\SigmaZone
2008-01-03 18:29:25 8576 --a------ C:\WINNT\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-03 18:01:09 0 d-------- C:\WINNT\system32\ActiveScan
2008-01-02 23:55:52 1759 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-01-02 23:36:18 0 d-------- C:\Program Files\QuickTime
2008-01-02 21:49:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-02 18:20:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-02 18:20:02 0 d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-01 17:44:50 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-01 17:43:14 0 d-------- C:\Program Files\Common Files\iS3
2007-12-30 17:00:50 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-29 15:58:33 6061835 --a------ C:\WINNT\system32\SBSP.dat
2007-12-29 13:31:08 528054 --a------ C:\WINNT\system32\SBFC.dat
2007-12-29 13:30:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-12-29 12:32:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-12-29 12:32:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-29 12:30:58 0 d-------- C:\Program Files\Sunbelt Software
2007-12-29 00:10:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-29 00:10:17 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 00:10:17 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-28 21:19:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-28 21:19:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-28 21:19:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-28 21:19:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-28 21:19:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-28 21:19:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-28 21:19:43 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-28 20:44:45 108025548 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-12-28 13:45:53 0 d-------- C:\Program Files\Dvd-to-avi
2007-12-28 12:06:39 0 d-------- C:\temp
2007-12-28 12:06:01 0 d-------- C:\Program Files\Avex
2007-12-28 12:03:10 0 d-------- C:\Program Files\MSXML 6.0
2007-12-28 11:32:57 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-28 11:14:00 0 d-------- C:\Program Files\MSBuild
2007-12-28 11:08:24 0 d-------- C:\WINNT\system32\XPSViewer
2007-12-28 11:07:23 0 d-------- C:\Program Files\Reference Assemblies
2007-12-28 10:58:15 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-12-28 10:58:12 0 d-------- C:\Program Files\iSofter
2007-12-27 13:54:56 0 d-------- C:\Program Files\AV DVD Player Morpher
2007-12-26 17:35:39 270336 --a------ C:\WINNT\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-12-26 17:35:37 0 d-------- C:\Program Files\SpywareDetector
2007-12-21 13:09:37 43698 --a------ C:\WINNT\system32\xvid-uninstall.exe
2007-12-21 13:09:13 0 d-------- C:\Program Files\AviSynth 2.5
2007-12-21 13:08:15 0 d-------- C:\Program Files\Gabest
2007-12-21 13:07:47 0 d-------- C:\Program Files\AutoGK
2007-12-20 14:47:07 0 d-------- C:\Program Files\STOPzilla!
2007-12-20 02:37:55 0 d-------- C:\Program Files\Enigma Software Group
2007-12-20 01:47:52 0 d-------- C:\Program Files\Retina-X Spyware Cleaner
2007-12-20 00:32:16 123 --a------ C:\WINNT\system\SysSD.dll
2007-12-19 23:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-19 22:08:44 0 d-------- C:\Program Files\EMCO Malware Destroyer
2007-12-17 15:25:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 17:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 15:17:55 0 d-------- C:\WINNT\Google Toolbar
2007-12-11 12:23:35 235008 --a------ C:\WINNT\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-12-11 12:23:34 208896 --a------ C:\WINNT\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-12-11 12:23:19 0 d-------- C:\Program Files\Comodo
2007-12-10 19:16:39 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-12-10 18:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!


-- Find3M Report ---------------------------------------------------------------

2008-01-09 20:42:12 120930 --a------ C:\logfile
2008-01-09 20:35:28 288 --a------ C:\WINNT\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-01-09 20:35:28 288 --a------ C:\WINNT\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
2008-01-06 00:28:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-04 20:38:05 0 d-------- C:\Program Files\Norton Security Scan
2008-01-04 17:55:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 19:07:54 0 d-------- C:\Program Files\Google
2008-01-01 17:43:14 0 d-------- C:\Program Files\Common Files
2007-12-29 13:58:06 3064 --a------ C:\WINNT\system32\d3d9caps.dat
2007-12-29 00:09:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 13:00:50 540 --a------ C:\Documents and Settings\Owner\Application Data\AutoGK.ini
2007-12-21 13:07:04 0 d-------- C:\Program Files\DivX
2007-12-21 13:06:05 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-20 02:58:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-20 01:22:17 0 d-------- C:\Program Files\Christmas Time 3D Screensaver
2007-12-20 00:12:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-12-19 23:12:19 0 d-------- C:\Program Files\Kodak
2007-12-16 19:12:51 0 d-------- C:\Program Files\InterActual
2007-12-11 15:57:34 0 d-------- C:\Program Files\Quicken
2007-12-11 15:55:50 0 d-------- C:\Program Files\Panasonic
2007-12-11 15:47:23 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-11 15:39:14 0 d-------- C:\Program Files\Maxis
2007-12-11 15:30:53 0 d-------- C:\Program Files\Broderbund
2007-12-11 15:05:56 0 d-------- C:\Program Files\McAfee.com
2007-11-03 16:05:02 3061 --a------ C:\WINNT\3ccfd126-c5b1-47fd-acf4-f9d755eb0157
2007-11-02 23:05:02 3029 --a------ C:\WINNT\cf9a3731-67d6-431a-bf0c-28a2778a4cbc
2007-11-02 22:05:02 3029 --a------ C:\WINNT\dd5b5eb3-f1b9-413d-87ae-09c3d2a966d9
2007-11-02 21:05:02 3029 --a------ C:\WINNT\aeef6d58-caa7-42b8-a907-1151aacbe1fd
2007-11-02 20:05:02 3029 --a------ C:\WINNT\1933ac9d-eeb1-4af4-8220-8efcbbd63ee3
2007-11-02 19:05:04 3029 --a------ C:\WINNT\b94be552-dd74-419a-a58c-3da9450ec128
2007-11-02 18:05:02 3029 --a------ C:\WINNT\cba8db8e-ed07-4eb7-97cd-570f3105d1f0
2007-11-02 17:05:02 3029 --a------ C:\WINNT\1c6e315b-be49-4fbe-97ff-9706e3201279
2007-11-02 16:05:02 3029 --a------ C:\WINNT\7c04de2e-cae6-453d-b597-edf2752301e3
2007-11-01 23:05:02 3029 --a------ C:\WINNT\59b809f8-98a8-471e-98e5-ca5450e94bf4
2007-11-01 22:05:02 3029 --a------ C:\WINNT\2d5166de-b28f-4897-a3ce-3f025dc80a1d
2007-11-01 21:05:04 3029 --a------ C:\WINNT\42d2e502-eed7-4b06-86c3-01eff4cd7280
2007-11-01 20:05:02 3029 --a------ C:\WINNT\c51a3d17-b54d-4306-bafc-49053bebcade
2007-11-01 19:05:02 3029 --a------ C:\WINNT\2c1215fd-6bdf-4322-9470-31b410539a6c
2007-11-01 18:05:02 3029 --a------ C:\WINNT\f209fd87-b44c-4c36-a78a-3ef84516d9a6
2007-11-01 17:05:02 3029 --a------ C:\WINNT\7fc1f98d-4500-44c0-8549-2ccc9e766d14
2007-11-01 16:05:02 3029 --a------ C:\WINNT\68f85088-3c7d-4b09-8b2c-2ab1e12ed94e
2007-10-31 23:05:02 2531 --a------ C:\WINNT\a2d69b70-129d-4c30-9657-92abf66bae05
2007-10-31 22:05:02 2531 --a------ C:\WINNT\51b89f92-d17d-49b8-8cc6-e343b42989f6
2007-10-31 21:05:04 2531 --a------ C:\WINNT\12ee2f0c-6724-49e3-bd1a-ce6058348e83
2007-10-31 20:05:02 2531 --a------ C:\WINNT\42ad5ce4-fee1-41e3-a604-ba6666b2ea71
2007-10-31 19:05:04 2531 --a------ C:\WINNT\2dc60356-1aad-44b8-82df-1a944cdef187
2007-10-31 18:05:04 2531 --a------ C:\WINNT\2a89e178-3f66-454f-9d1a-50a6467a75d1
2007-10-26 19:22:29 1156 --a------ C:\WINNT\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{110B173A-D443-4A35-8361-D4219F8AECB7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [01/27/2003 02:16 PM C:\WINNT\system32\cthelper.exe]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [01/03/2001 12:50 PM C:\WINNT\system32\SK9910DM.EXE]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINNT\system32\rundll32.exe]
"GWMDMMSG"="GWMDMMSG.exe" [08/06/2002 01:24 PM C:\WINNT\GWMDMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 06:21 PM]
"nwiz"="nwiz.exe" [11/11/2005 01:47 PM C:\WINNT\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINNT\LOGI_MWX.EXE]
"EPSON Stylus Photo RX620 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [05/19/2004 02:00 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINNT\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINNT\KHALMNPR.Exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 09:33 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/11/2002 03:19 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [12/24/2007 05:39 PM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [12/24/2007 05:28 PM]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [11/28/2007 12:57 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"@"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [02/17/2007 06:58 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2007 10:18 PM]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [12/01/2005 06:01 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R7M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_K4U~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_H5M~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FSD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\Owner\LOCALS~1\History\History.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_yR0XU.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NNN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LB4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_wP.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_NHR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EXD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6EI~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZAL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YCW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XGQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_MOE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQ665C~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ZHL~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_KHQ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HWG~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_4CJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RE1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_R6V~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_JOJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_5O2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_LGK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_GHV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EAK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_4KJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YIY~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_TKV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_HYS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_9EK~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF861C.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF860F.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso31C.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso30D.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2FE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2FD.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2EE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso2CE.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso203.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\mso1E4.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_UEJ~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RZE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_ASP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_YNH~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_V9B~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_g.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XVM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_UUT~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_BJ4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_3AU~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SIM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_RJF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_PTT~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_6OD~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_SXN~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_KSO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_FUM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_EHP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_XLA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_JQE~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\me_J.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\ME_GBX~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\XGIBMVD7\WPSDTV~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~2.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\SQLITE~3.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF3309.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - C:\Sierra\Planner\PLNRnote.exe [5/18/2003 7:12:59 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 12:20:58 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [1/26/2007 3:46:12 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2/17/2007 6:58:37 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/13/2007 10:27:11 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 2:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 12/06/2007 11:41 AM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)

*Newly Created Service* - SBAPIFS

-- End of Deckard's System Scanner: finished at 2008-01-09 20:52:02 ------------


IceSword Scan Results

Processes
no red items

Win 32 Services
no red items

SSDT
Index Current Addr KModule Original Addr Name
0X19 0xF88CB514 sbhr.sys 0x80566D49 NtClose
0x29 0xF88CB552 sbhr.sys 0x8056E7A9 NtCreateKey
0x77 0xF88CB4D0 sbhr.sys 0x80567CFB NtOpenKey
0x7A 0xF8B828AC \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 0x80572D06 NtOpenProcess
0xF7 0xF88CB5A2 sbhr.sys 0x80573C8D NtSetValueKey
0x101 0xF8B82812 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 0x80584740 NtTerminateProcess
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

  • 0

#7
bcoe

bcoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here is the log

ComboFix 08-01-10.2 - Owner 2008-01-10 18:45:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.241 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\adaway.lic
C:\WINNT\system32\drivers\svahvzjy.dat
C:\WINNT\system32\dusero.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_PGGNPRSX
-------\pggnprsx


((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-10 18:43 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-10 02:00 . 2008-01-10 02:00 0 --a------ C:\WINNT\system32\SBRC.dat
2008-01-08 17:31 . 2008-01-08 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-08 17:24 . 2008-01-08 17:24 <DIR> d-------- C:\Deckard
2008-01-06 00:30 . 2008-01-06 00:40 <DIR> d-------- C:\WINNT\system32\E177E04D548C4006A465EEB92D3DE021
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-06 00:29 . 2008-01-06 00:29 65 --a------ C:\WINNT\minitab.ini
2008-01-06 00:28 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\Minitab 15
2008-01-06 00:12 . 2008-01-06 00:12 <DIR> d-------- C:\Program Files\SigmaZone
2008-01-03 18:29 . 2007-06-08 09:44 8,576 --a------ C:\WINNT\system32\drivers\RkPavProc.sys
2008-01-03 18:01 . 2008-01-04 04:50 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-01-03 18:01 . 2008-01-03 18:10 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-01-03 18:01 . 2008-01-03 18:10 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2008-01-03 18:01 . 2008-01-03 18:10 1,406 --a------ C:\WINNT\system32\Help.ico
2008-01-02 23:38 . 2008-01-09 21:58 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-01-02 23:38 . 2008-01-02 23:38 1,409 --a------ C:\WINNT\QTFont.for
2008-01-02 23:36 . 2008-01-02 23:37 <DIR> d-------- C:\Program Files\QuickTime
2008-01-02 21:49 . 2008-01-02 21:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-02 21:49 . 2007-05-30 06:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-01-02 18:20 . 2008-01-02 18:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-02 18:20 . 2008-01-02 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-01 17:44 . 2008-01-01 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-01 17:43 . 2008-01-01 17:43 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-12-30 17:00 . 2007-12-30 17:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-29 15:58 . 2008-01-05 07:39 6,061,835 --a------ C:\WINNT\system32\SBSP.dat
2007-12-29 13:31 . 2008-01-05 07:39 528,054 --a------ C:\WINNT\system32\SBFC.dat
2007-12-29 13:30 . 2007-12-29 13:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-12-29 12:33 . 2007-12-29 12:33 15,544 --a------ C:\WINNT\system32\drivers\sbhr.sys
2007-12-29 12:32 . 2007-12-29 12:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-12-29 12:32 . 2007-12-29 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-29 12:30 . 2007-12-29 12:30 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-12-29 00:10 . 2008-01-04 20:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-29 00:10 . 2007-12-29 00:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-29 00:10 . 2007-12-29 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-28 23:55 . 2005-08-27 02:38 1,435,272 --a------ C:\WINNT\system32\Flash.ocx
2007-12-28 23:55 . 2003-11-19 13:59 512,688 --a------ C:\WINNT\system32\XceedCry.dll
2007-12-28 23:55 . 2004-05-11 09:56 423,784 --a------ C:\WINNT\system32\XceedBkp.dll
2007-12-28 23:55 . 2004-03-08 23:00 131,856 --a------ C:\WINNT\system32\MSADODC.ocx
2007-12-28 23:55 . 2001-03-28 22:02 89,088 --a------ C:\WINNT\system32\ProgressBar4.ocx
2007-12-28 23:55 . 1999-01-26 19:36 11,012 --a------ C:\WINNT\system32\threadapi.tlb
2007-12-28 21:19 . 2003-05-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-28 21:19 . 2003-05-09 09:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-28 20:44 . 2007-12-28 20:45 108,025,548 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-12-28 13:45 . 2007-12-28 13:50 <DIR> d-------- C:\Program Files\Dvd-to-avi
2007-12-28 12:06 . 2007-12-28 12:07 <DIR> d-------- C:\temp
2007-12-28 12:06 . 2007-12-28 13:45 <DIR> d-------- C:\Program Files\Avex
2007-12-28 12:03 . 2007-12-28 12:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-28 11:32 . 2007-12-28 12:05 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-28 11:14 . 2007-12-28 11:14 <DIR> d-------- C:\Program Files\MSBuild
2007-12-28 11:08 . 2007-12-28 11:08 <DIR> d-------- C:\WINNT\system32\XPSViewer
2007-12-28 11:07 . 2007-12-28 11:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-28 11:06 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
2007-12-28 11:04 . 2005-05-26 15:34 2,297,552 --a------ C:\WINNT\system32\d3dx9_26.dll
2007-12-28 10:58 . 2007-12-28 11:29 <DIR> d-------- C:\Program Files\iSofter
2007-12-28 10:58 . 2007-02-06 15:02 3,596,288 --a------ C:\WINNT\system32\qt-dx331.dll
2007-12-28 10:58 . 2007-02-06 15:02 1,044,480 --a------ C:\WINNT\system32\libdivx.dll
2007-12-28 10:58 . 2007-02-06 15:06 716,800 --a------ C:\WINNT\system32\lameACM.acm
2007-12-28 10:58 . 2007-02-06 15:02 593,920 --a------ C:\WINNT\system32\dpuGUI11.dll
2007-12-28 10:58 . 2007-02-06 15:02 294,912 --a------ C:\WINNT\system32\dpu11.dll
2007-12-28 10:58 . 2007-02-06 15:02 200,704 --a------ C:\WINNT\system32\ssldivx.dll
2007-12-28 10:58 . 2007-02-06 15:02 200,704 --a------ C:\WINNT\system32\dtu100.dll
2007-12-28 10:58 . 2007-02-06 15:02 86,016 --a------ C:\WINNT\system32\dpl100.dll
2007-12-28 10:58 . 2007-02-06 15:02 57,344 --a------ C:\WINNT\system32\dpv11.dll
2007-12-28 10:58 . 2007-02-06 15:10 414 --a------ C:\WINNT\system32\lame_acm.xml
2007-12-27 16:46 . 2007-12-27 16:46 0 --a------ C:\WINNT\VMorpher.INI
2007-12-27 16:46 . 2007-12-27 16:46 0 --a------ C:\WINNT\VDVD.INI
2007-12-27 16:46 . 2007-12-27 16:46 0 --a------ C:\WINNT\Cover.INI
2007-12-27 16:46 . 2007-12-27 16:46 0 --a------ C:\WINNT\avvcnvrt.INI
2007-12-27 14:01 . 2007-12-28 10:22 29 --a------ C:\WINNT\AVFTP.INI
2007-12-27 13:54 . 2007-12-27 16:46 <DIR> d-------- C:\Program Files\AV DVD Player Morpher
2007-12-26 17:42 . 2007-12-26 17:42 5,264 --a------ C:\WINNT\system32\DeleteDB.db
2007-12-26 17:35 . 2008-01-10 18:53 <DIR> d-------- C:\Program Files\SpywareDetector
2007-12-26 17:35 . 2007-03-19 12:39 270,336 --a------ C:\WINNT\system32\CheckDll.dll
2007-12-26 17:35 . 2007-12-10 18:57 67,024 --a------ C:\WINNT\system32\CloseAll.exe
2007-12-26 17:35 . 2007-12-08 18:30 11,728 --a------ C:\WINNT\system32\SDEarlyDelete.exe
2007-12-26 17:35 . 2005-02-06 09:02 104 --a------ C:\WINNT\system32\ProxySettings.ini
2007-12-21 13:09 . 2007-12-21 13:09 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-21 13:09 . 2007-12-21 13:09 43,698 --a------ C:\WINNT\system32\xvid-uninstall.exe
2007-12-21 13:08 . 2007-12-21 13:08 <DIR> d-------- C:\Program Files\Gabest
2007-12-21 13:07 . 2007-12-21 13:09 <DIR> d-------- C:\Program Files\AutoGK
2007-12-20 14:47 . 2008-01-01 18:06 <DIR> d-------- C:\Program Files\STOPzilla!
2007-12-20 02:37 . 2007-12-20 02:37 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-20 01:47 . 2007-12-20 01:57 <DIR> d-------- C:\Program Files\Retina-X Spyware Cleaner
2007-12-20 00:33 . 2008-01-10 06:10 2,822 --a------ C:\WINNT\system32\SDRemoveDB.db
2007-12-20 00:32 . 2008-01-10 06:00 123 --a------ C:\WINNT\system\SysSD.dll
2007-12-19 23:14 . 2007-12-20 02:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-19 22:08 . 2008-01-01 00:07 <DIR> d-------- C:\Program Files\EMCO Malware Destroyer
2007-12-17 15:25 . 2007-12-17 15:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-11 17:00 . 2007-12-11 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-11 16:16 . 2004-01-09 03:13 380,928 --a------ C:\WINNT\system32\actskin4.ocx
2007-12-11 15:17 . 2007-12-11 15:17 <DIR> d-------- C:\WINNT\Google Toolbar
2007-12-11 12:23 . 2007-12-11 16:57 <DIR> d-------- C:\Program Files\Comodo
2007-12-11 12:23 . 2007-08-08 20:02 235,008 --a------ C:\WINNT\UNBOC.EXE
2007-12-11 12:23 . 2007-05-08 17:01 208,896 --a------ C:\WINNT\CMDLIC.DLL
2007-12-11 12:23 . 2004-08-04 01:56 22,528 --a------ C:\WINNT\system32\wsock32.dlb
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINNT\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINNT\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 06:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 02:38 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-04 23:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 01:07 --------- d-----w C:\Program Files\Google
2008-01-02 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-29 06:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 19:07 --------- d-----w C:\Program Files\DivX
2007-12-21 19:06 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-20 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 07:22 --------- d-----w C:\Program Files\Christmas Time 3D Screensaver
2007-12-20 05:12 --------- d-----w C:\Program Files\Kodak
2007-12-17 01:12 --------- d-----w C:\Program Files\InterActual
2007-12-11 21:57 --------- d-----w C:\Program Files\Quicken
2007-12-11 21:55 --------- d-----w C:\Program Files\Panasonic
2007-12-11 21:47 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-11 21:39 --------- d-----w C:\Program Files\Maxis
2007-12-11 21:30 --------- d-----w C:\Program Files\Broderbund
2007-12-11 21:05 --------- d-----w C:\Program Files\McAfee.com
2007-12-11 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-12-10 19:52 9,344 ----a-w C:\WINNT\system32\drivers\NSDriver.sys
2007-12-10 19:52 8,320 ----a-w C:\WINNT\system32\drivers\AWRTRD.sys
2007-12-04 14:56 93,264 ----a-w C:\WINNT\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINNT\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINNT\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINNT\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINNT\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINNT\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINNT\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINNT\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINNT\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINNT\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINNT\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINNT\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINNT\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINNT\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINNT\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINNT\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINNT\system32\dllcache\shell32.dll
2006-06-17 23:15 134,200 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-12-18 00:22 8 ----a-w C:\Documents and Settings\Owner\Application Data\usb.dat.bin
2001-11-30 16:09 49,152 ----a-r C:\Program Files\Common Files\HDvAvi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-17 18:58 67128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:18 68856]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [2005-12-01 06:01 110592]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="C:\Program Files\McAfee.com\Shredder\SHRED32.exe" [2005-11-23 18:56 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-01-27 14:16 28672 C:\WINNT\system32\cthelper.exe]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 12:50 66048 C:\WINNT\system32\SK9910DM.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 33280 C:\WINNT\system32\rundll32.exe]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 13:24 90112 C:\WINNT\GWMDMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 18:21 28672]
"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINNT\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINNT\LOGI_MWX.EXE]
"EPSON Stylus Photo RX620 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [2004-05-19 14:00 98304]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:56 33280 C:\WINNT\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 28160 C:\WINNT\KHALMNPR.Exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19 69632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-12-24 17:39 706000]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-12-24 17:28 419280]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 15:55 49152 C:\WINNT\mididef.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - C:\Sierra\Planner\PLNRnote.exe [2003-05-18 07:12:59]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-01-26 03:46:12]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-17 18:58:37]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-13 22:27:11]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-12-06 11:41 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)

R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2007-12-29 12:33]
R2 dvdmmg;dvdmmg;C:\WINNT\system32\drivers\dvdmmg.sys [2007-09-06 04:15]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINNT\system32\Drivers\Mkemusb.sys [2001-08-08 17:52]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINNT\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 BOCDRIVE;BOClean Kernel Monitor.;C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINNT\system32\Drivers\Mkeusbi.sys [2001-12-18 10:38]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys []
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINNT\system32\drivers\tbhsd.sys [2006-09-18 11:54]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 03:22:30 C:\WINNT\Tasks\EasyShare Registration Task.job"
- C:\WINNT\system32\rundll32.exe
"2004-01-18 11:02:33 C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1052951221.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-04 22:35:45 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 18:53:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-10 19:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 01:03:08
.
2008-01-08 23:04:59 --- E O F ---
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Also tell me how your PC is running now
  • 0

#9
bcoe

bcoe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Computer is booting up a little faster but could be a little quicker in my opinion. I already had SUPERAntiSpyware. I noticed in Task manager that this program slows start up. Counterspy and AVG trial period ended so I removed them. This has sped it up a little as well.

There has no problems as far as the virus. Like I mentioned earlier, some of the malware removers had deleted parts of it and caused it to not run properly. My computer was still infected. Avast hasn't popped up with the virus warning since the ComboFix.

Am I clean? If so, then could you advise on how to remove Combo.Fix, IceSword, Deckard, and OTMoveIt. These aren't listed in Add/Remove for some reason.

Here is the requested scan log. Note, another malware remover tool had cause a pop up during this scan. I didn't notice it initially. It probably would have completed the scan in under 2 hrs as opposed to 4.
Is SecTaskMan a necessary file?


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/10/2008 at 11:41 PM

Application Version : 3.9.1008

Core Rules Database Version : 3378
Trace Rules Database Version: 1372

Scan type : Complete Scan
Total Scan Time : 04:14:19

Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 6588
Registry threats detected : 0
File items scanned : 73952
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\D3M0.EXE.Q_63A4200_Q
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

All you need to do is delete the .exe files and the folders of the tools that we used. Thats all


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP