Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help with virus/malware [RESOLVED]


  • This topic is locked This topic is locked

#1
dawg3

dawg3

    Member

  • Member
  • PipPip
  • 62 posts
all of a sudden i started getting pop ups after the kids used the computer. (now grounded)
finding different malware/spyware everytime i run a new scan. get a virus alert from avg.

here is the hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:25 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillgro...SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187446712968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1187446670609
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c006EE1E - C:\WINDOWS\system32\__c006EE1E.dat (file missing)
O20 - Winlogon Notify: __c00DADC8 - C:\WINDOWS\system32\__c00DADC8.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10243 bytes


malware bytes log file:

Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

11:56:11 PM 8/16/2008
mbam-log-8-16-2008 (23-56-11).txt

Scan type: Quick Scan
Objects scanned: 42704
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00DADC8.dat (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00dadc8 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006ee1e (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\__c00DADC8.dat (Trojan.Agent) -> Delete on reboot.


  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello dawg3, sorry about the delay everyone here has been very busy.
If you could please post a new HijackThis log in your next reply.
  • 0

#3
dawg3

dawg3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
should be the same i have not used it since i posted

lol. i am a buckeye also. go bucks.
what part are you in... cols here

Edited by dawg3, 20 August 2008 - 11:35 PM.

  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello dawg3,

should be the same i have not used it since i posted

Please post a fresh HijackThis log just to make sure nothing has changed. Also please do not post any of the logs in the quote box.

lol. i am a buckeye also. go bucks.
what part are you in... cols here

Around the Akron area.
  • 0

#5
dawg3

dawg3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
sorry for the quotes thing. just thought it would be wasier to read and seperate from the others.

go zips.

browns fan?

here is the hjt log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:12 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillgro...SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218946248484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218946226468
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10172 bytes
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello dawg3,

sorry for the quotes thing. just thought it would be wasier to read and seperate from the others.

No problem. :)

browns fan?

Yep, think they will make the playoffs this year?



STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please reopen HijackThis and click on Do a system scan only. And put a check next to the following lines.

O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat

Once you have the checks in those lines please make sure all open windows are closed (keep HijackThis open) and click Fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click Yes. After you have fixed those lines you can close HijackThis.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\__c0091A10.dat
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.
~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The OTViewIt log
And a fresh HijackThis log
  • 0

#7
dawg3

dawg3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
i hope they make the playoffs. they have the 2nd hardest schedule this year.

otmoveit it log
Explorer killed successfully
File move failed. C:\WINDOWS\system32\__c0091A10.dat scheduled to be moved on reboot.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_a1c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_e1c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_580.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_200201

Files moved on Reboot...
C:\WINDOWS\system32\__c0091A10.dat moved successfully.
File C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_a1c.dat not found!
File C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_e1c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_580.dat not found!


otviewit log file

OTViewIt logfile created on: 8/21/2008 8:06:31 PM
OTViewIt by OldTimer - Version 1.0.0.0 Folder = C:\Documents and Settings\Rabiddawgs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.50% Memory free
3.35 Gb Paging File | 2.89 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 68.53 Gb Free Space | 65.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAMEFREAK2
Current User Name: Rabiddawgs
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
[ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[Intel Corporation ] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[Intel® Corporation] - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgemc.exe
[Dell Inc.] - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[SigmaTel, Inc.] - C:\WINDOWS\stsystra.exe
[Dell Inc] - C:\Program Files\Dell\QuickSet\quickset.exe
[Synaptics, Inc.] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[ATI Technologies Inc.] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[Sonic Solutions] - C:\WINDOWS\system32\dla\tfswctrl.exe
[InstallShield Software Corporation] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[CyberLink Corp.] - C:\Program Files\Dell\MediaDirect\PCMService.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgcc.exe
[Dell] - C:\Program Files\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
[] - C:\Program Files\NetWaiting\netwaiting.exe
[Gteko Ltd.] - C:\Program Files\Dell Support\DSAgnt.exe
[Google Inc.] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[Adobe Systems Incorporated] - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[BVRP Software] - C:\Program Files\Digital Line Detect\DLG.exe
[ATI Technologies Inc.] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[OldTimer Tools] - C:\Documents and Settings\Rabiddawgs\Desktop\OTViewIt.exe

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
(Avg7Alrt) AVG7 Alert Manager Server [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
(Avg7UpdSvc) AVG7 Update Service [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
(AVGEMS) AVG E-mail Scanner [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgemc.exe
(dmadmin) Logical Disk Manager Administrative Service [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\dmadmin.exe
(EvtEng) Intel® PROSet/Wireless Event Log [Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(gusvc) Google Updater Service [Google] - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(NICCONFIGSVC) NICCONFIGSVC [Dell Inc.] - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(RegSrvc) Intel® PROSet/Wireless Registry Service [Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(S24EventMonitor) Intel® PROSet/Wireless Service [Intel Corporation ] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Intel® Corporation] - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Meetinghouse Data Communications] - C:\WINDOWS\system32\drivers\AegisP.sys
(AliIde) AliIde [Acer Laboratories Inc.] - C:\WINDOWS\system32\drivers\aliide.sys
(amdagp) AMD AGP Bus Filter Driver [Advanced Micro Devices, Inc.] - C:\WINDOWS\system32\drivers\amdagp.sys
(AngelUsb) Angel USB MPEG Device [Lumanate, Inc.] - C:\WINDOWS\system32\drivers\AngelUsb.sys
(APPDRV) APPDRV [Dell Inc] - C:\WINDOWS\system32\drivers\APPDRV.SYS
(ASAPIW2k) ASAPIW2k [Pinnacle Systems GmbH] - C:\WINDOWS\system32\drivers\asapiW2k.sys
(asc) asc [Advanced System Products, Inc.] - C:\WINDOWS\system32\drivers\asc.sys
(asc3550) asc3550 [Advanced System Products, Inc.] - C:\WINDOWS\system32\drivers\asc3550.sys
(ati2mtag) ati2mtag [ATI Technologies Inc.] - C:\WINDOWS\system32\drivers\ati2mtag.sys
(Avg7Core) AVG7 Kernel [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7core.sys
(Avg7RsW) AVG7 Wrap Driver [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7rsw.sys
(Avg7RsXP) AVG7 Resident Driver XP [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7rsxp.sys
(AvgClean) AVG7 Clean Driver [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avgclean.sys
(AvgTdi) AVG Network Redirector [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avgtdi.sys
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Broadcom Corporation] - C:\WINDOWS\system32\drivers\bcm4sbxp.sys
(CmdIde) CmdIde [CMD Technology, Inc.] - C:\WINDOWS\system32\drivers\cmdide.sys
(dac2w2k) dac2w2k [Mylex Corporation] - C:\WINDOWS\system32\drivers\dac2w2k.sys
(dmboot) dmboot [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\drivers\dmboot.sys
(dmio) Logical Disk Manager Driver [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\drivers\dmio.sys
(dmload) dmload [Microsoft Corp., Veritas Software.] - C:\WINDOWS\system32\drivers\dmload.sys
(drvmcdb) drvmcdb [Sonic Solutions] - C:\WINDOWS\system32\drivers\drvmcdb.sys
(drvnddm) drvnddm [Sonic Solutions] - C:\WINDOWS\system32\drivers\drvnddm.sys
(DSproct) DSproct [GTek Technologies Ltd.] - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
(E100B) Intel® PRO Adapter Driver [Intel Corporation] - C:\WINDOWS\system32\drivers\e100b325.sys
(Hardlock) Hardlock [Aladdin Knowledge Systems] - C:\WINDOWS\system32\drivers\hardlock.sys
(Haspnt) Haspnt [Aladdin Knowledge Systems] - C:\WINDOWS\system32\drivers\Haspnt.sys
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Windows ® Server 2003 DDK provider] - C:\WINDOWS\system32\drivers\hdaudbus.sys
(HSFHWAZL) HSFHWAZL [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
(HSF_DPV) HSF_DPV [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSF_DPV.sys
(mdmxsdk) mdmxsdk [Conexant] - C:\WINDOWS\system32\drivers\mdmxsdk.sys
(mraid35x) mraid35x [American Megatrends Inc.] - C:\WINDOWS\system32\drivers\mraid35x.sys
(nv) nv [NVIDIA Corporation] - C:\WINDOWS\system32\drivers\nv4_mini.sys
(omci) OMCI WDM Device Driver [Dell Inc] - C:\WINDOWS\system32\drivers\omci.sys
(Ptilink) Direct Parallel Link Driver [Parallel Technologies, Inc.] - C:\WINDOWS\system32\drivers\ptilink.sys
(PxHelp20) PxHelp20 [Sonic Solutions] - C:\WINDOWS\system32\drivers\pxhelp20.sys
(ql1080) ql1080 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql1080.sys
(ql12160) ql12160 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql12160.sys
(ql1280) ql1280 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql1280.sys
(rimmptsk) rimmptsk [REDC] - C:\WINDOWS\system32\drivers\rimmptsk.sys
(rimsptsk) rimsptsk [REDC] - C:\WINDOWS\system32\drivers\rimsptsk.sys
(rismxdp) Ricoh xD-Picture Card Driver [REDC] - C:\WINDOWS\system32\drivers\rixdptsk.sys
(s24trans) WLAN Transport [Intel Corporation] - C:\WINDOWS\system32\drivers\s24trans.sys
(SASDIFSV) SASDIFSV [SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
(SASENUM) SASENUM [ SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
(SASKUTIL) SASKUTIL [SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
(Secdrv) Secdrv [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] - C:\WINDOWS\system32\drivers\secdrv.sys
(sisagp) SIS AGP Bus Filter [Silicon Integrated Systems Corporation] - C:\WINDOWS\system32\drivers\sisagp.sys
(Sparrow) Sparrow [Adaptec, Inc.] - C:\WINDOWS\system32\drivers\sparrow.sys
(sscdbhk5) sscdbhk5 [Sonic Solutions] - C:\WINDOWS\system32\drivers\sscdbhk5.sys
(ssrtln) ssrtln [Sonic Solutions] - C:\WINDOWS\system32\drivers\ssrtln.sys
(STHDA) SigmaTel High Definition Audio CODEC [SigmaTel, Inc.] - C:\WINDOWS\system32\drivers\sthda.sys
(symc810) symc810 [Symbios Logic Inc.] - C:\WINDOWS\system32\drivers\symc810.sys
(symc8xx) symc8xx [LSI Logic] - C:\WINDOWS\system32\drivers\symc8xx.sys
(sym_hi) sym_hi [LSI Logic] - C:\WINDOWS\system32\drivers\sym_hi.sys
(sym_u3) sym_u3 [LSI Logic] - C:\WINDOWS\system32\drivers\sym_u3.sys
(SynTP) Synaptics TouchPad Driver [Synaptics, Inc.] - C:\WINDOWS\system32\drivers\SynTP.sys
(tfsnboio) tfsnboio [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnboio.sys
(tfsncofs) tfsncofs [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsncofs.sys
(tfsndrct) tfsndrct [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsndrct.sys
(tfsndres) tfsndres [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsndres.sys
(tfsnifs) tfsnifs [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnifs.sys
(tfsnopio) tfsnopio [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnopio.sys
(tfsnpool) tfsnpool [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnpool.sys
(tfsnudf) tfsnudf [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnudf.sys
(tfsnudfa) tfsnudfa [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnudfa.sys
(tmcomm) tmcomm [Trend Micro Inc.] - C:\WINDOWS\system32\drivers\tmcomm.sys
(ultra) ultra [Promise Technology, Inc.] - C:\WINDOWS\system32\drivers\ultra.sys
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Intel® Corporation] - C:\WINDOWS\system32\drivers\w39n51.sys
(winachsf) winachsf [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

[Registry - Non-Microsoft Only]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC" = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [ATI Technologies Inc.]
"AVG7_CC" = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP [GRISOFT, s.r.o.]
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [Dell Inc]
"DellNSCST_GRNCH" = "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI [Dell]
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [Sonic Solutions]
"IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [Intel Corporation]
"IntelZeroConfig" = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [Intel Corporation]
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [InstallShield Software Corporation]
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [InstallShield Software Corporation]
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"PCMService" = "C:\Program Files\Dell\MediaDirect\PCMService.exe" [CyberLink Corp.]
"PinnacleDriverCheck" = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []
"SigmatelSysTrayApp" = stsystra.exe [SigmaTel, Inc.]
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport" = "C:\Program Files\Dell Support\DSAgnt.exe" /startup [Gteko Ltd.]
"ModemOnHold" = C:\Program Files\NetWaiting\netWaiting.exe []
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [SUPERAntiSpyware.com]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [Adobe Systems Incorporated]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"run" = Reg Error: Value run does not exist or could not be read.

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[Adobe Systems Incorporated] - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[BVRP Software] - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Rabiddawgs Startup Folder - C:\Documents and Settings\Rabiddawgs\Start Menu\Programs\Startup]



[Files/Folders - Created Within 30 days]
[Folder | 8/16/2008 10:06:25 PM | RH ] - C:\$VAULT$.AVG
[Folder | 8/17/2008 1:20:49 AM | HS] - C:\Config.Msi
[Folder | 8/21/2008 8:02:01 PM | ] - C:\_OTMoveIt
[ATI Technologies Inc. | 56623 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1btxx.sys
[ATI Technologies Inc. | 11615 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[ATI Technologies Inc. | 12047 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[ATI Technologies Inc. | 30671 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1raxx.sys
[ATI Technologies Inc. | 63663 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[ATI Technologies Inc. | 26367 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1snxx.sys
[ATI Technologies Inc. | 21343 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[ATI Technologies Inc. | 36463 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[ATI Technologies Inc. | 29455 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[ATI Technologies Inc. | 34735 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[ATI Technologies Inc. | 327040 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[ATI Technologies Inc. | 57856 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinbtxx.sys
[ATI Technologies Inc. | 13824 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinmdxx.sys
[ATI Technologies Inc. | 14336 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinpdxx.sys
[ATI Technologies Inc. | 52224 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinraxx.sys
[ATI Technologies Inc. | 104960 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinrvxx.sys
[ATI Technologies Inc. | 28672 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinsnxx.sys
[ATI Technologies Inc. | 13824 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinttxx.sys
[ATI Technologies Inc. | 73216 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atintuxx.sys
[ATI Technologies Inc. | 31744 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinxbxx.sys
[ATI Technologies Inc. | 63488 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinxsxx.sys
[ | 64352 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ativmc20.cod
[ | 129045 | Created = 8/17/2008 12:28:40 AM | ] - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[Conexant Systems, Inc. | 220032 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[Conexant Systems, Inc. | 685056 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[Conexant Systems, Inc. | 1041536 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[Malwarebytes Corporation | 17144 | Created = 8/16/2008 10:23:19 PM | ] - C:\WINDOWS\System32\drivers\mbam.sys
[Malwarebytes Corporation | 38472 | Created = 8/16/2008 10:23:19 PM | ] - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[Smart Link | 126686 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[Smart Link | 1309184 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtlstrm.sys
[Matrox Graphics Inc. | 452736 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtxparhm.sys
[ | 67866 | Created = 8/17/2008 12:28:49 AM | ] - C:\WINDOWS\System32\drivers\netwlan5.img
[Smart Link | 180360 | Created = 8/17/2008 12:28:49 AM | ] - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[Smart Link | 13776 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\recagent.sys
[S3 Graphics, Inc. | 166912 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\s3gnbm.sys
[Smart Link | 129535 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slnt7554.sys
[Smart Link | 404990 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slntamr.sys
[Smart Link | 95424 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slnthal.sys
[Smart Link | 13240 | Created = 8/17/2008 12:28:51 AM | ] - C:\WINDOWS\System32\drivers\slwdmsup.sys
[Trend Micro Inc. | 102664 | Created = 8/16/2008 10:12:20 PM | ] - C:\WINDOWS\System32\drivers\tmcomm.sys
[Intel® Corporation | 11807 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv07nt.sys
[Intel® Corporation | 11295 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv08nt.sys
[Intel® Corporation | 11871 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv09nt.sys
[Intel® Corporation | 11935 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv11nt.sys
[Intel® Corporation | 22271 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\watv06nt.sys
[Intel® Corporation | 25471 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\watv10nt.sys
[Folder | 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\bits
[1 C:\WINDOWS\System32\*.tmp files]
[Folder | 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\en
[Folder | 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\scripting
[Folder | 8/17/2008 12:34:51 AM | H ] - C:\WINDOWS\$NtServicePackUninstall$
[2 C:\WINDOWS\*.tmp files]
[Folder | 8/17/2008 1:25:42 AM | ] - C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
[Folder | 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\l2schemas
[Folder | 8/17/2008 12:53:51 AM | ] - C:\WINDOWS\Prefetch
[Folder | 8/17/2008 12:40:40 AM | ] - C:\WINDOWS\ServicePackFiles
[Folder | 8/16/2008 10:23:18 PM | ] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[Folder | 8/16/2008 10:25:32 PM | ] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[Folder | 8/16/2008 10:23:21 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\Malwarebytes
[Folder | 8/16/2008 10:25:25 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\SUPERAntiSpyware.com
[Atribune.org | 50688 | Created = 8/16/2008 10:15:46 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ATF_Cleaner.exe:Zone.Identifier
[Digital River | 128368 | Created = 8/16/2008 10:16:03 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Download_mbam-setup.exe:Zone.Identifier
[Trend Micro Inc. | 401720 | Created = 8/16/2008 11:46:18 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\HiJackThis.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HiJackThis.exe:Zone.Identifier
[ | 6467096 | Created = 8/16/2008 10:21:02 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\SUPERAntiSpyware.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SUPERAntiSpyware.exe:Zone.Identifier
[ | 696 | Created = 8/16/2008 10:23:20 PM | ] - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[ | 780 | Created = 8/16/2008 10:25:26 PM | ] - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[OldTimer Tools | 291840 | Created = 8/21/2008 7:59:34 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTMoveIt2.exe
[OldTimer Tools | 1395200 | Created = 8/21/2008 8:05:51 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTViewIt.exe
[Folder | 8/16/2008 10:23:02 PM | ] - C:\Program Files\Common Files\Download Manager
[Folder | 8/16/2008 11:48:57 PM | ] - C:\Program Files\Hijackthis
[Folder | 8/16/2008 10:23:18 PM | ] - C:\Program Files\Malwarebytes' Anti-Malware
[Folder | 8/16/2008 10:25:25 PM | ] - C:\Program Files\SUPERAntiSpyware

[Files/Folders - Modified Within 30 days]
[Folder | Modified = 8/16/2008 11:18:07 PM | RH ] - C:\$VAULT$.AVG
[Folder | Modified = 8/17/2008 1:30:34 AM | HS] - C:\Config.Msi
[ | 2145845248 | Modified = 8/21/2008 8:03:39 PM | HS] - C:\hiberfil.sys
[Folder | Modified = 8/21/2008 8:04:02 PM | ] - C:\MDT
[ | 250048 | Modified = 8/17/2008 12:38:02 AM | RHS] - C:\ntldr
[Folder | Modified = 8/16/2008 11:49:05 PM | R ] - C:\Program Files
[Folder | Modified = 8/16/2008 10:43:47 PM | HS] - C:\System Volume Information
[Folder | Modified = 8/21/2008 8:04:21 PM | ] - C:\WINDOWS
[Folder | Modified = 8/21/2008 8:02:01 PM | ] - C:\_OTMoveIt
[Malwarebytes Corporation | 17144 | Modified = 7/30/2008 8:07:52 PM | ] - C:\WINDOWS\System32\drivers\mbam.sys
[Malwarebytes Corporation | 38472 | Modified = 7/30/2008 8:07:56 PM | ] - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[Trend Micro Inc. | 102664 | Modified = 8/16/2008 10:12:03 PM | ] - C:\WINDOWS\System32\drivers\tmcomm.sys
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\bits
[1 C:\WINDOWS\System32\*.tmp files]
[Folder | Modified = 8/17/2008 12:46:55 AM | ] - C:\WINDOWS\System32\CatRoot
[Folder | Modified = 8/17/2008 1:43:33 AM | ] - C:\WINDOWS\System32\CatRoot2
[Folder | Modified = 8/17/2008 12:40:21 AM | ] - C:\WINDOWS\System32\Com
[Folder | Modified = 8/17/2008 1:43:42 AM | ] - C:\WINDOWS\System32\dllcache
[Folder | Modified = 8/17/2008 1:26:26 AM | ] - C:\WINDOWS\System32\drivers
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\en
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\en-US
[ | 287704 | Modified = 8/17/2008 1:43:15 AM | ] - C:\WINDOWS\System32\FNTCACHE.DAT
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\System32\inetsrv
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\System32\npp
[Folder | Modified = 8/17/2008 12:40:02 AM | ] - C:\WINDOWS\System32\oobe
[ | 62434 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\perfc009.dat
[ | 402994 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\perfh009.dat
[ | 471976 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\PerfStringBackup.INI
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\System32\Restore
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\scripting
[Folder | Modified = 8/17/2008 12:53:13 AM | ] - C:\WINDOWS\System32\Setup
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\usmt
[Folder | Modified = 8/17/2008 12:53:12 AM | ] - C:\WINDOWS\System32\wbem
[ | 2206 | Modified = 8/21/2008 8:03:53 PM | ] - C:\WINDOWS\System32\wpa.dbl
[Folder | Modified = 8/17/2008 1:28:49 AM | H ] - C:\WINDOWS\$hf_mig$
[2 C:\WINDOWS\*.tmp files]
[Folder | Modified = 8/17/2008 12:37:09 AM | H ] - C:\WINDOWS\$NtServicePackUninstall$
[Folder | Modified = 8/17/2008 1:25:42 AM | ] - C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
[Folder | Modified = 8/17/2008 12:53:12 AM | ] - C:\WINDOWS\AppPatch
[ | 2048 | Modified = 8/21/2008 8:03:42 PM | S] - C:\WINDOWS\bootstat.dat
[Folder | Modified = 8/16/2008 11:35:49 PM | HS] - C:\WINDOWS\CSC
[Folder | Modified = 8/17/2008 1:26:54 AM | ] - C:\WINDOWS\Debug
[Folder | Modified = 8/17/2008 12:11:01 AM | S] - C:\WINDOWS\Downloaded Program Files
[Folder | Modified = 8/17/2008 12:34:50 AM | ] - C:\WINDOWS\ehome
[Folder | Modified = 8/17/2008 1:23:43 AM | R S] - C:\WINDOWS\Fonts
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\Help
[Folder | Modified = 8/17/2008 1:28:17 AM | ] - C:\WINDOWS\ie7updates
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\ime
[ | 1374 | Modified = 8/17/2008 1:28:48 AM | ] - C:\WINDOWS\imsins.BAK
[Folder | Modified = 8/17/2008 1:28:52 AM | H ] - C:\WINDOWS\inf
[Folder | Modified = 8/17/2008 1:30:34 AM | HS] - C:\WINDOWS\Installer
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\l2schemas
[Folder | Modified = 8/17/2008 12:40:26 AM | ] - C:\WINDOWS\msagent
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\mui
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\network diagnostic
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\PeerNet
[Folder | Modified = 8/21/2008 8:06:31 PM | ] - C:\WINDOWS\Prefetch
[Folder | Modified = 8/21/2008 8:03:51 PM | ] - C:\WINDOWS\Registration
[Folder | Modified = 8/17/2008 12:47:10 AM | ] - C:\WINDOWS\security
[Folder | Modified = 8/17/2008 12:40:40 AM | ] - C:\WINDOWS\ServicePackFiles
[Folder | Modified = 8/17/2008 12:11:31 AM | ] - C:\WINDOWS\SoftwareDistribution
[Folder | Modified = 8/17/2008 12:40:24 AM | ] - C:\WINDOWS\srchasst
[Folder | Modified = 8/17/2008 12:39:59 AM | ] - C:\WINDOWS\system
[Folder | Modified = 8/21/2008 8:03:46 PM | ] - C:\WINDOWS\system32
[Folder | Modified = 8/21/2008 8:04:00 PM | ] - C:\WINDOWS\Temp
[ | 717 | Modified = 8/17/2008 1:29:25 AM | ] - C:\WINDOWS\win.ini
[Folder | Modified = 8/17/2008 1:25:14 AM | ] - C:\WINDOWS\WinSxS
[ | 316640 | Modified = 8/17/2008 12:55:18 AM | ] - C:\WINDOWS\WMSysPr9.prx
[ | 6 | Modified = 8/21/2008 8:03:45 PM | H ] - C:\WINDOWS\tasks\SA.DAT
[Folder | Modified = 8/16/2008 10:44:56 PM | ] - C:\Documents and Settings\All Users\Application Data\avg7
[Folder | Modified = 8/16/2008 10:23:18 PM | ] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[Folder | Modified = 8/16/2008 10:25:32 PM | ] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[Folder | Modified = 7/27/2008 12:52:38 PM | ] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 107 bytes -> %AllUsersProfile%\Application Data\TEMP:74699137
@Alternate Data Stream - 130 bytes -> %AllUsersProfile%\Application Data\TEMP:ABE89FFE
[Folder | Modified = 8/16/2008 10:23:21 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\Malwarebytes
[Folder | Modified = 8/16/2008 10:25:25 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\SUPERAntiSpyware.com
[Folder | Modified = 8/17/2008 1:22:04 AM | ] - C:\Documents and Settings\Rabiddawgs\Local Settings\Application Data\ApplicationHistory
[ | 9915408 | Modified = 8/16/2008 10:28:45 PM | H ] - C:\Documents and Settings\Rabiddawgs\Local Settings\Application Data\IconCache.db
[Atribune.org | 50688 | Modified = 8/16/2008 10:15:46 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ATF_Cleaner.exe:Zone.Identifier
[Digital River | 128368 | Modified = 8/16/2008 10:16:04 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Download_mbam-setup.exe:Zone.Identifier
[Trend Micro Inc. | 401720 | Modified = 8/16/2008 11:46:19 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\HiJackThis.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HiJackThis.exe:Zone.Identifier
[Folder | Modified = 7/27/2008 12:53:32 PM | R ] - C:\Documents and Settings\Rabiddawgs\My Documents\My Pictures
[ | 6467096 | Modified = 8/16/2008 10:21:02 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\SUPERAntiSpyware.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SUPERAntiSpyware.exe:Zone.Identifier
[ | 696 | Modified = 8/16/2008 10:23:20 PM | ] - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[ | 780 | Modified = 8/16/2008 10:25:26 PM | ] - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[OldTimer Tools | 291840 | Modified = 8/21/2008 7:59:32 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTMoveIt2.exe
[OldTimer Tools | 1395200 | Modified = 8/21/2008 8:05:56 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTViewIt.exe
[Folder | Modified = 8/16/2008 10:23:02 PM | ] - C:\Program Files\Common Files\Download Manager
[Folder | Modified = 8/17/2008 1:23:25 AM | ] - C:\Program Files\Common Files\Microsoft Shared
[Folder | Modified = 8/17/2008 12:53:12 AM | ] - C:\Program Files\Common Files\System
[Folder | Modified = 8/16/2008 10:25:04 PM | ] - C:\Program Files\Common Files\Wise Installation Wizard

< End of report >


hjt log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:45 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillgro...SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218946248484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218946226468
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9993 bytes
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello dawg3,

STEP 1
Please reopen HijackThis and click on Do a system scan only. And put a check next to the following line.

O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat (file missing)

Once you have the check in that line please make sure all open windows are closed (keep HijackThis open) and click Fix checked on HijackThis. A box will open up asking if you want to fix the selected item, please click Yes. After you have fixed that line you can close HijackThis.

STEP 2
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
A fresh HijackThis log
And please tell me how your computer is running
  • 0

#9
dawg3

dawg3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
seems to running ok. i have not really used it all till i get these problems fixed.
i will try and use it more over the next few days to see how it goes.

here is the hjt log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:08 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillgro...SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1218946248484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218946226468
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9883 bytes


here is the kasp log file

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack

3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 18:44:27
Records in database: 1124860
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 65047
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:58:56


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\08212008_200201\WINDOWS\system32\__

c0091A10.dat Infected: Trojan-Downloader.Win32.Agent.abtf

1

The selected area was scanned.
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello dawg3,
Your logs look clean. :)
Just a few more things to do.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



You are using a old version of Adobe Acrobat Reader, please update it here.




  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Please remove any leftover tools that are left from cleaning your computer.



Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP