Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows System Defender


  • Please log in to reply

#1
bigrobstank

bigrobstank

    New Member

  • Member
  • Pip
  • 1 posts
Hello. On my Vista 32 laptop I have Windows System Defender, but a few issues.

First, I've run Malwarebytes and Super Anti-Spyware, the former gets 700+ errors, the later 23. The problem, I think, is Malwarebytes needs to restart and run to finish the cleanup, but for some reason the (or a bogus) user account control stops it from running without my clicking about, so I don't think it's finishing the cleanup.

I also can't open task manager to stop any processes I may need to.

Hijackthis and Combofix logs below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:20 AM, on 10/25/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\a97cd\WS5c8.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Robert\Downloads\sdsetup_aff.exe
C:\Users\Robert\AppData\Local\Temp\is-NP34V.tmp\sdsetup_aff.tmp
C:\Users\Robert\Downloads\sdsetup_aff.exe
C:\Users\Robert\AppData\Local\Temp\is-BKVJD.tmp\sdsetup_aff.tmp
C:\Users\Robert\AppData\Local\Temp\is-KSBTP.tmp\iMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Robert\AppData\Local\Temp\is-KSBTP.tmp\bdinstall.exe
C:\Users\Robert\AppData\Local\Temp\is-06PPV.tmp\bdinstall.tmp
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarse...om/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.starbarse...om/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [winhelper] "C:\WINDOWS\Battle_toads.swf.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Windows System Defender] "C:\ProgramData\a97cd\WS5c8.exe" /s /d
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Windows System Defender] "C:\ProgramData\a97cd\WS5c8.exe" /s /d
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...20Installer.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10233 bytes


ComboFix 09-10-24.01 - Robert 10/25/2009 0:33.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1237 [GMT -7:00]
Running from: c:\users\Robert\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1201 [VPS 091024-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Windows System Defender *On-access scanning enabled* (Updated) {856F1698-233D-4E67-9C59-EFDB1188F0C6}
AV: Windows System Defender *On-access scanning enabled* (Updated) {CF3DAEFC-2E46-437B-956A-F95025AA697F}
FW: Windows System Defender *enabled* {8AEB2EB9-61CE-42D8-B0FC-B6BD5350836C}
FW: Windows System Defender *enabled* {98F6E61A-65DE-45D3-9945-265656AC616D}
SP: avast! antivirus 4.8.1201 [VPS 091024-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2521496874-4130303062-3423768993-500
c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System Defender.lnk
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Windows System Defender.lnk
c:\windows\System32\41.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 07:44 . 2009-10-25 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-25 07:13 . 2009-10-25 07:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-25 07:13 . 2009-10-25 07:13 -------- d-----w- c:\users\Robert\AppData\Roaming\PC Tools
2009-10-25 07:13 . 2009-10-25 07:13 -------- d-----w- c:\programdata\PC Tools
2009-10-25 06:21 . 2009-10-25 06:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-25 06:21 . 2009-10-25 06:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 06:21 . 2009-10-25 06:21 -------- d-----w- c:\users\Robert\AppData\Roaming\SUPERAntiSpyware.com
2009-10-25 00:46 . 2009-10-25 06:13 -------- d-sh--w- c:\programdata\a97cd
2009-10-25 00:46 . 2009-10-25 00:47 -------- d-sh--w- c:\users\Robert\AppData\Roaming\Windows System Defender
2009-10-25 00:46 . 2009-10-25 00:46 -------- d-sh--w- c:\programdata\WSDDSys
2009-10-18 23:09 . 2009-10-18 23:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-18 23:09 . 2009-10-18 23:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-18 23:09 . 2009-10-18 23:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-18 23:06 . 2009-10-18 23:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-18 23:05 . 2009-10-18 23:13 -------- d-----w- c:\users\Robert\AppData\Roaming\DAEMON Tools Lite
2009-10-18 23:04 . 2009-10-18 23:04 -------- d-----w- c:\users\Robert\AppData\Roaming\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 07:28 . 2009-08-26 00:23 -------- d-----w- c:\users\Robert\AppData\Roaming\Skype
2009-10-06 23:31 . 2009-10-25 07:13 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-03 15:54 . 2007-11-26 20:11 97720 ----a-w- c:\users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-02 21:19 . 2009-10-25 07:17 1152470 ----a-w- c:\windows\UDB.zip
2009-09-24 15:55 . 2009-10-25 07:13 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-24 15:55 . 2009-10-25 07:13 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 23:10 . 2009-10-25 07:13 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-16 10:20 . 2009-10-25 07:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 13:20 . 2009-10-25 07:13 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 09:12 . 2009-10-25 07:13 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 08:01 . 2009-10-25 07:13 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-13 17:17 . 2009-08-17 04:05 -------- d-----w- c:\program files\PCStitch 7
2009-09-10 21:54 . 2009-03-25 14:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-25 14:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 16:45 . 2009-10-25 07:13 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 03:14 . 2008-11-28 21:39 -------- d-----w- c:\program files\Diablo II
2009-08-17 04:06 . 2009-08-17 04:06 42 ----a-w- c:\windows\PCSPATS.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"Google Update"="c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-04 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"winhelper"="c:\windows\Battle_toads.swf.exe" [2008-11-30 3667906]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"Windows System Defender"="c:\programdata\a97cd\WS5c8.exe" [2009-10-25 2202624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-23 1243088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10/25/2009 12:13 AM 207280]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/20/2008 7:58 PM 78416]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/20/2008 7:58 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/26/2007 1:40 PM 50768]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/25/2009 12:17 AM 112592]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2/17/2007 7:31 AM 74384]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2521496874-4130303062-3423768993-1000Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 01:14]

2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2521496874-4130303062-3423768993-1000UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
Trusted Zone: intuit.com
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\sndvcv1u.default\
FF - prefs.js: browser.startup.homepage -
FF - component: c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\sndvcv1u.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}\components\daff.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Robert\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{E53D6CAE-1EE0-4205-82C1-41032BBE9C87} - (no file)
HKCU-Run-Aim6 - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 00:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-25 0:48
ComboFix-quarantined-files.txt 2009-10-25 07:48

Pre-Run: 60,723,273,728 bytes free
Post-Run: 60,873,347,072 bytes free

- - End Of File - - BBCF4EA545A1ABBA3269E7264711D0D8


Your help is immensely appreciated in advance.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP