Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect/spyware.ispynow problem [Closed]

Started by eightcell , Dec 10 2008 10:17 AM

  • This topic is locked This topic is locked

#1
eightcell
Posted 10 December 2008 - 10:17 AM

eightcell

    New Member

  • Member
  • Pip
  • 6 posts
Hello! My computer has had a few issues. It has not been starting properly, often locking up and not letting me click on anything when windows starts and it is displaying my desktop. When I am able to get it going it going it gives me a message saying the computer is infected with "spyware.ispynow". Also when I do a google search if i click on any of the search results another tab opens with another random site that is not what I clicked on. It would not let me update ad-aware or AVG.

I went about finding a fix for spyware.ispynow which seemed to work as I no longer get the message about it, however I am still having the same problems with my browser/google in both Firefox and IE with the redirct. It will still not let me update ad-aware or AVG. When I run AVG it gives me the error ""avgwdswc.exe has encountered a problem...". Ad-aware finds nothing.

I ran ATF cleaner but it would not let me install Malwarebytes' Anti-Malware even in safe mode (the google redirect also occurs in safe mode).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:25 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\taskmgr.exe
E:\geekstogo_steps\mbam-setup.exe
E:\BZ\Malware\ComboFix.exe
E:\BZ\Malware\SpybotSD_SFX.exe
C:\DOCUME~1\JEDMOR~1\LOCALS~1\Temp\7zS23.tmp\SpybotSD.exe
E:\BZ\Malware\HijackThis2_sfx.exe
C:\DOCUME~1\JEDMOR~1\LOCALS~1\Temp\7zS24.tmp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...861/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 12366 bytes

Any help would be greatly appreciated.

Edited by eightcell, 10 December 2008 - 12:17 PM.

  • 0

Advertisements

#2
eightcell
Posted 12 December 2008 - 10:20 AM

eightcell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
bump!
  • 0

#3
fenzodahl512
Posted 13 December 2008 - 12:21 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.



Post these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER report
  • 0

#4
eightcell
Posted 14 December 2008 - 08:29 PM

eightcell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello thanks for responding.

The computer was giving me problems installing the Malwarebyte's program (saying it installed but only having an empty folder in the programs directory.) I finally got it to install (seemingly) however it will not run in standard or safe mode.

I went ahead and got logs from the other 2 programs (posted below).
  • 0

#5
eightcell
Posted 14 December 2008 - 08:32 PM

eightcell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
You said that RSIT should be giving me 2 txt files, info anf log, but it is only showing a log each time I run it.

Here it is -

RSIT LOG:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jed Morganstein at 2008-12-14 21:16:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 62 GB (41%) free of 149 GB
Total RAM: 1022 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JED-Jed Morganstein).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-29 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-29 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-09-20 4583424]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll []
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"Dell Photo AIO Printer 942"=C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe [2004-08-31 294912]
"DellMCM"=C:\Program Files\Dell Photo AIO Printer 942\memcard.exe [2004-07-27 262144]
"FLMOFFICE4DMOUSE"=C:\Program Files\Browser Mouse\mouse32a.exe [2005-04-10 356352]
"winlog"=winlog.exe []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-29 1261336]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Valve\Steam\\Steam.exe [2008-10-07 1410296]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-12-02 42496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Alias SketchBook Snapshot.lnk - C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\jedmorganstein\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\jedmorganstein\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Valve\Steam\SteamApps\jedmorganstein\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\jedmorganstein\half-life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\THQ\Dawn Of War\W40k.exe"="C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k"
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe"="C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a357b66a-c47c-11dd-a62e-bed08ef68e74}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-12-14 21:02:17 ----A---- C:\WINDOWS\gmer.ini
2008-12-14 21:02:11 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-14 21:02:11 ----A---- C:\WINDOWS\gmer.dll
2008-12-14 21:02:10 ----A---- C:\WINDOWS\gmer.exe
2008-12-14 20:45:43 ----D---- C:\rsit
2008-12-14 20:45:43 ----D---- C:\Program Files\trend micro
2008-12-14 20:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 20:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 21:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 21:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 21:06:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 21:06:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-09 20:53:24 ----D---- C:\Documents and Settings\Jed Morganstein\Application Data\U3
2008-12-09 20:03:57 ----D---- C:\WINDOWS\pss
2008-12-07 12:00:02 ----D---- C:\VundoFix Backups
2008-12-07 12:00:02 ----A---- C:\VundoFix.txt
2008-12-07 11:36:11 ----SHD---- C:\WINDOWS\CSC
2008-12-07 11:33:36 ----D---- C:\Program Files\Bazooka Scanner
2008-11-29 23:52:54 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-29 23:47:31 ----SHD---- C:\Config.Msi
2008-11-22 11:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-22 11:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-22 11:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-26 01:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 09:58:02 ----D---- C:\Program Files\iPod
2008-10-25 09:58:01 ----D---- C:\Program Files\iTunes
2008-10-25 09:58:01 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 01:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 01:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 01:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 01:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 01:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-29 21:23:57 ----HD---- C:\$AVG8.VAULT$
2008-09-29 16:33:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-29 16:33:50 ----D---- C:\Documents and Settings\Jed Morganstein\Application Data\AVGTOOLBAR
2008-09-29 16:33:43 ----D---- C:\Program Files\AVG
2008-09-29 16:33:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 00:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-28 15:55:02 ----D---- C:\WINDOWS\Prefetch
2008-09-28 15:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 15:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 15:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 15:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 15:41:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 15:41:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-28 15:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 15:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 15:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 15:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 15:39:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 15:35:06 ----D---- C:\WINDOWS\system32\scripting
2008-09-28 15:35:05 ----D---- C:\WINDOWS\l2schemas
2008-09-28 15:35:04 ----D---- C:\WINDOWS\system32\en
2008-09-28 15:35:04 ----D---- C:\WINDOWS\system32\bits
2008-09-28 15:31:40 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-28 15:26:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-27 13:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-27 13:48:12 ----D---- C:\Program Files\Dell Support Center
2008-09-27 13:48:10 ----D---- C:\Program Files\Common Files\supportsoft
2008-09-17 18:09:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-17 18:09:55 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-17 18:09:54 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-17 18:09:54 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-17 18:09:45 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-17 18:09:45 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-17 18:09:37 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-17 18:09:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-17 18:09:34 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-17 18:09:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-17 18:09:34 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-17 18:09:34 ----N---- C:\WINDOWS\slrundll.exe
2008-09-17 18:09:33 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-17 18:09:33 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-17 18:09:30 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-17 18:09:28 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-17 18:09:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-17 18:09:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-17 18:09:24 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-17 18:09:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-17 18:09:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-17 18:09:23 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-17 18:09:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-17 18:09:19 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-17 18:09:10 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-17 18:09:10 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-17 18:09:10 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-17 18:09:09 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-17 18:09:09 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-17 18:09:08 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-17 18:09:07 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-17 18:09:07 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-17 18:08:53 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-17 18:08:52 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-17 18:08:52 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-17 18:08:52 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-17 18:08:40 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-17 18:08:39 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-17 18:08:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-17 18:08:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-17 18:08:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-17 18:08:38 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-17 18:08:29 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-17 18:08:29 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-17 18:08:25 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-17 18:08:20 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-17 18:08:14 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-17 18:08:14 ----A---- C:\WINDOWS\002876_.tmp
2008-09-17 18:08:12 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-17 18:08:12 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-17 18:08:12 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-17 18:08:12 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-17 18:08:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-17 18:08:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-17 18:08:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-17 18:08:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-17 18:08:08 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-17 18:08:07 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-17 18:08:07 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-17 18:08:07 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-17 18:08:04 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-17 18:08:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-17 18:08:00 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-17 18:07:59 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-17 18:07:59 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-17 18:07:58 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 18:07:58 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-17 18:07:58 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-17 18:07:58 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-17 18:07:58 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-17 18:07:53 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 3 months======

2008-12-14 21:15:21 ----D---- C:\WINDOWS\Temp
2008-12-14 21:15:13 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-12-14 21:14:51 ----D---- C:\WINDOWS
2008-12-14 21:12:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 21:02:11 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-14 20:53:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 20:45:43 ----RD---- C:\Program Files
2008-12-14 20:43:01 ----D---- C:\Documents and Settings\Jed Morganstein\Application Data\WTablet
2008-12-14 20:17:30 ----SHD---- C:\WINDOWS\SYSTEM32
2008-12-14 20:16:51 ----HD---- C:\WINDOWS\INF
2008-12-14 20:16:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-14 20:16:33 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-12-14 20:16:32 ----D---- C:\Program Files\Internet Explorer
2008-12-14 20:16:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 20:16:15 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 20:38:21 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 20:36:24 ----RASH---- C:\BOOT.INI
2008-12-09 20:36:24 ----A---- C:\WINDOWS\WIN.INI
2008-12-09 20:36:24 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 18:18:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 17:52:08 ----D---- C:\WINDOWS\Help
2008-12-02 21:02:53 ----D---- C:\Documents and Settings\Jed Morganstein\Application Data\Apple Computer
2008-11-29 23:52:56 ----SHD---- C:\WINDOWS\Installer
2008-11-22 11:15:13 ----D---- C:\WINDOWS\WinSxS
2008-11-03 20:39:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 09:54:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:34 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-06 19:37:06 ----D---- C:\Program Files\SolidWorks
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-02 00:02:54 ----A---- C:\Program Files\SolidWorksswxJRNL.BAK
2008-09-29 16:33:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-29 16:30:31 ----D---- C:\Program Files\McAfee.com
2008-09-29 16:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-09-29 16:00:44 ----SD---- C:\WINDOWS\Tasks
2008-09-29 10:07:12 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2008-09-28 17:41:25 ----D---- C:\Documents and Settings\Jed Morganstein\Application Data\McAfee.com Personal Firewall
2008-09-28 15:55:48 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-28 15:54:59 ----A---- C:\WINDOWS\setuplog.txt
2008-09-28 15:54:26 ----D---- C:\WINDOWS\system32\Setup
2008-09-28 15:54:26 ----D---- C:\WINDOWS\AppPatch
2008-09-28 15:54:25 ----RSD---- C:\WINDOWS\Fonts
2008-09-28 15:54:25 ----D---- C:\WINDOWS\system32\WBEM
2008-09-28 15:39:57 ----D---- C:\Program Files\Messenger
2008-09-28 15:39:18 ----D---- C:\WINDOWS\SECURITY
2008-09-28 15:35:21 ----D---- C:\WINDOWS\system32\INETSRV
2008-09-28 15:35:21 ----D---- C:\WINDOWS\network diagnostic
2008-09-28 15:35:20 ----D---- C:\WINDOWS\IME
2008-09-28 15:35:08 ----D---- C:\WINDOWS\system32\USMT
2008-09-28 15:35:08 ----D---- C:\WINDOWS\system32\en-US
2008-09-28 15:35:04 ----D---- C:\WINDOWS\PeerNet
2008-09-28 15:35:04 ----D---- C:\Program Files\Movie Maker
2008-09-28 15:31:26 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 15:31:25 ----D---- C:\WINDOWS\system32\NPP
2008-09-28 15:31:25 ----D---- C:\WINDOWS\MUI
2008-09-28 15:31:24 ----D---- C:\WINDOWS\MSAGENT
2008-09-28 15:31:23 ----D---- C:\WINDOWS\SRCHASST
2008-09-28 15:31:22 ----D---- C:\Program Files\NetMeeting
2008-09-28 15:31:21 ----D---- C:\WINDOWS\system32\Com
2008-09-28 15:31:19 ----D---- C:\Program Files\Windows NT
2008-09-28 15:31:19 ----D---- C:\Program Files\Windows Media Player
2008-09-28 15:31:18 ----D---- C:\Program Files\Outlook Express
2008-09-28 15:31:16 ----D---- C:\Program Files\Common Files\System
2008-09-28 15:31:05 ----D---- C:\WINDOWS\system32\OOBE
2008-09-28 15:31:02 ----D---- C:\WINDOWS\SYSTEM
2008-09-28 15:28:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-28 15:26:06 ----D---- C:\WINDOWS\EHOME
2008-09-27 13:48:10 ----D---- C:\Program Files\Common Files
2008-09-24 23:44:45 ----D---- C:\Program Files\Bonjour
2008-09-17 17:50:42 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-29 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-12-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-09-20 2738592]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-14 85969]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 Xmlpwntmpu;Xmlpwntmpu; C:\WINDOWS\system32\drivers\Xmlpwntmpu.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-25 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-09-20 127043]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2008-05-01 3032360]
R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2008-06-06 3406120]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-11 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlbu_device;dlbu_device; C:\WINDOWS\system32\dlbucoms.exe [2004-07-01 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
  • 0

#6
eightcell
Posted 14 December 2008 - 08:34 PM

eightcell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
gmer log (attached)

Attached Files


  • 0

#7
fenzodahl512
Posted 15 December 2008 - 04:34 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#8
eightcell
Posted 18 December 2008 - 08:32 PM

eightcell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello. Thank you again for helping.

Combofix will not run either though. The cursor will become an hourglass but then go back to an arrow and nothing happens.

I also have to start the computer 2 or 3 times to get it to not lock up when it starts.
  • 0

#9
fenzodahl512
Posted 18 December 2008 - 09:11 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets do this instead....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



And, post these logs in your next reply.. Post each log in separate post..

1. SDFix
2. Malwarebytes'
  • 0

#10
fenzodahl512
Posted 25 December 2008 - 10:43 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP