Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer has the background Warning! Spyware detected


  • This topic is locked This topic is locked

#1
zpalffy

zpalffy

    New Member

  • Member
  • Pip
  • 8 posts
My computer has the background "Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer."

This warning is in a blue and yellow box (yellow on top) on my Windows desktop background.

I have followed the 5 steps as outlined in the Geeks to Go! docmentation entitled "You must read this before posting a hijackthis log".

I have 3 logs to post here as outlined in your instructions

Thank you for looking at my logs

1st LOG MBAM ANTI-MALWARE LISTED BELOW:

Malwarebytes' Anti-Malware 1.19
Database version: 899
Windows 5.1.2600 Service Pack 2

8:27:01 PM 6/30/2008
mbam-log-6-30-2008 (20-27-01).txt

Scan type: Quick Scan
Objects scanned: 41320
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\vtUkjHaB.dll (Trojan.vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{565e374a-23fd-4fa2-aed5-5209a37a544b} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{565e374a-23fd-4fa2-aed5-5209a37a544b} (Trojan.vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtukjhab (Trojan.vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{565e374a-23fd-4fa2-aed5-5209a37a544b} (Trojan.vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\jjgvxci.exe (Worm.Socks) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vtUkjHaB.dll (Trojan.vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\lphc1qnj0et9g.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phc1qnj0et9g.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\services.001 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

2nd LOG SUPERANTISPYWARE LOG LISTED BELOW:

UPERAntiSpyware Scan Log
Generated 06/30/2008 at 10:21 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 01:31:32

Memory items scanned : 415
Memory threats detected : 0
Registry items scanned : 5894
Registry threats detected : 2
File items scanned : 41536
File threats detected : 0

Trojan.Media-Codec
HKU\S-1-5-21-645757453-2690133624-1694720459-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}

Adware.SideStep Toolbar
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{08361226-6472-43BD-8A40-D9221FF1C4CE}




3RD LOG HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:41, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [i8kfangui] C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-645757453-2690133624-1694720459-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-645757453-2690133624-1694720459-1003\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MSNPluginSrvcs] p6.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSNPluginSrvcs] p6.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5750 bytes
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Hello zpalffy, Welcome to Geeks-To-Go.

My name is Gravity Gripp and I'll be working with you on these issues. For now, I will be reviewing your log but will be responding back soon. Also, please note that I am still in training so there may be a slight delay in my responses because I will be working with an expert on this.

I look forward to working with you :)
  • 0

#3
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks I look forward to working with you to slove this problem

Edited by zpalffy, 01 July 2008 - 07:35 PM.

  • 0

#4
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
zpalffy,
It looks like you have several infections here particularly SDBot and Vundo. I'd like you to start out with SDFix, followed up with Deckards System Scanner so that I may get a better understanding of what's going on with your computer. Just follow the steps here in order and we'll get you cleaned up.

STEP ONE
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

STEP TWO
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs to post in your next reply:
  • SDFix Log
  • Deckard's System Scanner Log

  • 0

#5
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Gravity Grip
I have completed step 1 and 2 as drected by you attached are the log files that yuo requested


SDFix: Version 1.200
Run by Administrator on Wed 07/02/2008 at 08:14 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDfix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TFTP2648 - Deleted
C:\WINDOWS\system32\TFTP2828 - Deleted
C:\WINDOWS\system32\TFTP3900 - Deleted
C:\WINDOWS\system32\TFTP932 - Deleted
C:\WINDOWS\system32\drivers\e073c212.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 20:30:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 7 Oct 2006 4,908,872 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 22 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 24 Mar 2008 1,606,064 A..H. --- "C:\Program Files\Google\Google Desktop Search\BITB20.tmp"
Thu 3 Apr 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Thu 3 Apr 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Fri 1 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 1 Jun 2008 22,016 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Microsoft\Word\~WRL0992.tmp"
Sun 1 Jun 2008 19,968 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Microsoft\Word\~WRL1327.tmp"
Sun 1 Jun 2008 19,968 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Microsoft\Word\~WRL2492.tmp"
Sun 1 Jun 2008 19,456 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Microsoft\Word\~WRL3026.tmp"
Sat 22 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Mon 25 Sep 2006 20 A..H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Sat 22 Jul 2006 312 ...H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Mon 25 Sep 2006 1,536 A..H. --- "C:\Documents and Settings\Stanley Angrist\Application Data\Real\Rhapsody\wmlicbackup\drmv2lic.bak"

Finished!


Deckard's System Scanner v20071014.68
Run by Stanley Angrist on 2008-07-02 20:39:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-03 00:40:13 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-07-02 06:30:45 UTC - RP3 - Software Distribution Service 3.0
2: 2008-07-01 00:43:41 UTC - RP2 - Installed SUPERAntiSpyware Free Edition
1: 2008-06-30 02:50:53 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Stanley Angrist.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42:53 PM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Stanley Angrist\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stanley Angrist.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [i8kfangui] C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MSNPluginSrvcs] p6.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSNPluginSrvcs] p6.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5651 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 fanio (FanIO driver) - c:\windows\system32\drivers\fanio.sys <Not Verified; Christian Diefer; fanio.sys>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 catchme - c:\docume~1\stanle~1\locals~1\temp\catchme.sys (file missing)
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S3 Airgo (Wireless-G Notebook Adapter with SRX) - c:\windows\system32\drivers\wnihdd51.sys <Not Verified; Airgo Networks, Inc.; Airgo Networks True MIMO ™ Wireless Adapter>
S3 jgameenp - c:\docume~1\stanle~1\locals~1\temp\jgameenp.sys (file missing)
S3 TNET1130 (802.11g WLAN) - c:\windows\system32\drivers\tnet1130.sys <Not Verified; Texas Instruments; TNET1130 WLAN Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 InterBaseServer (InterBase Server) - c:\progra~1\primav~1\intrbase\bin\ibserver -s <Not Verified; Inprise Corporation; InterBase Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-15 01:00:00 370 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-01 01:00:03 372 --a------ C:\WINDOWS\Tasks\McQcTask.job
2001-11-30 11:13:41 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2001-11-29 21:20:29 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2001-11-29 21:20:28 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 20:09:26 0 d-------- C:\WINDOWS\ERUNT
2008-07-02 02:27:48 0 dr-h----- C:\Documents and Settings\Stanley Angrist\Recent
2008-06-30 22:54:25 0 d-------- C:\VundoFix Backups
2008-06-30 20:44:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 20:43:47 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-30 20:43:47 0 d-------- C:\Documents and Settings\Stanley Angrist\Application Data\SUPERAntiSpyware.com
2008-06-30 20:43:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 20:15:54 0 d-------- C:\Documents and Settings\Stanley Angrist\Application Data\Malwarebytes
2008-06-30 20:15:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 20:15:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 19:44:30 0 d-------- C:\Program Files\Trend Micro
2008-06-29 22:57:56 0 d--h----- C:\WINDOWS\PIF
2008-06-29 22:34:20 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 22:34:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 22:34:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 22:34:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 22:34:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 22:34:20 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 22:34:20 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 22:34:20 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 20:37:07 1948 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 19:36:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-06-29 18:05:07 87040 --a------ C:\WINDOWS\system32\lvacqpod.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-30 20:43:07 0 d-------- C:\Program Files\Common Files
2008-06-23 01:43:12 0 dr-h----- C:\Documents and Settings\Stanley Angrist\Application Data\yahoo!
2008-06-20 01:27:34 0 d-------- C:\Program Files\Trillian
2008-06-18 15:18:55 52197 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-26 02:08:39 4 --a------ C:\WINDOWS\system32\938341
2008-05-18 01:53:45 0 d-------- C:\Documents and Settings\Stanley Angrist\Application Data\Google
2008-05-17 23:58:11 0 d-------- C:\Program Files\Rhapsody
2008-05-17 23:57:24 0 d-------- C:\Program Files\Google
2008-05-17 23:52:06 0 d-------- C:\Documents and Settings\Stanley Angrist\Application Data\Real
2008-05-12 22:20:26 0 d-------- C:\Program Files\Primavera P3ec for Construction
2008-05-12 22:19:32 0 d-------- C:\Program Files\Common Files\Primavera Common
2008-05-12 22:18:21 0 d-------- C:\Program Files\Common Files\Novell Shared
2008-05-12 22:16:45 0 d-------- C:\Program Files\Borland
2008-05-09 23:40:41 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-06 19:51:59 0 d-------- C:\Documents and Settings\Stanley Angrist\Application Data\SmartFTP
2008-05-06 19:40:49 17935 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/24/2003 06:32 PM]
"nwiz"="nwiz.exe" [06/24/2003 06:32 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" [06/28/2006 10:47 PM]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [11/15/2004 02:49 PM]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [04/02/2004 06:11 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="C:\PROGRA~1\I8KFAN~1\I8KFAN~1.exe" [09/08/2006 08:55 AM]
"NVIEW"="nview.dll,nViewLoadHook" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSNPluginSrvcs"=p6.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/5/2001 11:23:48 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Principia Online Update.lnk]
backup=C:\WINDOWS\pss\Principia Online Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Principia Pro Online Update.lnk]
backup=C:\WINDOWS\pss\Principia Pro Online Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2008-07-02 20:45:26 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® III Mobile CPU 1000MHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 511.46 MiB / 128.2 MiB
Pagefile Memory (total/avail): 991.63 MiB / 626.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.1 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.59 GiB total, 12.03 GiB free.
D: is CDROM (No Media)
I: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HITACHI_DK23CA-20 - 18.63 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 18.59 GiB - C:

\\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 957 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 963.48 MiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Stanley Angrist\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Stanley Angrist
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Sybase\shared;;C:\Sybase\im6\tutorial;C:\Program Files\QuickTime\QTSystem;C:\SYBASE\SQLANY~1.0\WIN32;C:\SYBASE\IM6
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STANLE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STANLE~1\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Stanley Angrist
USERPROFILE=C:\Documents and Settings\Stanley Angrist
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Stanley Angrist (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11g WLAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\setup.exe" -l0x9
ACDSee Classic --> C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Alarm Reminder eBay Edition 2.0 --> "C:\Program Files\Alarm Reminder eBay Edition 2.0\unins000.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
Browser Hijack Blaster v1.0 --> "C:\Program Files\Browser Hijack Blaster\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Cosmi File Shredder --> MsiExec.exe /I{1DFB9DEE-7D54-40CB-B7B0-670A8610F9F7}
Dell AccessDirect --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DELL\AccessDirect\Uninst.isu" -c"C:\Program Files\DELL\AccessDirect\Uninst.dll
Dell Internal Modem Diagnostics Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8611CCEF-B754-4A44-B860-F615F54963EF}\setup.exe" -uninst
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DOOM Collector's Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
I8kfanGUI V3.0 --> "C:\Program Files\I8kfanGUI\uninstall.exe"
InfoMaker 6.5 --> C:\WINDOWS\IsUninst.exe -fC:\Sybase\IMUninst.isu
InterBase Database --> C:\PROGRA~1\PRIMAV~1\IntrBase\UNWISE.EXE /U /Z C:\PROGRA~1\PRIMAV~1\IntrBase\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft Tool Web Package : EXCTRLST.EXE --> MsiExec.exe /X{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netscape (7.0) --> C:\WINDOWS\NSUninst.exe /ua "7.0 (en)"
Netscape Communicator 4.5 --> C:\WINDOWS\cd32.exe 4.5 (en)
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvdm.inf
P3W 2.0 --> C:\WINDOWS\UNINST16.EXE -fC:\WINDOWS\DeIsL5.isu
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PhotoAlbum Add-In --> MsiExec.exe /I{DC888258-F37C-11D2-9594-00A0C9CD527E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plaxo Toolbar for Outlook (with AIM Enhancements) --> C:\Program Files\Plaxo\2.11.1.5\uninstall.exe
Primavera Data Conversion Utilities --> C:\PROGRA~1\COMMON~1\PRIMAV~1\UNWISE.EXE /U /Z C:\PROGRA~1\COMMON~1\PRIMAV~1\INSTALL.LOG
Primavera P3e/c for Construction Client - Standalone --> C:\PROGRA~1\PRIMAV~1\UNWISE.EXE /U /Z C:\PROGRA~1\PRIMAV~1\INSTALL.LOG
Primavera Ra32 Installation --> C:\PROGRA~1\COMMON~1\PRIMAV~1\Ra\UNWISE.EXE /U /Z C:\PROGRA~1\COMMON~1\PRIMAV~1\Ra\INSTALL.LOG
Principia --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Morningstar\Principia\Uninst.isu"
Privacy Eraser 4.20 --> "C:\Program Files\PrivacyEraser Computing\Privacy Eraser\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Real Alternative 1.49 --> "C:\Program Files\Real Alternative\unins000.exe"
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
SiSoft Sandra 2001te Standard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SiSoftware\SiSoft Sandra 2001te Standard\Uninst.isu"
SmartFTP Client --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Spy Sweeper for MSN --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.3.1 TX --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 2.1 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sunbelt CounterSpy --> MsiExec.exe /I{480F1C60-D071-43DC-973B-89AD7A35B4E2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SureTrak 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SureTrak\Uninst.isu"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Verizon SmartCall --> C:\PROGRA~1\VERIZO~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\SMARTC~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Web Picture Creator 1.8 --> C:\Program Files\Web Picture Creator\uninst.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL2.isu" -cC:\PROGRA~1\BILLPS~1\WINPAT~1\_ISREG32.DLL
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4097 / Error
Event Submitted/Written: 06/30/2008 07:29:08 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type4096 / Error
Event Submitted/Written: 06/30/2008 07:29:06 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type4094 / Warning
Event Submitted/Written: 06/30/2008 00:51:20 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4088 / Error
Event Submitted/Written: 06/29/2008 10:56:15 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OTMoveIt2.exe, version 1.0.4.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4080 / Warning
Event Submitted/Written: 06/29/2008 09:46:59 PM
Event ID/Source: 5065 / McLogEvent
Event Description:
The computer was started in safemode. McShield will not apply any Access Protection rules or enable Buffer Overflow Protection.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type49731 / Error
Event Submitted/Written: 07/02/2008 08:08:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}

Event Record #/Type49730 / Error
Event Submitted/Written: 07/02/2008 08:08:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}

Event Record #/Type49729 / Error
Event Submitted/Written: 07/02/2008 08:07:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type49728 / Error
Event Submitted/Written: 07/02/2008 08:07:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
cdudf_xp
Fips
IPSec
mfehidk
MPFP
MRxSmb
NetBIOS
NetBT
P3
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type49727 / Error
Event Submitted/Written: 07/02/2008 08:07:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Webroot Spy Sweeper Engine service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-07-02 20:45:26 ------------



Thanks for all of your help
  • 0

#6
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
zpalffy,
Well it looks like SDFix didn't clean your infection entirely, let's pull out the big guns.


STEP ONE
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here are my two logs the 1st one is from combofix and the other is from hijackthis

ComboFix 08-07-02.5 - Stanley Angrist 2008-07-03 18:17:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -4:00]
Running from: C:\Documents and Settings\Stanley Angrist\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\lvacqpod.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-02 20:39 . 2008-07-02 20:39 <DIR> d-------- C:\Deckard
2008-07-02 20:09 . 2008-07-02 20:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-02 20:08 . 2008-07-02 20:08 <DIR> d-------- C:\SDfix
2008-07-02 02:32 . 2008-07-02 02:34 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-30 22:54 . 2008-06-30 22:54 <DIR> d-------- C:\VundoFix Backups
2008-06-30 20:44 . 2008-06-30 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 20:43 . 2008-06-30 22:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-30 20:43 . 2008-06-30 20:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 20:43 . 2008-06-30 20:43 <DIR> d-------- C:\Documents and Settings\Stanley Angrist\Application Data\SUPERAntiSpyware.com
2008-06-30 20:15 . 2008-06-30 20:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 20:15 . 2008-06-30 20:15 <DIR> d-------- C:\Documents and Settings\Stanley Angrist\Application Data\Malwarebytes
2008-06-30 20:15 . 2008-06-30 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 20:15 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-30 20:15 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-30 19:44 . 2008-06-30 19:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 22:57 . 2008-06-29 22:57 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-29 20:37 . 2008-06-30 19:58 1,948 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-29 19:36 . 2008-06-29 19:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:43 --------- d--h--r C:\Documents and Settings\Stanley Angrist\Application Data\yahoo!
2008-06-23 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-20 05:27 --------- d-----w C:\Program Files\Trillian
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-27 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-18 03:58 --------- d-----w C:\Program Files\Rhapsody
2008-05-18 03:57 --------- d-----w C:\Program Files\Google
2008-05-13 02:20 --------- d-----w C:\Program Files\Primavera P3ec for Construction
2008-05-13 02:19 --------- d-----w C:\Program Files\Common Files\Primavera Common
2008-05-13 02:18 --------- d-----w C:\Program Files\Common Files\Novell Shared
2008-05-13 02:16 --------- d-----w C:\Program Files\Borland
2008-05-10 03:40 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-05-09 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-06 23:51 --------- d-----w C:\Documents and Settings\Stanley Angrist\Application Data\SmartFTP
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-04-21 07:04 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-04-21 07:04 615,936 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-04-21 07:04 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2008-04-21 07:04 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-04-17 10:52 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
.

((((((((((((((((((((((((((((( [email protected]_22.42.58.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-30 02:30:16 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-07-03 00:21:02 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\I386\bthport.sys
+ 2008-07-03 21:21:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-03 00:09:46 954,368 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUser.dat
+ 2008-07-03 00:09:46 135,168 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-03 21:21:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-03 00:09:37 954,368 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUser.dat
+ 2008-07-03 00:09:37 135,168 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-07-01 00:43:53 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-07-01 00:43:53 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-01 00:43:53 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
- 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
- 2008-06-29 17:41:39 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-07-03 20:14:51 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-06-29 17:41:39 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-07-03 20:14:51 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
- 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
- 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
- 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-04-21 07:03:58 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-02-16 22:29:38 3,059,712 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-04-21 07:03:59 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-04-21 07:03:59 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
- 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
- 2006-09-25 21:58:48 14,640 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE" [2006-09-08 08:55 835584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"NVIEW"="nview.dll" [2003-06-24 18:32 852038 C:\WINDOWS\SYSTEM32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-06-24 18:32 4800512]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" [2006-06-28 22:47 230976]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 14:49 98304]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 18:11 148480]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"nwiz"="nwiz.exe" [2003-06-24 18:32 323584 C:\WINDOWS\SYSTEM32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Principia Online Update.lnk]
backup=C:\WINDOWS\pss\Principia Online Update.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Principia Pro Online Update.lnk]
backup=C:\WINDOWS\pss\Principia Pro Online Update.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stanley Angrist^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-12-17 15:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
"Enabled"= 1 (0x1)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-03-30 02:25]
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2006-09-08 05:03]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2001-09-09 21:10]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 14:10]
S3 jgameenp;jgameenp;C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\jgameenp.sys []
S3 TNET1130;802.11g WLAN;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2003-11-17 05:06]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys [2004-03-10 17:54]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 15:52]

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2001-11-30 01:20:28 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2001-11-30 01:20:29 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-10-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-10-01 05:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2001-11-30 15:13:41 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-MSNPluginSrvcs - p6.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 18:26:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\InterBaseServer]
"ImagePath"="C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver -s"
.
Completion time: 2008-07-03 18:31:39
ComboFix-quarantined-files.txt 2008-07-03 22:31:28
ComboFix2.txt 2008-06-30 02:44:13

Pre-Run: 12,874,387,456 bytes free
Post-Run: 12,853,542,912 bytes free

300 --- E O F --- 2008-07-02 06:38:10


HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:44:48 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [i8kfangui] C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5323 bytes


Thanks for your help
  • 0

#8
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
zpalffy,
Your logs are looking good. Do you notice any difference in your computer and can you change your background now? We have a few more steps to do and I think we'll be done.


STEP ONE
First, reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\jgameenp.sys

After that, Reboot back into normal mode.


STEP TWO
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


STEP THREE
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • 0

#9
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes I can change the background now. I think that we are very close also to being done. Thanks for all for your help

Zpalffy
  • 0

#10
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here is my latest log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:55:15 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\PROGRA~1\I8KFAN~1\I8KFAN~1.EXE /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: NVDESK32.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5548 bytes


Thanks for your hard work
  • 0

#11
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
zpalffy, everything looks good to me. If you don't have any more issues lets consider this one solved.

Also, The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • SUPERAntiSpyware - A powerful tool which can search and annihilate malware that makes its way onto your system.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • Avast! Anti-Virus - A free for home use anti-virus program.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • JKDefrag - A disk defragmenter and optimizer for Windows 2000/2003/XP/Vista. It is completely automatic and very easy to use, fast, low overhead and has several optimization strategies. After downloading the zip file, just extract JKDefrag.exe to your desktop and double click.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Pidgin - A Malware free Instant Messenger program which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN, MyspaceIM, GTalk)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#12
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for all of your help in this matter

I take it that I can get rid of these below
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL


From my log you can see that I run adaware, spyguard, spydoctor, winpatrol, pestpatrol, spysweeper, spybot, Mcafee antivirus, Mcafee firewall and I get all of the updates. I just did a stupid thing and let a program open that I should not have.

Thanks again for all of your hard work and taking the time to resolve my problem.
  • 0

#13
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
zpalffy,

STEP ONE
First, lets uninstall Combofix.
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Now, to answer your question, all but the last line there should not be touched. The last line is the Ask.com toolbar and is optional. If you feel that you want to remove that one you can.
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

Also, I left out a couple of steps in my last post.

STEP TWO
Please download OTCleanIt from here.
  • Once you have it downloaded, double click the icon.
  • When the program starts, just click the button labeled "CleanUp!"
  • If the program asks you to reboot, please do so.


STEP THREE
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • 0

#14
zpalffy

zpalffy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for all of your help I think yuo did it
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP