Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer will not install programs or run some of the existing ones


  • Please log in to reply

#1
huckster

huckster

    Member

  • Member
  • PipPip
  • 14 posts
I began having a problem with one of my comp's. There are multiple users and they started having problem with pop ups stating that the comp had infections and what not. I currently had installed spywareblaster, spybot S&D, malewarebytes, AVG 7.5, all of which were out of date (that's another issue, gggrrrrr). I have used geekstogo methods of prevention with much success and I am familiar with your steps. The computer will not let me install the updates, it gives various error codes. I get weird CRC messages during spybot s&d scan and the errors have to do with virtumonde, but I'm not sure if that's what it was looking for at the time it errored or if there was an infection. I can't run any antivirus. I tried to reinstall AVG and it wouldn't install. I tried to install all of the virus programs on your website but none will load. I tried the online scanners but again, it would not complete the scan.
I tried to load the OTListit2 and it won't run, pops up with the message "ACCESS VIOLATION at address 00404368 in module OTListIt2.exe. Rad of address 00000001.
I am going to include the Hijackthis log only because it would install and run. I have run the ATF. None of the other programs will install or run. Can you help me. I really don't want to format the hard drive unless I absolutely have to. I am totally baffled.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:45 PM, on 5/4/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191356860109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5316 bytes

ROOTER
Microsoft Windows 2000 Professional (5.0.2195) Service Pack 4

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:19085 Mo/Free:3649 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Network] (Total:444530 Mo/Free:2277 Mo)
N:\ [Network] (Total:444530 Mo/Free:2277 Mo)
Z:\ [Network] (Total:444530 Mo/Free:2277 Mo)

Mon 05/04/2009|22:22

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINNT\system32\csrss.exe
---------- \??\C:\WINNT\system32\winlogon.exe
---------- C:\WINNT\system32\services.exe
---------- C:\WINNT\system32\lsass.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\WINNT\system32\spoolsv.exe
---------- C:\WINNT\System32\cisvc.exe
---------- C:\WINNT\System32\svchost.exe
---------- C:\WINNT\system32\nvsvc32.exe
---------- C:\WINNT\system32\regsvc.exe
---------- C:\WINNT\system32\MSTask.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINNT\System32\WBEM\WinMgmt.exe
---------- C:\WINNT\system32\svchost.exe
---------- C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
---------- C:\WINNT\System32\cidaemon.exe
---------- C:\WINNT\Explorer.EXE
---------- C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
---------- C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
---------- C:\Program Files\Logitech\iTouch\iTouch.exe
---------- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
---------- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
---------- C:\WINNT\system32\RUNDLL32.EXE
---------- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
---------- C:\WINNT\System32\svchost.exe
---------- C:\WINNT\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello huckster,

Welcome to Geekstog.

Lets see if your machine will let you do this.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#3
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the text files.
When I ran the combofix, I had to try a couple of times to get it to completely run.

ComboFix 09-05-19.01 - dbruce 05/20/2009 2:03.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.247.115 [GMT -4:00]
Running from: c:\documents and settings\dbruce\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-20 05:44 . 2009-05-20 05:44 16384 ----atw c:\winnt\system32\Perflib_Perfdata_2e4.dat
2009-05-16 08:02 . 2009-05-16 08:02 16384 ----atw c:\winnt\system32\Perflib_Perfdata_4f0.dat
2009-05-16 05:20 . 2009-05-16 05:20 -------- d-----w c:\documents and settings\hcrawford\Local Settings\Application Data\Mozilla
2009-05-16 05:19 . 2009-05-16 05:19 -------- d-----w c:\documents and settings\hcrawford
2009-05-05 02:22 . 2009-05-05 02:22 -------- d-----w C:\Rooter$
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w C:\VundoFix Backups
2009-05-03 04:16 . 2009-05-03 04:16 -------- d-----w C:\fsaua.data
2009-05-03 03:24 . 2009-05-03 03:24 16384 ----atw c:\winnt\system32\Perflib_Perfdata_340.dat
2009-05-03 03:24 . 2009-05-03 03:24 -------- d-----w C:\win~t
2009-05-03 02:43 . 2009-05-03 02:43 -------- d-----w c:\program files\Trend Micro
2009-05-02 07:26 . 2009-05-02 07:26 -------- d-----w C:\!FixIEDef
2009-05-02 02:52 . 2009-05-02 02:52 -------- d-----w c:\documents and settings\dbruce\Application Data\Malwarebytes
2009-05-02 02:52 . 2009-04-06 19:32 15504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-05-02 02:52 . 2009-04-06 19:32 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-05-02 02:52 . 2009-05-02 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 02:52 . 2009-05-02 02:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-01 07:10 . 2008-06-25 12:33 52496 ----a-w c:\winnt\system32\mtxclu.dll
2009-05-01 07:10 . 2008-06-25 12:33 728336 ----a-w c:\winnt\system32\msdtcprx.dll
2009-05-01 07:05 . 2009-05-01 07:05 16384 ----atw c:\winnt\system32\Perflib_Perfdata_664.dat
2009-05-01 06:09 . 2009-05-05 03:21 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 03:21 . 2007-03-03 13:20 -------- d---a-w c:\program files\SpywareBlaster
2009-05-03 03:29 . 2007-03-03 13:30 -------- d---a-w c:\program files\SUPERAntiSpyware
2009-05-02 01:08 . 2007-03-03 13:15 -------- d---a-w c:\program files\Spybot - Search & Destroy
2009-02-19 21:33 . 2009-02-19 21:33 576512 ----a-w c:\winnt\system32\WININET.DLL
2009-02-19 06:36 . 2003-05-30 13:00 1223168 ----a-w c:\winnt\system32\quartz.dll
2003-07-24 19:27 . 2003-07-24 19:27 271 ---ha-w c:\program files\desktop.ini
2003-07-24 19:27 . 2003-07-24 19:27 21952 ---ha-w c:\program files\folder.htt
.

------- Sigcheck -------

[7] 2003-06-19 19:05 743184 AFFDA6F602A8F0DBA615279C28B3BDF8 c:\winnt\$NtUninstallKB835732$\kernel32.dll
[7] 2004-03-24 02:17 742160 5E9BB22C56919870FC80444E655F8AF6 c:\winnt\$NtUninstallKB935839$\kernel32.dll
[-] 2002-08-15 11:34 708880 F9A7D38896014E352217AAAE5B01F721 c:\winnt\$NtUninstallQ328310$\kernel32.dll
[7] 2002-07-22 16:05 733968 64BB009C268A573563E71971AC0F8ED7 c:\winnt\$NtUninstallQ329115$\kernel32.dll
[-] 2002-11-07 19:08 708880 726EA72ED9CA5C7E096780089B77A452 c:\winnt\$NtUninstallQ811493$\kernel32.dll
[7] 2007-04-16 12:44 712976 18D623471DE9DCC2CEA310B2F3FBA15A c:\winnt\$NtUpdateRollupPackUninstall$\kernel32.dll
[7] 2007-04-16 12:44 712976 18D623471DE9DCC2CEA310B2F3FBA15A c:\winnt\Driver Cache\i386\kernel32.dll
[7] 2003-06-19 19:05 743184 1E93BDAAE187253D18711DA5C210474A c:\winnt\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 12:44 712976 0AB23B46CCAEBA64D748A5CF79CB4BB6 c:\winnt\system32\KERNEL32.DLL
[7] 2007-04-16 12:44 712976 18D623471DE9DCC2CEA310B2F3FBA15A c:\winnt\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2002-09-09 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2002-09-09 114688]
"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-08-12 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2006-08-12 1519616]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-01 05:51 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave1"=
"wave2"=
"wave3"=
"wave4"=
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi1"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer1"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=
"MIDI10"= SYNCOR11.DLL

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09 PM 55024]
R2 HPW5ECP;HPW5ECP;c:\winnt\system32\drivers\HPW5ECP.sys [12/17/1999 12:08 PM 44032]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/24/2003 5:22 PM 49776]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 3CA4ABE393513D1CAF56A8F87B763084
*NewlyCreated* - 66A3D041F9CDA72C3EB872B95B53BE1F
*NewlyCreated* - C3955DD2ABD9D9086C7CB61A16EE1E62
.
Contents of the 'Scheduled Tasks' folder

2003-08-11 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-24 13:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\msafd.dll
TCP: {17DB21D9-0F58-4565-893F-96144FC0758A} = 168.192.1.26,206.141.193.55
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dbruce\Application Data\Mozilla\Firefox\Profiles\qqgf7prb.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 02:05
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(196)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2009-05-20 2:06
ComboFix-quarantined-files.txt 2009-05-20 06:06

Pre-Run: 12,413,702,144 bytes free
Post-Run: 14,471,852,032 bytes free

169 --- E O F --- 2009-05-18 07:01

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:59 AM, on 5/20/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\HPBPRO.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191356860109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5662 bytes
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello huckster,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things and stop other tools from working..
Please disable TeaTimer for now. TeaTimer can be re-activated once we have finished cleaning your machine.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Reboot your computer.

Now

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Next

Unless I am missing something I don't see and anti-virus program or firewall on your computer.

Before we do anything else please download and install one of these good antivirus programs (these are free for personal use):
You should also have a good firewall. Choose one from these that are free for personal use:
  • Comodo Note:Comodo Firewall is no longer available as a stand-alone download and you should choose firewall only during installation.
  • PC Tools Firewall Plus
It is critical to have both a firewall and anti virus to protect your system.

Download all updates for your antivirus and then run a full scan of your computer. Save the results of the scan and then let the program fix all problems it finds. Post results of the scan back here. :)
  • 0

#5
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Boy, what a pain. I had to try multiple times to get the antivirus to load. finally I was able to get Avira to load and scan.


Thanks for your help!

AVIRA SCAN LOG


Avira AntiVir Personal
Report file date: Friday, May 22, 2009 02:16

Scanning for 1413622 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MORTECH3

Version information:
BUILD.DAT : 8.2.0.348 16934 Bytes 3/23/2009 13:44:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 13:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 06:13:48
ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 5/20/2009 06:14:38
ANTIVIR3.VDF : 7.1.4.3 17920 Bytes 5/21/2009 06:14:39
Engineversion : 8.2.0.168
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/22/2009 06:15:10
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/22/2009 06:15:07
AESCN.DLL : 8.1.2.3 127347 Bytes 5/22/2009 06:15:04
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:58:38
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/22/2009 06:15:03
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 5/22/2009 06:14:59
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/22/2009 06:14:56
AEHELP.DLL : 8.1.2.2 119158 Bytes 5/22/2009 06:14:47
AEGEN.DLL : 8.1.1.44 348532 Bytes 5/22/2009 06:14:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 15:05:56
AECORE.DLL : 8.1.6.9 176500 Bytes 5/22/2009 06:14:43
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 15:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 14:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 5/22/2009 06:14:41
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 16:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 13:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 17:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 22:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 17:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, May 22, 2009 02:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWAR' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.ex' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'imontray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'imonNT.exe' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: Friday, May 22, 2009 02:34
Used time: 17:48 Minute(s)

The scan has been done completely.

6559 Scanning directories
242207 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
242206 Files not concerned
5874 Archives were scanned
1 Warnings
0 Notes

Here is the HiJackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:33 AM, on 5/22/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191356860109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6157 bytes
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello again huckster,

Good choice Avira. I run it on my machine. The popup everytime the free version updates can be a pain but other than that I think it is an excellant anti-virus program.

Moving on:

Firstly a reminder to make sure TeaTimer and your anti-virus/anti-spyware programs are turned off to ensure they don't interfere with our tools.

Now

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{17DB21D9-0F58-4565-893F-96144FC0758A}: NameServer = 168.192.1.26,206.141.193.55

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Next
  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that it is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#7
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, here we go. This is the info log first. AGAIN, THANKS FOR THE HELP! \O/\O/\O/

info.txt

logfile of random's system information tool 1.06 2009-05-22 20:56:46

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B331E0-81F0-11D1-883B-3C8B00C10000}\setup.exe"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AutoCAD Express Tools Volumes 1-9-->MsiExec.exe /X{5783F2D7-0211-0409-0000-0060B0CE6BBA}
AutoCAD Mechanical 2004 DX-->MsiExec.exe /I{5783F2D7-0215-0409-0000-0060B0CE6BBA}
AutoCAD R14.0-->C:\WINNT\uninst.exe -f"C:\Program Files\AutoCAD R14\DeIsL1.isu"
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
FreeZip-->rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\freezip.inf,Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
HP Designjet 500-800 series FUU-->MsiExec.exe /I{21999F55-6F63-4FAB-9172-423355DC656D}
HP DeskJet 1120C Printer-->C:\HPW5\HPW5TI1.exe -DSOURCEPATH=;C:\HPW5\;string -P HP DeskJet 1120C Printer -I C:\HPW5\DJ1120C\HPW5TI1_u.ini -U -DLOG=;C:\HPW5\HPW5TI1_u.log
HP DeskJet 1220C Printer-->C:\WINNT\ISUNINST.EXE -a -f"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\HPWTVW.DLL" -u"comp.ini"
HP Install Network Printer Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5E5233B-17E9-4F1B-824D-46571B780EB1}\Setup.exe" -l0x9 UNINSTALL
HP Internet Printer Connection-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP Internet Printer Connection\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP Internet Printer Connection\hpjippun.dll"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® Active Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
LPV2 Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60F2FA45-3B4F-11D6-AFA5-0040266C0063}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINNT\system32\nvudisp.exe UninstallGUI
Security Update for DirectX 9 (KB941568)-->"C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9 (KB951698)-->"C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for DirectX 9.0b (KB961373)-->"C:\WINNT\$NtUninstallKB961373_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM71$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB954600)-->"C:\WINNT\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
STEP-->C:\WINNT\uninst.exe -f"C:\Program Files\AutoCAD R14\DeIsL3.isu"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923561-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB936021-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938127-->"C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938829-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941202-->"C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941644-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941693-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944533-->"C:\WINNT\$NtUninstallKB944533-IE6SP1-20071210.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB947864-->"C:\WINNT\$NtUninstallKB947864-IE6SP1-20080215.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948881-->"C:\WINNT\$NtUninstallKB948881-IE6SP1-20080313.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950759-->"C:\WINNT\$NtUninstallKB950759-IE6SP1-20080418.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950760-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952004-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Windows 200

AND NOW THE LOG FILE

Logfile of random's system information tool 1.06 (written by random/random)
Run by dbruce at 2009-05-22 23:04:51
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 14 GB (72%) free of 19 GB
Total RAM: 247 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:08 PM, on 5/22/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\dbruce\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\dbruce.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Network -p -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191356860109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5638 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,[email protected],&Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2002-09-09 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2002-09-09 114688]
"IMONTRAY"=C:\Program Files\Intel\Intel® Active Monitor\imontray.exe [2002-09-19 32768]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"HPLJ Config"=C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe [2003-03-31 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"NvCplDaemon"=C:\WINNT\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINNT\system32\NvMcTray.dll [2006-08-11 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-01 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-05-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2002-09-09 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-21 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - "C:\WINNT\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-22 20:56:29 ----D---- C:\rsit
2009-05-22 02:10:28 ----D---- C:\Program Files\Avira
2009-05-22 02:10:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-21 20:38:47 ----SHD---- C:\RECYCLER
2009-05-21 20:31:15 ----A---- C:\WINNT\system32\javaws.exe
2009-05-21 20:31:15 ----A---- C:\WINNT\system32\javaw.exe
2009-05-21 20:31:15 ----A---- C:\WINNT\system32\java.exe
2009-05-21 20:31:15 ----A---- C:\WINNT\system32\deploytk.dll
2009-05-21 05:34:23 ----A---- C:\WINNT\system32\wstdecod.dll
2009-05-21 05:34:23 ----A---- C:\WINNT\system32\psisdecd.dll
2009-05-21 05:34:23 ----A---- C:\WINNT\system32\msyuv.dll
2009-05-21 05:34:23 ----A---- C:\WINNT\system32\msvidctl.dll
2009-05-21 05:34:22 ----A---- C:\WINNT\system32\ddraw.dll
2009-05-21 05:34:22 ----A---- C:\WINNT\system32\d3d9.dll
2009-05-21 05:34:22 ----A---- C:\WINNT\system32\d3d8.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\qdvd.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\qdv.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\dxdiagn.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\dxdiag.exe
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\dsound.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\dpwsockx.dll
2009-05-21 05:34:21 ----A---- C:\WINNT\system32\dmusic.dll
2009-05-21 05:34:20 ----A---- C:\WINNT\system32\dxdllreg.exe
2009-05-21 05:34:20 ----A---- C:\WINNT\system32\dplayx.dll
2009-05-21 05:34:20 ----A---- C:\WINNT\system32\dmime.dll
2009-05-20 02:07:47 ----D---- C:\WINNT\temp
2009-05-20 02:06:26 ----A---- C:\ComboFix.txt
2009-05-20 02:02:57 ----D---- C:\Combo-Fix
2009-05-20 01:44:10 ----A---- C:\WINNT\zip.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\vFind.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\SWXCACLS.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\SWSC.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\SWREG.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\sed.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\NIRCMD.exe
2009-05-20 01:44:10 ----A---- C:\WINNT\grep.exe
2009-05-20 01:41:26 ----D---- C:\WINNT\ERDNT
2009-05-20 01:41:17 ----D---- C:\Qoobox
2009-05-04 22:22:34 ----D---- C:\Rooter$
2009-05-04 21:44:51 ----D---- C:\VundoFix Backups
2009-05-03 00:16:44 ----D---- C:\fsaua.data
2009-05-02 23:24:43 ----D---- C:\win~t
2009-05-02 22:43:37 ----D---- C:\Program Files\Trend Micro
2009-05-02 03:26:45 ----D---- C:\!FixIEDef
2009-05-02 03:00:20 ----HDC---- C:\WINNT\$NtUninstallKB952004$
2009-05-01 22:52:18 ----D---- C:\Documents and Settings\dbruce\Application Data\Malwarebytes
2009-05-01 22:52:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-01 22:52:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-01 21:04:28 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-05-01 21:04:28 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-05-01 21:04:28 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-01 21:04:28 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-05-01 03:10:17 ----A---- C:\WINNT\system32\mtxclu.dll
2009-05-01 03:10:17 ----A---- C:\WINNT\system32\msdtcprx.dll
2009-05-01 03:01:03 ----HDC---- C:\WINNT\$NtUninstallKB923561$
2009-05-01 03:00:29 ----HDC---- C:\WINNT\$NtUninstallKB959426$
2009-05-01 02:09:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-30 03:01:58 ----HDC---- C:\WINNT\$NtUninstallKB960803$
2009-04-30 03:00:32 ----HDC---- C:\WINNT\$NtUninstallKB961373_DX9$
2009-04-30 03:00:18 ----HDC---- C:\WINNT\$NtUninstallKB963027-IE6SP1-20090303.120000$

======List of files/folders modified in the last 1 months======

2009-05-22 23:04:53 ----AD---- C:\WINNT\system32
2009-05-22 23:04:31 ----AD---- C:\Program Files\Mozilla Firefox
2009-05-22 21:58:28 ----D---- C:\WINNT\system32\NtmsData
2009-05-22 21:58:12 ----AD---- C:\WINNT\Debug
2009-05-22 21:56:33 ----A---- C:\WINNT\SchedLgU.Txt
2009-05-22 06:43:18 ----AD---- C:\WINNT\security
2009-05-22 02:10:32 ----AD---- C:\WINNT\system32\drivers
2009-05-22 02:10:28 ----RAD---- C:\Program Files
2009-05-21 23:02:01 ----AD---- C:\Program Files\Spybot - Search & Destroy
2009-05-21 21:16:00 ----SHD---- C:\WINNT\CSC
2009-05-21 20:32:35 ----SHD---- C:\WINNT\Installer
2009-05-21 20:30:49 ----AD---- C:\Program Files\Java
2009-05-21 05:34:43 ----RASHDC---- C:\WINNT\system32\dllcache
2009-05-21 05:34:38 ----RASD---- C:\WINNT\Fonts
2009-05-21 05:34:38 ----HD---- C:\WINNT\inf
2009-05-21 05:34:38 ----D---- C:\WINNT\system32\DirectX
2009-05-21 05:34:34 ----AD---- C:\WINNT\Help
2009-05-21 05:34:20 ----AD---- C:\WINNT
2009-05-21 05:34:14 ----HD---- C:\WINNT\msdownld.tmp
2009-05-21 05:32:33 ----D---- C:\WINNT\SoftwareDistribution
2009-05-20 02:05:10 ----A---- C:\WINNT\system.ini
2009-05-20 02:04:41 ----AD---- C:\WINNT\AppPatch
2009-05-20 02:04:40 ----AD---- C:\Program Files\Common Files
2009-05-20 02:03:44 ----SD---- C:\WINNT\Web
2009-05-16 01:19:59 ----AD---- C:\Program Files\Outlook Express
2009-05-16 01:19:59 ----AD---- C:\Program Files\Common Files\System
2009-05-16 01:19:59 ----A---- C:\WINNT\OEWABLog.txt
2009-05-16 01:19:53 ----AD---- C:\Documents and Settings
2009-05-07 03:16:29 ----A---- C:\WINNT\system32\MRT.exe
2009-05-05 23:03:02 ----D---- C:\WINNT\Minidump
2009-05-04 23:21:16 ----AD---- C:\Program Files\SpywareBlaster
2009-05-04 21:55:11 ----A---- C:\WINNT\ntbtlog.txt
2009-05-03 00:16:37 ----SD---- C:\WINNT\Downloaded Program Files
2009-05-02 23:32:56 ----ASH---- C:\boot.ini
2009-05-02 23:29:12 ----AD---- C:\Program Files\SUPERAntiSpyware
2009-05-02 23:22:18 ----AD---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-02 23:21:27 ----ASD---- C:\Documents and Settings\dbruce\Application Data\Microsoft
2009-05-01 21:18:30 ----AD---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 03:32:49 ----HD---- C:\$AVG8.VAULT$
2009-05-01 03:01:24 ----A---- C:\WINNT\imsins.BAK
2009-05-01 02:03:12 ----D---- C:\Documents and Settings\dbruce\Application Data\Mozilla
2009-05-01 00:54:03 ----AD---- C:\Program Files\Common Files\Services

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINNT\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2003-07-24 58000]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2003-07-24 23420]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINNT\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
R2 HPW5ECP;HPW5ECP; C:\WINNT\System32\drivers\HPW5ECP.SYS [1999-12-17 44032]
R2 iSMBIOS;iSMBIOS; \??\C:\WINNT\System32\drivers\iSMBIOS.SYS []
R2 SIODRV;SIODRV; \??\C:\WINNT\System32\drivers\SIODRV.SYS []
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100bnt5.sys [2002-02-25 139536]
R3 itchfltr;iTouch Keyboard Filter; C:\WINNT\system32\DRIVERS\itchfltr.sys [2002-11-14 12640]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
R3 nv;nv; C:\WINNT\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINNT\System32\DRIVERS\smb.sys [2002-02-28 21963]
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2003-06-19 19728]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbhub20;USB 2.0 Root Hub Support; C:\WINNT\System32\DRIVERS\usbhub20.sys [2003-06-19 49776]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2002-09-16 91678]
S1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys []
S2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys []
S2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2002-09-16 71514]
S3 catchme;catchme; \??\C:\DOCUME~1\dbruce\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2002-09-16 79323]
S3 MPE;BDA MPE Filter; C:\WINNT\System32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 imonNT;Intel® Active Monitor; C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe [2002-09-19 102400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\system32\nvsvc32.exe [2006-08-11 155715]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.exe [2002-08-01 65536]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [1999-12-07 7952]

-----------------EOF-----------------
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hi huckster,

Looking better.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINNT\sed.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt Please post that here for further review.

Next

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • Combofix.txt
  • MBAM report

  • 0

#9
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the logs. Also, note that I am getting an error message that reads:
JAVA.EXE - UNABLE TO LOCATE DLL The dynamic link library VERIFY.DLL could not be found in the specified path.

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.0.2195 Service Pack 4

5/27/2009 4:57:07 AM
mbam-log-2009-05-27 (04-57-07).txt

Scan type: Quick Scan
Objects scanned: 175020
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 09-05-25.A2 - dbruce 05/27/2009 4:37:26.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.247.119 [GMT -4:00]
Running from: C:\Documents and Settings\dbruce\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dbruce\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\WINNT\sed.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\sed.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 08:40:07 . 2009-05-27 08:40:07 16384 ----atw C:\WINNT\system32\Perflib_Perfdata_248.dat
2009-05-23 00:56:29 . 2009-05-23 00:56:46 0 d-----w C:\rsit
2009-05-22 06:10:32 . 2008-10-30 14:21:03 75072 ----a-w C:\WINNT\system32\drivers\avipbb.sys
2009-05-22 06:10:30 . 2008-05-09 16:14:43 64448 ----a-w C:\WINNT\system32\drivers\avgntdd.sys
2009-05-22 06:10:30 . 2008-01-21 21:11:27 18496 ----a-w C:\WINNT\system32\drivers\avgntmgr.sys
2009-05-22 06:10:28 . 2009-05-22 06:10:28 0 d-----w C:\Program Files\Avira
2009-05-22 06:10:28 . 2009-05-22 06:10:28 0 d-----w C:\Documents and Settings\All Users\Application Data\Avira
2009-05-22 03:41:13 . 2009-05-27 08:31:44 117760 ----a-w C:\Documents and Settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-21 09:34:23 . 2004-07-09 06:58:48 47104 ----a-w C:\WINNT\system32\wstdecod.dll
2009-05-21 09:31:05 . 2009-05-22 00:34:03 152576 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-20 06:02:57 . 2009-05-20 06:07:49 0 d-----w C:\Combo-Fix
2009-05-16 05:20:23 . 2009-05-16 05:20:23 0 d-----w C:\Documents and Settings\hcrawford\Local Settings\Application Data\Mozilla
2009-05-05 02:22:34 . 2009-05-05 02:22:34 0 d-----w C:\Rooter$
2009-05-05 01:44:51 . 2009-05-05 01:44:51 0 d-----w C:\VundoFix Backups
2009-05-03 04:16:44 . 2009-05-03 04:16:44 0 d-----w C:\fsaua.data
2009-05-03 03:24:43 . 2009-05-03 03:24:43 0 d-----w C:\win~t
2009-05-03 02:43:37 . 2009-05-03 02:43:37 0 d-----w C:\Program Files\Trend Micro
2009-05-02 07:26:45 . 2009-05-02 07:26:45 0 d-----w C:\!FixIEDef
2009-05-02 05:21:32 . 2009-05-22 01:58:16 6144 ----a-w C:\Documents and Settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2009-05-02 05:21:32 . 2009-05-22 01:58:16 22528 ----a-w C:\Documents and Settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2009-05-02 02:52:18 . 2009-05-02 02:52:18 0 d-----w C:\Documents and Settings\dbruce\Application Data\Malwarebytes
2009-05-02 02:52:13 . 2009-04-06 19:32:46 15504 ----a-w C:\WINNT\system32\drivers\mbam.sys
2009-05-02 02:52:11 . 2009-04-06 19:32:54 38496 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
2009-05-02 02:52:10 . 2009-05-02 02:52:10 0 d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-02 02:52:09 . 2009-05-02 02:52:17 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 01:04:28 . 2009-05-02 01:04:29 0 d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-05-02 01:04:28 . 2009-05-02 01:04:29 0 d-----w C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-02 01:04:28 . 2009-05-02 01:04:29 0 d-----w C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-05-02 01:04:28 . 2009-05-02 01:04:28 0 d-----w C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-05-01 07:10:17 . 2008-06-25 12:33:25 728336 ----a-w C:\WINNT\system32\msdtcprx.dll
2009-05-01 07:10:17 . 2008-06-25 12:33:25 52496 ----a-w C:\WINNT\system32\mtxclu.dll
2009-05-01 06:09:59 . 2009-05-05 03:21:19 0 d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 03:02:01 . 2007-03-03 13:15:20 0 d---a-w C:\Program Files\Spybot - Search & Destroy
2009-05-22 00:31:27 . 2009-05-22 00:31:27 57344 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-2836ebf3-n\Decora-SSE.dll
2009-05-22 00:31:27 . 2009-05-22 00:31:27 24064 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-19c5dfb3-n\Decora-D3D.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 499712 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\msvcp71.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 499712 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\jmc.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 348160 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\msvcr71.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 315392 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 20480 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl_awt.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 20480 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-5de6ff59-n\gluegen-rt.dll
2009-05-22 00:31:26 . 2009-05-22 00:31:26 114688 ----a-w C:\Documents and Settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl_cg.dll
2009-05-22 00:30:56 . 2009-05-22 00:31:15 410984 ----a-w C:\WINNT\system32\deploytk.dll
2009-05-22 00:30:49 . 2004-05-05 18:14:31 0 d---a-w C:\Program Files\Java
2009-05-05 03:21:16 . 2007-03-03 13:20:26 0 d---a-w C:\Program Files\SpywareBlaster
2009-05-03 03:29:12 . 2007-03-03 13:30:39 0 d---a-w C:\Program Files\SUPERAntiSpyware
2009-05-03 03:22:18 . 2008-06-20 08:43:36 0 d---a-w C:\Documents and Settings\All Users\Application Data\avg8
2009-05-02 01:18:30 . 2007-03-03 13:15:23 0 d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2003-07-24 19:27:31 . 2003-07-24 19:27:31 21952 ---ha-w C:\Program Files\folder.htt
.

------- Sigcheck -------

[7] 2003-06-19 19:05:04 743184 AFFDA6F602A8F0DBA615279C28B3BDF8 C:\WINNT\$NtUninstallKB835732$\kernel32.dll
[7] 2004-03-24 02:17:04 742160 5E9BB22C56919870FC80444E655F8AF6 C:\WINNT\$NtUninstallKB935839$\kernel32.dll
[-] 2002-08-15 11:34:44 708880 F9A7D38896014E352217AAAE5B01F721 C:\WINNT\$NtUninstallQ328310$\kernel32.dll
[7] 2002-07-22 16:05:04 733968 64BB009C268A573563E71971AC0F8ED7 C:\WINNT\$NtUninstallQ329115$\kernel32.dll
[-] 2002-11-07 19:08:24 708880 726EA72ED9CA5C7E096780089B77A452 C:\WINNT\$NtUninstallQ811493$\kernel32.dll
[7] 2007-04-16 12:44:08 712976 18D623471DE9DCC2CEA310B2F3FBA15A C:\WINNT\$NtUpdateRollupPackUninstall$\kernel32.dll
[7] 2007-04-16 12:44:08 712976 18D623471DE9DCC2CEA310B2F3FBA15A C:\WINNT\Driver Cache\i386\kernel32.dll
[7] 2003-06-19 19:05:04 743184 1E93BDAAE187253D18711DA5C210474A C:\WINNT\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 12:44:08 712976 0AB23B46CCAEBA64D748A5CF79CB4BB6 C:\WINNT\system32\KERNEL32.DLL
[7] 2007-04-16 12:44:08 712976 18D623471DE9DCC2CEA310B2F3FBA15A C:\WINNT\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((( [email protected]_06.05.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-07-25 12:34:35 . 2003-02-17 14:14:34 16896 C:\WINNT\system32\msyuv.dll
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:26 16896 C:\WINNT\system32\msyuv.dll
+ 2009-05-21 09:34:20 . 2002-12-12 04:14:32 46592 C:\WINNT\system32\dxdllreg.exe
- 2003-07-25 12:34:35 . 2003-02-17 14:14:36 18688 C:\WINNT\system32\drivers\wstcodec.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:44 18688 C:\WINNT\system32\drivers\wstcodec.sys
- 2003-07-25 12:34:36 . 2003-02-17 14:14:34 14976 C:\WINNT\system32\drivers\streamip.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:40 14976 C:\WINNT\system32\drivers\streamip.sys
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 48512 C:\WINNT\system32\drivers\stream.sys
+ 2009-05-22 06:10:32 . 2007-03-01 13:34:22 28352 C:\WINNT\system32\drivers\ssmdrv.sys
- 2003-07-25 12:34:36 . 2003-02-17 14:14:34 10880 C:\WINNT\system32\drivers\slip.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:38 10880 C:\WINNT\system32\drivers\slip.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:30 10112 C:\WINNT\system32\drivers\ndisip.sys
- 2003-07-25 12:34:36 . 2003-02-17 14:14:34 10112 C:\WINNT\system32\drivers\ndisip.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:28 83968 C:\WINNT\system32\drivers\nabtsfec.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:34 83968 C:\WINNT\system32\drivers\nabtsfec.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:14 56832 C:\WINNT\system32\drivers\msdv.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:32 56832 C:\WINNT\system32\drivers\msdv.sys
- 2003-07-25 12:34:36 . 2003-02-17 14:14:32 15104 C:\WINNT\system32\drivers\mpe.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:10 15104 C:\WINNT\system32\drivers\mpe.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:32 16384 C:\WINNT\system32\drivers\ccdecode.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:06 16384 C:\WINNT\system32\drivers\ccdecode.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:04 11392 C:\WINNT\system32\drivers\bdasup.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:32 11392 C:\WINNT\system32\drivers\bdasup.sys
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 57856 C:\WINNT\system32\dpwsockx.dll
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 48512 C:\WINNT\system32\dllcache\stream.sys
- 2003-07-24 19:31:39 . 2002-12-04 13:11:00 16896 C:\WINNT\system32\dllcache\msyuv.dll
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:26 16896 C:\WINNT\system32\dllcache\msyuv.dll
- 2003-07-24 19:31:39 . 2002-12-04 13:10:22 56832 C:\WINNT\system32\dllcache\msdv.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:14 56832 C:\WINNT\system32\dllcache\msdv.sys
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 57856 C:\WINNT\system32\dllcache\dpwsockx.dll
- 2003-07-24 19:31:39 . 2002-12-04 13:10:52 16384 C:\WINNT\system32\dllcache\ccdecode.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:06 16384 C:\WINNT\system32\dllcache\ccdecode.sys
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 48512 C:\WINNT\Driver Cache\i386\stream.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:26 16896 C:\WINNT\Driver Cache\i386\msyuv.dll
- 2003-07-25 12:34:35 . 2003-02-17 14:14:34 16896 C:\WINNT\Driver Cache\i386\msyuv.dll
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:14 56832 C:\WINNT\Driver Cache\i386\msdv.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:32 56832 C:\WINNT\Driver Cache\i386\msdv.sys
- 2003-07-25 12:34:35 . 2003-02-17 14:14:32 16384 C:\WINNT\Driver Cache\i386\ccdecode.sys
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:06 16384 C:\WINNT\Driver Cache\i386\ccdecode.sys
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 382976 C:\WINNT\system32\qdvd.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 276480 C:\WINNT\system32\qdv.dll
- 2003-07-25 12:34:36 . 2003-02-17 14:14:34 354816 C:\WINNT\system32\psisdecd.dll
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:34 354816 C:\WINNT\system32\psisdecd.dll
+ 2009-05-21 09:34:23 . 2004-07-09 06:58:08 480256 C:\WINNT\system32\msvidctl.dll
- 2003-07-25 12:34:36 . 2003-02-17 14:14:36 480256 C:\WINNT\system32\msvidctl.dll
+ 2009-05-22 00:31:15 . 2009-05-22 00:30:56 148888 C:\WINNT\system32\javaws.exe
+ 2009-05-22 00:31:15 . 2009-05-22 00:30:56 144792 C:\WINNT\system32\javaw.exe
+ 2009-05-22 00:31:15 . 2009-05-22 00:30:56 144792 C:\WINNT\system32\java.exe
+ 2003-07-24 15:21:13 . 2009-05-22 00:39:57 225616 C:\WINNT\system32\FNTCACHE.DAT
- 2003-07-24 15:21:13 . 2009-04-03 01:04:59 225616 C:\WINNT\system32\FNTCACHE.DAT
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 974848 C:\WINNT\system32\dxdiag.exe
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 363520 C:\WINNT\system32\dsound.dll
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 230400 C:\WINNT\system32\dplayx.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 104448 C:\WINNT\system32\dmusic.dll
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 181248 C:\WINNT\system32\dmime.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 382976 C:\WINNT\system32\dllcache\qdvd.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 276480 C:\WINNT\system32\dllcache\qdv.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 974848 C:\WINNT\system32\dllcache\dxdiag.exe
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 363520 C:\WINNT\system32\dllcache\dsound.dll
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 230400 C:\WINNT\system32\dllcache\dplayx.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 104448 C:\WINNT\system32\dllcache\dmusic.dll
+ 2009-05-21 09:34:20 . 2004-07-09 08:27:28 181248 C:\WINNT\system32\dllcache\dmime.dll
+ 2009-05-21 09:34:22 . 2004-07-09 08:27:28 265728 C:\WINNT\system32\ddraw.dll
+ 2009-05-21 09:34:21 . 2004-07-09 08:27:28 1769472 C:\WINNT\system32\dxdiagn.dll
+ 2009-05-21 09:34:22 . 2004-07-09 08:27:28 1689600 C:\WINNT\system32\d3d9.dll
+ 2009-05-21 09:34:22 . 2004-07-09 08:27:28 1179648 C:\WINNT\system32\d3d8.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 06:22:40 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 21:36:58 90112]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [2002-09-09 04:18:14 155648]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2002-09-09 04:05:52 114688]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 21:33:00 32768]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 21:51:24 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 00:28:28 155648]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 23:32:18 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-05-22 00:30:56 148888]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2006-08-12 01:43:02 7630848]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2006-08-12 01:43:04 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 02:16:38 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 17:28:45 266497]
"Synchronization Manager"="mobsync.exe" - C:\WINNT\system32\mobsync.exe [2003-06-19 19:05:04 111376]
"nwiz"="nwiz.exe" - C:\WINNT\system32\nwiz.exe [2006-08-12 01:43:00 1519616]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-21 06:04:04 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-01 05:51:12 356352 ----a-w C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave1"=
"wave2"=
"wave3"=
"wave4"=
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi1"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer1"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=
"MIDI10"= SYNCOR11.DLL

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53:48 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09:48 PM 55024]
R2 HPW5ECP;HPW5ECP;C:\WINNT\system32\drivers\HPW5ECP.sys [12/17/1999 12:08:00 PM 44032]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51:08 PM 4096]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\drivers\usbhub20.sys [7/24/2003 5:22:55 PM 49776]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINNT\system32\DRIVERS\aswFsBlk.sys --> C:\WINNT\system32\DRIVERS\aswFsBlk.sys [?]
S2 aswMon;avast! Standard Shield Support; [x]

NETSVCS REQUIRES REPAIRS - current entries shown
EventSystem
Ias
Iprip
Irmon
Netman
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
Tapisrv
Ntmssvc
WmdmPmSN
wzcsvc
.
Contents of the 'Scheduled Tasks' folder
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello huckster,

Some bad files to replace now.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\WINNT\$NtUninstallQ329115$\kernel32.dll | C:\WINNT\$NtUninstallQ328310$\kernel32.dll
C:\WINNT\$NtUninstallQ329115$\kernel32.dll | C:\WINNT\$NtUninstallQ811493$\kernel32.dll
C:\WINNT\system32\dllcache\kernel32.dll | C:\WINNT\system32\KERNEL32.DLL

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt Please post that here for further review.
  • 0

Advertisements


#11
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here you go...

ComboFix 09-05-26.05 - dbruce 05/28/2009 1:06.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.247.129 [GMT -4:00]
Running from: c:\documents and settings\dbruce\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dbruce\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\psisdecd.dll
.
---- Previous Run -------
.
c:\winnt\sed.exe

.
--------------- FCopy ---------------

c:\winnt\$NtUninstallQ329115$\kernel32.dll --> c:\winnt\$NtUninstallQ328310$\kernel32.dll
c:\winnt\$NtUninstallQ329115$\kernel32.dll --> c:\winnt\$NtUninstallQ811493$\kernel32.dll
c:\winnt\system32\dllcache\kernel32.dll --> c:\winnt\system32\KERNEL32.DLL
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 05:11 . 2009-05-28 05:11 16384 ----atw c:\winnt\system32\Perflib_Perfdata_224.dat
2009-05-27 08:52 . 2009-05-27 08:52 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-23 00:56 . 2009-05-23 00:56 -------- d-----w C:\rsit
2009-05-22 06:10 . 2008-10-30 14:21 75072 ----a-w c:\winnt\system32\drivers\avipbb.sys
2009-05-22 06:10 . 2008-05-09 16:14 64448 ----a-w c:\winnt\system32\drivers\avgntdd.sys
2009-05-22 06:10 . 2008-01-21 21:11 18496 ----a-w c:\winnt\system32\drivers\avgntmgr.sys
2009-05-22 06:10 . 2009-05-22 06:10 -------- d-----w c:\program files\Avira
2009-05-22 06:10 . 2009-05-22 06:10 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-22 03:41 . 2009-05-27 08:44 117760 ----a-w c:\documents and settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-21 09:34 . 2004-07-09 06:58 47104 ----a-w c:\winnt\system32\wstdecod.dll
2009-05-21 09:31 . 2009-05-22 00:34 152576 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-20 06:02 . 2009-05-20 06:07 -------- d-----w C:\Combo-Fix
2009-05-16 05:20 . 2009-05-16 05:20 -------- d-----w c:\documents and settings\hcrawford\Local Settings\Application Data\Mozilla
2009-05-05 02:22 . 2009-05-05 02:22 -------- d-----w C:\Rooter$
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w C:\VundoFix Backups
2009-05-03 04:16 . 2009-05-03 04:16 -------- d-----w C:\fsaua.data
2009-05-03 03:24 . 2009-05-03 03:24 -------- d-----w C:\win~t
2009-05-03 02:43 . 2009-05-03 02:43 -------- d-----w c:\program files\Trend Micro
2009-05-02 07:26 . 2009-05-02 07:26 -------- d-----w C:\!FixIEDef
2009-05-02 05:21 . 2009-05-22 01:58 6144 ----a-w c:\documents and settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
2009-05-02 05:21 . 2009-05-22 01:58 22528 ----a-w c:\documents and settings\dbruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
2009-05-02 02:52 . 2009-05-02 02:52 -------- d-----w c:\documents and settings\dbruce\Application Data\Malwarebytes
2009-05-02 02:52 . 2009-05-26 17:19 18456 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-05-02 02:52 . 2009-05-26 17:20 40160 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-05-02 02:52 . 2009-05-02 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 02:52 . 2009-05-27 08:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-02 01:04 . 2009-05-02 01:04 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-01 07:10 . 2008-06-25 12:33 728336 ----a-w c:\winnt\system32\msdtcprx.dll
2009-05-01 07:10 . 2008-06-25 12:33 52496 ----a-w c:\winnt\system32\mtxclu.dll
2009-05-01 06:09 . 2009-05-05 03:21 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 03:02 . 2007-03-03 13:15 -------- d---a-w c:\program files\Spybot - Search & Destroy
2009-05-22 00:31 . 2009-05-22 00:31 57344 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-2836ebf3-n\Decora-SSE.dll
2009-05-22 00:31 . 2009-05-22 00:31 24064 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-19c5dfb3-n\Decora-D3D.dll
2009-05-22 00:31 . 2009-05-22 00:31 499712 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\msvcp71.dll
2009-05-22 00:31 . 2009-05-22 00:31 499712 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\jmc.dll
2009-05-22 00:31 . 2009-05-22 00:31 348160 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-72065d07-n\msvcr71.dll
2009-05-22 00:31 . 2009-05-22 00:31 315392 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl.dll
2009-05-22 00:31 . 2009-05-22 00:31 20480 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl_awt.dll
2009-05-22 00:31 . 2009-05-22 00:31 20480 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-5de6ff59-n\gluegen-rt.dll
2009-05-22 00:31 . 2009-05-22 00:31 114688 ----a-w c:\documents and settings\dbruce\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-1bc46313-n\jogl_cg.dll
2009-05-22 00:30 . 2009-05-22 00:31 410984 ----a-w c:\winnt\system32\deploytk.dll
2009-05-22 00:30 . 2004-05-05 18:14 -------- d---a-w c:\program files\Java
2009-05-05 03:21 . 2007-03-03 13:20 -------- d---a-w c:\program files\SpywareBlaster
2009-05-03 03:29 . 2007-03-03 13:30 -------- d---a-w c:\program files\SUPERAntiSpyware
2009-05-03 03:22 . 2008-06-20 08:43 -------- d---a-w c:\documents and settings\All Users\Application Data\avg8
2009-05-02 01:18 . 2007-03-03 13:15 -------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2003-07-24 19:27 . 2003-07-24 19:27 21952 ---ha-w c:\program files\folder.htt
.

((((((((((((((((((((((((((((( SnapShot_2009-05-27_08.43.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-24 22:18 . 2007-04-16 12:44 712976 c:\winnt\system32\dllcache\kernel32.dll
- 2004-08-12 13:55 . 2007-04-16 12:44 712976 c:\winnt\system32\dllcache\kernel32.dll
+ 2003-07-24 19:59 . 2002-07-22 16:05 733968 c:\winnt\$NtUninstallQ811493$\kernel32.dll
+ 2003-07-24 19:59 . 2002-07-22 16:05 733968 c:\winnt\$NtUninstallQ328310$\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2002-09-09 155648]
"HotKeysCmds"="c:\winnt\System32\hkcmd.exe" [2002-09-09 114688]
"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-08-12 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]
"nwiz"="nwiz.exe" - c:\winnt\system32\nwiz.exe [2006-08-12 1519616]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-01 05:51 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= mmdrv.dll
"wave1"=
"wave2"=
"wave3"=
"wave4"=
"wave5"=
"wave6"=
"wave7"=
"wave8"=
"wave9"=
"midi1"=
"midi2"=
"midi3"=
"midi4"=
"midi5"=
"midi6"=
"midi7"=
"midi8"=
"midi9"=
"aux1"=
"aux2"=
"aux3"=
"aux4"=
"aux5"=
"aux6"=
"aux7"=
"aux8"=
"aux9"=
"mixer1"=
"mixer2"=
"mixer3"=
"mixer4"=
"mixer5"=
"mixer6"=
"mixer7"=
"mixer8"=
"mixer9"=
"MIDI10"= SYNCOR11.DLL

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/9/2007 3:09 PM 55024]
R2 HPW5ECP;HPW5ECP;c:\winnt\system32\drivers\HPW5ECP.sys [12/17/1999 12:08 PM 44032]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/24/2003 5:22 PM 49776]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\winnt\system32\DRIVERS\aswFsBlk.sys --> c:\winnt\system32\DRIVERS\aswFsBlk.sys [?]
S2 aswMon;avast! Standard Shield Support; [x]
.
Contents of the 'Scheduled Tasks' folder

2003-08-11 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-24 13:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\msafd.dll
TCP: {17DB21D9-0F58-4565-893F-96144FC0758A} = 168.192.2.26,206.141.193.55
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dbruce\Application Data\Mozilla\Firefox\Profiles\qqgf7prb.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 01:18
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(200)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1420)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
c:\program files\Logitech\iTouch\iTchHk.dll
.
Completion time: 2009-05-28 1:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 05:23
ComboFix2.txt 2009-05-20 06:06

Pre-Run: 14,492,151,808 bytes free
Post-Run: 14,480,478,208 bytes free

197 --- E O F --- 2009-05-18 07:01
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello huckster,

Hmm...interesting, I think Combofix might have removed a couple of legitimate files there. No problem though because I think they will regenerated automatically. If you have a problem we can restore them.

Now

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
  • 0

#13
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here you go.... (again, thanks for your help)
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 29, 2009
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 28, 2009 14:26:36
Records in database: 2265298
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 36751
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:15:39

No malware has been detected. The scan area is clean.

The selected area was scanned.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
How is your computer performing now?
  • 0

#15
huckster

huckster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am still getting the error with javaw.exe - unable to locate dll. The dynamic link library verify.dll could not be found in the specified path.
I also got an error with superantispyware, it won't load. So I uninstalled it and I am going to re-install it.
I get an error with application module, I uploaded the window. It has something to do with ccgen.dll, so it won't start the AVGNT.EXE.
Any thoughts?

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP