 |  |  |  |  |  |  |  |
Windows Vista and A Virus?
 |  View First Unread |
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 754
0
#11 18 Days Ago
Rootkit activity. Not good. Let's run another tool and see what else may be lurking.
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
==
What anti-virus are you running? I see AVG in the log, but not in the running processes.
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
==
What anti-virus are you running? I see AVG in the log, but not in the running processes.
Last edited by crunchie; 18 Days Ago at 7:15 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#12 18 Days Ago
Avg daily but it has stopped working at all, won't even open now, began this week, starting the combo fix now, thank you
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#13 18 Days Ago
Combofix Log...
ComboFix 09-11-05.01 - Auberey 11/05/2009 19:10:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1055 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 00:21:35 . 2009-11-06 00:26:07 0 d-----w- C:\Users\Auberey\AppData\Local\temp
2009-11-06 00:21:35 . 2009-11-06 00:21:35 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-11-05 22:36:21 . 2009-11-05 22:36:21 0 d-----w- C:\Program Files\Trend Micro
2009-11-05 21:19:51 . 2009-11-05 21:19:51 0 d-----w- C:\Users\Auberey\AppData\Roaming\Malwarebytes
2009-11-05 21:19:47 . 2009-09-10 19:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-11-05 21:19:45 . 2009-11-05 21:19:50 4096 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-05 21:19:45 . 2009-11-05 21:19:45 0 d-----w- C:\ProgramData\Malwarebytes
2009-11-05 21:19:45 . 2009-09-10 19:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-11-05 02:52:16 . 2009-11-05 02:52:16 0 d-----w- C:\Program Files\ESET
2009-11-05 00:07:36 . 2009-09-10 14:58:28 310784 ----a-w- C:\Windows\system32\unregmp2.exe
2009-11-05 00:07:33 . 2009-09-10 14:59:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-11-04 18:40:53 . 2009-08-07 02:24:08 44768 ----a-w- C:\Windows\system32\wups2.dll
2009-11-04 18:40:53 . 2009-08-07 02:24:04 53472 ----a-w- C:\Windows\system32\wuauclt.exe
2009-11-04 18:40:53 . 2009-08-07 02:23:45 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
2009-11-04 18:40:53 . 2009-08-07 01:45:15 2421760 ----a-w- C:\Windows\system32\wucltux.dll
2009-11-04 18:40:36 . 2009-08-07 02:24:09 35552 ----a-w- C:\Windows\system32\wups.dll
2009-11-04 18:40:36 . 2009-08-07 02:23:52 575704 ----a-w- C:\Windows\system32\wuapi.dll
2009-11-04 18:40:36 . 2009-08-07 01:44:40 87552 ----a-w- C:\Windows\system32\wudriver.dll
2009-11-04 18:40:20 . 2009-08-07 00:23:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
2009-11-04 18:40:20 . 2009-08-06 23:44:46 33792 ----a-w- C:\Windows\system32\wuapp.exe
2009-11-01 01:54:23 . 2009-11-01 01:54:41 0 d-----w- C:\$AVG
2009-11-01 01:53:23 . 2009-11-01 01:53:26 0 d-----w- C:\ProgramData\avg9
2009-10-21 12:38:04 . 2009-10-06 12:15:57 2064152 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-10-21 11:37:58 . 2009-10-21 11:40:05 0 d-----w- C:\Windows\system32\ca-ES
2009-10-21 11:37:58 . 2009-10-21 11:39:58 0 d-----w- C:\Windows\system32\eu-ES
2009-10-21 11:37:55 . 2009-10-21 11:39:55 0 d-----w- C:\Windows\system32\vi-VN
2009-10-21 11:15:46 . 2009-10-21 11:15:46 0 d-----w- C:\Windows\system32\EventProviders
2009-10-20 17:12:59 . 2009-04-11 06:28:22 406528 ----a-w- C:\Windows\system32\msvcp60.dll
2009-10-20 17:11:59 . 2009-04-11 06:28:26 177664 ----a-w- C:\Windows\system32\WSDMon.dll
2009-10-20 17:10:45 . 2009-04-11 06:28:18 247808 ----a-w- C:\Windows\system32\drvstore.dll
2009-10-20 16:39:05 . 2009-09-10 16:48:01 218624 ----a-w- C:\Windows\system32\msv1_0.dll
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-10-20 16:33:06 . 2009-09-04 11:41:59 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-10-20 16:32:46 . 2009-09-14 09:29:50 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-10-20 16:30:40 . 2009-05-08 12:53:00 604672 ----a-w- C:\Windows\system32\WMSPDMOD.DLL
2009-10-20 16:23:46 . 2009-10-01 14:29:14 195440 ----a-w- C:\Windows\system32\MpSigStub.exe
2009-10-20 15:47:24 . 2009-10-20 15:47:24 3584 ----a-r- C:\Users\Auberey\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-10-20 15:47:23 . 2009-10-20 15:47:23 0 d-----w- C:\Program Files\Windows Installer Clean Up
2009-10-20 15:47:00 . 2009-10-20 15:47:00 0 d-----w- C:\Program Files\MSECACHE
2009-10-20 15:28:10 . 2009-10-20 15:28:11 86016 ----a-w- C:\ProgramData\NOS\Adobe_Downloads\arh.exe
2009-10-17 12:50:49 . 2009-10-06 12:15:53 2023704 ----a-w- C:\ProgramData\avg8\update\backup\avgtray.exe
2009-10-07 13:59:27 . 2009-10-06 12:15:05 1142552 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 00:25:06 . 2008-12-31 22:47:11 0 d-----w- C:\Users\Auberey\AppData\Roaming\WTablet
2009-11-04 23:57:55 . 2009-03-23 03:34:02 117760 ----a-w- C:\Users\Auberey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 13:17:33 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1304)
2009-11-04 12:41:39 . 2009-04-20 14:00:48 1356 ----a-w- C:\Users\Auberey\AppData\Local\d3d9caps.dat
2009-11-04 03:27:17 . 2008-09-18 16:04:06 4096 d-----w- C:\Program Files\Common Files\Adobe
2009-11-01 21:22:39 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1318)
2009-11-01 19:55:59 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1048)
2009-11-01 19:17:28 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1132)
2009-11-01 01:53:26 . 2008-09-17 13:09:58 0 d-----w- C:\Program Files\AVG
2009-10-21 11:40:50 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-10-21 11:40:50 . 2006-11-02 11:18:33 4096 d-----w- C:\Program Files\Windows Mail
2009-10-21 11:40:48 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Sidebar
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Journal
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Collaboration
2009-10-21 11:40:43 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Photo Gallery
2009-10-21 11:40:37 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Defender
2009-10-21 11:37:46 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-10-21 11:35:20 . 2009-10-21 11:35:20 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 15:52:39 . 2008-09-18 16:00:14 4096 d-----w- C:\ProgramData\NOS
2009-10-17 14:56:10 . 2008-09-17 13:11:52 4096 d-----w- C:\Program Files\SUPERAntiSpyware
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-09-26 18:45:18 . 2009-09-25 01:49:22 126970 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\uninstall.exe
2009-09-26 18:45:18 . 2009-08-03 21:48:42 4187512 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 01:49:21 . 2009-06-16 06:35:40 4183416 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-09-18 03:47:05 . 2009-09-18 03:47:03 45 ----a-w- C:\Users\Auberey\jagex_runescape_preferences2.dat
2009-09-18 03:47:05 . 2009-09-18 03:46:04 37 ----a-w- C:\Users\Auberey\jagex_runescape_preferences.dat
2009-09-09 23:19:37 . 2008-09-17 10:18:53 4096 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-07 22:33:39 . 2009-09-07 22:33:39 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-07 19:53:36 . 2006-11-02 10:32:57 101888 ----a-w- C:\Windows\system32\ifxcardm.dll
2009-09-07 19:53:33 . 2006-11-02 10:32:57 82432 ----a-w- C:\Windows\system32\axaltocm.dll
2009-09-07 19:36:16 . 2008-11-22 05:57:23 4096 d-----w- C:\Program Files\Java
2009-09-07 18:45:30 . 2009-09-07 18:45:30 0 d-----w- C:\Users\Auberey\AppData\Roaming\PeerNetworking
2009-08-29 00:27:49 . 2009-09-02 23:20:59 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 . 2009-09-02 23:20:57 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 . 2009-10-20 16:38:11 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-08-27 03:42:29 . 2009-10-20 16:38:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-08-26 16:43:18 . 2008-09-16 21:34:43 140960 ----a-w- C:\Users\Auberey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 03:33:52 . 2009-08-18 03:33:52 1193832 ----a-w- C:\Windows\system32\FM20.DLL
2009-08-15 12:36:06 . 2009-02-02 14:48:34 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-08-15 12:36:05 . 2008-09-17 13:10:05 335240 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-08-15 12:36:05 . 2008-09-17 13:10:01 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-08-14 16:27:34 . 2009-09-09 17:40:55 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 15:53:34 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 13:49:20 . 2009-09-09 17:40:51 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 13:49:15 . 2009-09-09 17:40:52 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:52 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:51 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 13:49:13 . 2009-09-09 17:40:51 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 13:48:21 . 2009-09-09 17:40:54 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48:02 . 2009-09-09 17:40:54 105984 ----a-w- C:\Windows\system32\netiohlp.dll
2009-01-13 20:56:45 . 2009-01-06 22:43:10 88 --sh--r- C:\Windows\System32\46F4CA0B28.sys
2009-01-13 20:59:34 . 2009-01-06 22:43:10 952 --sha-w- C:\Windows\System32\KGyGaAvL.sys
2009-06-19 19:15:45 . 2009-06-19 19:15:45 8975 --sh--w- C:\Windows\System32\vudigoyi.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55:58 1090816 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 12:42:59 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 18:01:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 18:01:26 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 18:01:30 133656]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 06:12:02 483328]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 19:53:56 1312080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-19 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 13:57:20 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 14:36:54 73728 ----a-w- C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,a8,99,f1,43,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4215972033-1050644244-1932678965-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [9/17/2008 8:10:05 AM 335240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07:14 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07:12 PM 74480]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [10/2/2008 9:01:13 PM 93544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [5/7/2009 6:11:20 PM 1153368]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [12/31/2008 5:43:14 PM 1373480]
R3 ti21sony;ti21sony;C:\Windows\System32\drivers\ti21sony.sys [9/16/2008 9:48:44 PM 227328]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 8:20:45 AM 297752]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [10/20/2008 11:20:30 AM 61440]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe [10/20/2008 11:19:39 AM 2711312]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [9/5/2009 6:17:46 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48:42 PM 704864]
S3 getPlus(R) Installer;getPlus(R) Installer;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [8/16/2009 5:24:57 PM 59552]
S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe -k getPlusHelper [9/18/2008 7:24:33 AM 21504]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07:16 PM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 C:\Windows\Tasks\NSSstub.job
- C:\Windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-03 04:24:24 . 2009-01-03 04:24:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll
AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
ComboFix 09-11-05.01 - Auberey 11/05/2009 19:10:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1055 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 00:21:35 . 2009-11-06 00:26:07 0 d-----w- C:\Users\Auberey\AppData\Local\temp
2009-11-06 00:21:35 . 2009-11-06 00:21:35 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-11-05 22:36:21 . 2009-11-05 22:36:21 0 d-----w- C:\Program Files\Trend Micro
2009-11-05 21:19:51 . 2009-11-05 21:19:51 0 d-----w- C:\Users\Auberey\AppData\Roaming\Malwarebytes
2009-11-05 21:19:47 . 2009-09-10 19:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-11-05 21:19:45 . 2009-11-05 21:19:50 4096 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-05 21:19:45 . 2009-11-05 21:19:45 0 d-----w- C:\ProgramData\Malwarebytes
2009-11-05 21:19:45 . 2009-09-10 19:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-11-05 02:52:16 . 2009-11-05 02:52:16 0 d-----w- C:\Program Files\ESET
2009-11-05 00:07:36 . 2009-09-10 14:58:28 310784 ----a-w- C:\Windows\system32\unregmp2.exe
2009-11-05 00:07:33 . 2009-09-10 14:59:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-11-04 18:40:53 . 2009-08-07 02:24:08 44768 ----a-w- C:\Windows\system32\wups2.dll
2009-11-04 18:40:53 . 2009-08-07 02:24:04 53472 ----a-w- C:\Windows\system32\wuauclt.exe
2009-11-04 18:40:53 . 2009-08-07 02:23:45 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
2009-11-04 18:40:53 . 2009-08-07 01:45:15 2421760 ----a-w- C:\Windows\system32\wucltux.dll
2009-11-04 18:40:36 . 2009-08-07 02:24:09 35552 ----a-w- C:\Windows\system32\wups.dll
2009-11-04 18:40:36 . 2009-08-07 02:23:52 575704 ----a-w- C:\Windows\system32\wuapi.dll
2009-11-04 18:40:36 . 2009-08-07 01:44:40 87552 ----a-w- C:\Windows\system32\wudriver.dll
2009-11-04 18:40:20 . 2009-08-07 00:23:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
2009-11-04 18:40:20 . 2009-08-06 23:44:46 33792 ----a-w- C:\Windows\system32\wuapp.exe
2009-11-01 01:54:23 . 2009-11-01 01:54:41 0 d-----w- C:\$AVG
2009-11-01 01:53:23 . 2009-11-01 01:53:26 0 d-----w- C:\ProgramData\avg9
2009-10-21 12:38:04 . 2009-10-06 12:15:57 2064152 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-10-21 11:37:58 . 2009-10-21 11:40:05 0 d-----w- C:\Windows\system32\ca-ES
2009-10-21 11:37:58 . 2009-10-21 11:39:58 0 d-----w- C:\Windows\system32\eu-ES
2009-10-21 11:37:55 . 2009-10-21 11:39:55 0 d-----w- C:\Windows\system32\vi-VN
2009-10-21 11:15:46 . 2009-10-21 11:15:46 0 d-----w- C:\Windows\system32\EventProviders
2009-10-20 17:12:59 . 2009-04-11 06:28:22 406528 ----a-w- C:\Windows\system32\msvcp60.dll
2009-10-20 17:11:59 . 2009-04-11 06:28:26 177664 ----a-w- C:\Windows\system32\WSDMon.dll
2009-10-20 17:10:45 . 2009-04-11 06:28:18 247808 ----a-w- C:\Windows\system32\drvstore.dll
2009-10-20 16:39:05 . 2009-09-10 16:48:01 218624 ----a-w- C:\Windows\system32\msv1_0.dll
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-10-20 16:33:06 . 2009-09-04 11:41:59 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-10-20 16:32:46 . 2009-09-14 09:29:50 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-10-20 16:30:40 . 2009-05-08 12:53:00 604672 ----a-w- C:\Windows\system32\WMSPDMOD.DLL
2009-10-20 16:23:46 . 2009-10-01 14:29:14 195440 ----a-w- C:\Windows\system32\MpSigStub.exe
2009-10-20 15:47:24 . 2009-10-20 15:47:24 3584 ----a-r- C:\Users\Auberey\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-10-20 15:47:23 . 2009-10-20 15:47:23 0 d-----w- C:\Program Files\Windows Installer Clean Up
2009-10-20 15:47:00 . 2009-10-20 15:47:00 0 d-----w- C:\Program Files\MSECACHE
2009-10-20 15:28:10 . 2009-10-20 15:28:11 86016 ----a-w- C:\ProgramData\NOS\Adobe_Downloads\arh.exe
2009-10-17 12:50:49 . 2009-10-06 12:15:53 2023704 ----a-w- C:\ProgramData\avg8\update\backup\avgtray.exe
2009-10-07 13:59:27 . 2009-10-06 12:15:05 1142552 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 00:25:06 . 2008-12-31 22:47:11 0 d-----w- C:\Users\Auberey\AppData\Roaming\WTablet
2009-11-04 23:57:55 . 2009-03-23 03:34:02 117760 ----a-w- C:\Users\Auberey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 13:17:33 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1304)
2009-11-04 12:41:39 . 2009-04-20 14:00:48 1356 ----a-w- C:\Users\Auberey\AppData\Local\d3d9caps.dat
2009-11-04 03:27:17 . 2008-09-18 16:04:06 4096 d-----w- C:\Program Files\Common Files\Adobe
2009-11-01 21:22:39 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1318)
2009-11-01 19:55:59 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1048)
2009-11-01 19:17:28 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1132)
2009-11-01 01:53:26 . 2008-09-17 13:09:58 0 d-----w- C:\Program Files\AVG
2009-10-21 11:40:50 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-10-21 11:40:50 . 2006-11-02 11:18:33 4096 d-----w- C:\Program Files\Windows Mail
2009-10-21 11:40:48 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Sidebar
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Journal
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Collaboration
2009-10-21 11:40:43 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Photo Gallery
2009-10-21 11:40:37 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Defender
2009-10-21 11:37:46 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-10-21 11:35:20 . 2009-10-21 11:35:20 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 15:52:39 . 2008-09-18 16:00:14 4096 d-----w- C:\ProgramData\NOS
2009-10-17 14:56:10 . 2008-09-17 13:11:52 4096 d-----w- C:\Program Files\SUPERAntiSpyware
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-09-26 18:45:18 . 2009-09-25 01:49:22 126970 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\uninstall.exe
2009-09-26 18:45:18 . 2009-08-03 21:48:42 4187512 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 01:49:21 . 2009-06-16 06:35:40 4183416 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-09-18 03:47:05 . 2009-09-18 03:47:03 45 ----a-w- C:\Users\Auberey\jagex_runescape_preferences2.dat
2009-09-18 03:47:05 . 2009-09-18 03:46:04 37 ----a-w- C:\Users\Auberey\jagex_runescape_preferences.dat
2009-09-09 23:19:37 . 2008-09-17 10:18:53 4096 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-07 22:33:39 . 2009-09-07 22:33:39 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-07 19:53:36 . 2006-11-02 10:32:57 101888 ----a-w- C:\Windows\system32\ifxcardm.dll
2009-09-07 19:53:33 . 2006-11-02 10:32:57 82432 ----a-w- C:\Windows\system32\axaltocm.dll
2009-09-07 19:36:16 . 2008-11-22 05:57:23 4096 d-----w- C:\Program Files\Java
2009-09-07 18:45:30 . 2009-09-07 18:45:30 0 d-----w- C:\Users\Auberey\AppData\Roaming\PeerNetworking
2009-08-29 00:27:49 . 2009-09-02 23:20:59 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 . 2009-09-02 23:20:57 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 . 2009-10-20 16:38:11 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-08-27 03:42:29 . 2009-10-20 16:38:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-08-26 16:43:18 . 2008-09-16 21:34:43 140960 ----a-w- C:\Users\Auberey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 03:33:52 . 2009-08-18 03:33:52 1193832 ----a-w- C:\Windows\system32\FM20.DLL
2009-08-15 12:36:06 . 2009-02-02 14:48:34 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-08-15 12:36:05 . 2008-09-17 13:10:05 335240 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-08-15 12:36:05 . 2008-09-17 13:10:01 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-08-14 16:27:34 . 2009-09-09 17:40:55 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 15:53:34 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 13:49:20 . 2009-09-09 17:40:51 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 13:49:15 . 2009-09-09 17:40:52 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:52 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:51 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 13:49:13 . 2009-09-09 17:40:51 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 13:48:21 . 2009-09-09 17:40:54 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48:02 . 2009-09-09 17:40:54 105984 ----a-w- C:\Windows\system32\netiohlp.dll
2009-01-13 20:56:45 . 2009-01-06 22:43:10 88 --sh--r- C:\Windows\System32\46F4CA0B28.sys
2009-01-13 20:59:34 . 2009-01-06 22:43:10 952 --sha-w- C:\Windows\System32\KGyGaAvL.sys
2009-06-19 19:15:45 . 2009-06-19 19:15:45 8975 --sh--w- C:\Windows\System32\vudigoyi.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55:58 1090816 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 12:42:59 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 18:01:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 18:01:26 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 18:01:30 133656]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 06:12:02 483328]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 19:53:56 1312080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-19 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 13:57:20 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 14:36:54 73728 ----a-w- C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,a8,99,f1,43,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4215972033-1050644244-1932678965-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [9/17/2008 8:10:05 AM 335240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07:14 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07:12 PM 74480]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [10/2/2008 9:01:13 PM 93544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [5/7/2009 6:11:20 PM 1153368]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [12/31/2008 5:43:14 PM 1373480]
R3 ti21sony;ti21sony;C:\Windows\System32\drivers\ti21sony.sys [9/16/2008 9:48:44 PM 227328]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 8:20:45 AM 297752]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [10/20/2008 11:20:30 AM 61440]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe [10/20/2008 11:19:39 AM 2711312]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [9/5/2009 6:17:46 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48:42 PM 704864]
S3 getPlus(R) Installer;getPlus(R) Installer;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [8/16/2009 5:24:57 PM 59552]
S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe -k getPlusHelper [9/18/2008 7:24:33 AM 21504]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07:16 PM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 C:\Windows\Tasks\NSSstub.job
- C:\Windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-03 04:24:24 . 2009-01-03 04:24:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll
AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#14 18 Days Ago
HJT Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:11 PM, on 11/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.mofunzone.com/popups/downhill_jam.shtml"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1255708832175
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos...ineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...PUplden-us.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11148 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:11 PM, on 11/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.mofunzone.com/popups/downhill_jam.shtml"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1255708832175
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos...ineScanner.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...PUplden-us.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11148 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
0
#15 18 Days Ago
Your combofix log was incomplete. Please post the entire log.
==
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
C:\Windows\System32\vudigoyi.exe
==
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
C:\Windows\System32\vudigoyi.exe
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#16 18 Days Ago
because I could not open AVG I went through Security in the control panel and it was turned off, I turned off all security programs but the combofix log says that it was still running. No idea what is going on with it.
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#17 18 Days Ago
ComboFix 09-11-05.01 - Auberey 11/05/2009 19:10:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1055 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 00:21:35 . 2009-11-06 00:26:07 0 d-----w- C:\Users\Auberey\AppData\Local\temp
2009-11-06 00:21:35 . 2009-11-06 00:21:35 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-11-05 22:36:21 . 2009-11-05 22:36:21 0 d-----w- C:\Program Files\Trend Micro
2009-11-05 21:19:51 . 2009-11-05 21:19:51 0 d-----w- C:\Users\Auberey\AppData\Roaming\Malwarebytes
2009-11-05 21:19:47 . 2009-09-10 19:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-11-05 21:19:45 . 2009-11-05 21:19:50 4096 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-05 21:19:45 . 2009-11-05 21:19:45 0 d-----w- C:\ProgramData\Malwarebytes
2009-11-05 21:19:45 . 2009-09-10 19:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-11-05 02:52:16 . 2009-11-05 02:52:16 0 d-----w- C:\Program Files\ESET
2009-11-05 00:07:36 . 2009-09-10 14:58:28 310784 ----a-w- C:\Windows\system32\unregmp2.exe
2009-11-05 00:07:33 . 2009-09-10 14:59:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-11-04 18:40:53 . 2009-08-07 02:24:08 44768 ----a-w- C:\Windows\system32\wups2.dll
2009-11-04 18:40:53 . 2009-08-07 02:24:04 53472 ----a-w- C:\Windows\system32\wuauclt.exe
2009-11-04 18:40:53 . 2009-08-07 02:23:45 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
2009-11-04 18:40:53 . 2009-08-07 01:45:15 2421760 ----a-w- C:\Windows\system32\wucltux.dll
2009-11-04 18:40:36 . 2009-08-07 02:24:09 35552 ----a-w- C:\Windows\system32\wups.dll
2009-11-04 18:40:36 . 2009-08-07 02:23:52 575704 ----a-w- C:\Windows\system32\wuapi.dll
2009-11-04 18:40:36 . 2009-08-07 01:44:40 87552 ----a-w- C:\Windows\system32\wudriver.dll
2009-11-04 18:40:20 . 2009-08-07 00:23:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
2009-11-04 18:40:20 . 2009-08-06 23:44:46 33792 ----a-w- C:\Windows\system32\wuapp.exe
2009-11-01 01:54:23 . 2009-11-01 01:54:41 0 d-----w- C:\$AVG
2009-11-01 01:53:23 . 2009-11-01 01:53:26 0 d-----w- C:\ProgramData\avg9
2009-10-21 12:38:04 . 2009-10-06 12:15:57 2064152 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-10-21 11:37:58 . 2009-10-21 11:40:05 0 d-----w- C:\Windows\system32\ca-ES
2009-10-21 11:37:58 . 2009-10-21 11:39:58 0 d-----w- C:\Windows\system32\eu-ES
2009-10-21 11:37:55 . 2009-10-21 11:39:55 0 d-----w- C:\Windows\system32\vi-VN
2009-10-21 11:15:46 . 2009-10-21 11:15:46 0 d-----w- C:\Windows\system32\EventProviders
2009-10-20 17:12:59 . 2009-04-11 06:28:22 406528 ----a-w- C:\Windows\system32\msvcp60.dll
2009-10-20 17:11:59 . 2009-04-11 06:28:26 177664 ----a-w- C:\Windows\system32\WSDMon.dll
2009-10-20 17:10:45 . 2009-04-11 06:28:18 247808 ----a-w- C:\Windows\system32\drvstore.dll
2009-10-20 16:39:05 . 2009-09-10 16:48:01 218624 ----a-w- C:\Windows\system32\msv1_0.dll
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-10-20 16:33:06 . 2009-09-04 11:41:59 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-10-20 16:32:46 . 2009-09-14 09:29:50 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-10-20 16:30:40 . 2009-05-08 12:53:00 604672 ----a-w- C:\Windows\system32\WMSPDMOD.DLL
2009-10-20 16:23:46 . 2009-10-01 14:29:14 195440 ----a-w- C:\Windows\system32\MpSigStub.exe
2009-10-20 15:47:24 . 2009-10-20 15:47:24 3584 ----a-r- C:\Users\Auberey\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-10-20 15:47:23 . 2009-10-20 15:47:23 0 d-----w- C:\Program Files\Windows Installer Clean Up
2009-10-20 15:47:00 . 2009-10-20 15:47:00 0 d-----w- C:\Program Files\MSECACHE
2009-10-20 15:28:10 . 2009-10-20 15:28:11 86016 ----a-w- C:\ProgramData\NOS\Adobe_Downloads\arh.exe
2009-10-17 12:50:49 . 2009-10-06 12:15:53 2023704 ----a-w- C:\ProgramData\avg8\update\backup\avgtray.exe
2009-10-07 13:59:27 . 2009-10-06 12:15:05 1142552 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 00:25:06 . 2008-12-31 22:47:11 0 d-----w- C:\Users\Auberey\AppData\Roaming\WTablet
2009-11-04 23:57:55 . 2009-03-23 03:34:02 117760 ----a-w- C:\Users\Auberey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 13:17:33 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1304)
2009-11-04 12:41:39 . 2009-04-20 14:00:48 1356 ----a-w- C:\Users\Auberey\AppData\Local\d3d9caps.dat
2009-11-04 03:27:17 . 2008-09-18 16:04:06 4096 d-----w- C:\Program Files\Common Files\Adobe
2009-11-01 21:22:39 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1318)
2009-11-01 19:55:59 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1048)
2009-11-01 19:17:28 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1132)
2009-11-01 01:53:26 . 2008-09-17 13:09:58 0 d-----w- C:\Program Files\AVG
2009-10-21 11:40:50 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-10-21 11:40:50 . 2006-11-02 11:18:33 4096 d-----w- C:\Program Files\Windows Mail
2009-10-21 11:40:48 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Sidebar
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Journal
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Collaboration
2009-10-21 11:40:43 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Photo Gallery
2009-10-21 11:40:37 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Defender
2009-10-21 11:37:46 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-10-21 11:35:20 . 2009-10-21 11:35:20 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 15:52:39 . 2008-09-18 16:00:14 4096 d-----w- C:\ProgramData\NOS
2009-10-17 14:56:10 . 2008-09-17 13:11:52 4096 d-----w- C:\Program Files\SUPERAntiSpyware
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-09-26 18:45:18 . 2009-09-25 01:49:22 126970 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\uninstall.exe
2009-09-26 18:45:18 . 2009-08-03 21:48:42 4187512 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 01:49:21 . 2009-06-16 06:35:40 4183416 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-09-18 03:47:05 . 2009-09-18 03:47:03 45 ----a-w- C:\Users\Auberey\jagex_runescape_preferences2.dat
2009-09-18 03:47:05 . 2009-09-18 03:46:04 37 ----a-w- C:\Users\Auberey\jagex_runescape_preferences.dat
2009-09-09 23:19:37 . 2008-09-17 10:18:53 4096 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-07 22:33:39 . 2009-09-07 22:33:39 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-07 19:53:36 . 2006-11-02 10:32:57 101888 ----a-w- C:\Windows\system32\ifxcardm.dll
2009-09-07 19:53:33 . 2006-11-02 10:32:57 82432 ----a-w- C:\Windows\system32\axaltocm.dll
2009-09-07 19:36:16 . 2008-11-22 05:57:23 4096 d-----w- C:\Program Files\Java
2009-09-07 18:45:30 . 2009-09-07 18:45:30 0 d-----w- C:\Users\Auberey\AppData\Roaming\PeerNetworking
2009-08-29 00:27:49 . 2009-09-02 23:20:59 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 . 2009-09-02 23:20:57 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 . 2009-10-20 16:38:11 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-08-27 03:42:29 . 2009-10-20 16:38:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-08-26 16:43:18 . 2008-09-16 21:34:43 140960 ----a-w- C:\Users\Auberey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 03:33:52 . 2009-08-18 03:33:52 1193832 ----a-w- C:\Windows\system32\FM20.DLL
2009-08-15 12:36:06 . 2009-02-02 14:48:34 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-08-15 12:36:05 . 2008-09-17 13:10:05 335240 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-08-15 12:36:05 . 2008-09-17 13:10:01 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-08-14 16:27:34 . 2009-09-09 17:40:55 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 15:53:34 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 13:49:20 . 2009-09-09 17:40:51 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 13:49:15 . 2009-09-09 17:40:52 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:52 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:51 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 13:49:13 . 2009-09-09 17:40:51 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 13:48:21 . 2009-09-09 17:40:54 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48:02 . 2009-09-09 17:40:54 105984 ----a-w- C:\Windows\system32\netiohlp.dll
2009-01-13 20:56:45 . 2009-01-06 22:43:10 88 --sh--r- C:\Windows\System32\46F4CA0B28.sys
2009-01-13 20:59:34 . 2009-01-06 22:43:10 952 --sha-w- C:\Windows\System32\KGyGaAvL.sys
2009-06-19 19:15:45 . 2009-06-19 19:15:45 8975 --sh--w- C:\Windows\System32\vudigoyi.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55:58 1090816 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 12:42:59 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 18:01:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 18:01:26 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 18:01:30 133656]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 06:12:02 483328]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 19:53:56 1312080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-19 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 13:57:20 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 14:36:54 73728 ----a-w- C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,a8,99,f1,43,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4215972033-1050644244-1932678965-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [9/17/2008 8:10:05 AM 335240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07:14 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07:12 PM 74480]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [10/2/2008 9:01:13 PM 93544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [5/7/2009 6:11:20 PM 1153368]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [12/31/2008 5:43:14 PM 1373480]
R3 ti21sony;ti21sony;C:\Windows\System32\drivers\ti21sony.sys [9/16/2008 9:48:44 PM 227328]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 8:20:45 AM 297752]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [10/20/2008 11:20:30 AM 61440]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe [10/20/2008 11:19:39 AM 2711312]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [9/5/2009 6:17:46 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48:42 PM 704864]
S3 getPlus(R) Installer;getPlus(R) Installer;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [8/16/2009 5:24:57 PM 59552]
S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe -k getPlusHelper [9/18/2008 7:24:33 AM 21504]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07:16 PM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 C:\Windows\Tasks\NSSstub.job
- C:\Windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-03 04:24:24 . 2009-01-03 04:24:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll
AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
sorry, hope this one is complete
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1055 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.
2009-11-06 00:21:35 . 2009-11-06 00:26:07 0 d-----w- C:\Users\Auberey\AppData\Local\temp
2009-11-06 00:21:35 . 2009-11-06 00:21:35 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-11-05 22:36:21 . 2009-11-05 22:36:21 0 d-----w- C:\Program Files\Trend Micro
2009-11-05 21:19:51 . 2009-11-05 21:19:51 0 d-----w- C:\Users\Auberey\AppData\Roaming\Malwarebytes
2009-11-05 21:19:47 . 2009-09-10 19:54:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-11-05 21:19:45 . 2009-11-05 21:19:50 4096 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-05 21:19:45 . 2009-11-05 21:19:45 0 d-----w- C:\ProgramData\Malwarebytes
2009-11-05 21:19:45 . 2009-09-10 19:53:50 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-11-05 02:52:16 . 2009-11-05 02:52:16 0 d-----w- C:\Program Files\ESET
2009-11-05 00:07:36 . 2009-09-10 14:58:28 310784 ----a-w- C:\Windows\system32\unregmp2.exe
2009-11-05 00:07:33 . 2009-09-10 14:59:26 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-11-04 18:40:53 . 2009-08-07 02:24:08 44768 ----a-w- C:\Windows\system32\wups2.dll
2009-11-04 18:40:53 . 2009-08-07 02:24:04 53472 ----a-w- C:\Windows\system32\wuauclt.exe
2009-11-04 18:40:53 . 2009-08-07 02:23:45 1929952 ----a-w- C:\Windows\system32\wuaueng.dll
2009-11-04 18:40:53 . 2009-08-07 01:45:15 2421760 ----a-w- C:\Windows\system32\wucltux.dll
2009-11-04 18:40:36 . 2009-08-07 02:24:09 35552 ----a-w- C:\Windows\system32\wups.dll
2009-11-04 18:40:36 . 2009-08-07 02:23:52 575704 ----a-w- C:\Windows\system32\wuapi.dll
2009-11-04 18:40:36 . 2009-08-07 01:44:40 87552 ----a-w- C:\Windows\system32\wudriver.dll
2009-11-04 18:40:20 . 2009-08-07 00:23:06 171608 ----a-w- C:\Windows\system32\wuwebv.dll
2009-11-04 18:40:20 . 2009-08-06 23:44:46 33792 ----a-w- C:\Windows\system32\wuapp.exe
2009-11-01 01:54:23 . 2009-11-01 01:54:41 0 d-----w- C:\$AVG
2009-11-01 01:53:23 . 2009-11-01 01:53:26 0 d-----w- C:\ProgramData\avg9
2009-10-21 12:38:04 . 2009-10-06 12:15:57 2064152 ----a-w- C:\ProgramData\avg8\update\backup\avgcorex.dll
2009-10-21 11:37:58 . 2009-10-21 11:40:05 0 d-----w- C:\Windows\system32\ca-ES
2009-10-21 11:37:58 . 2009-10-21 11:39:58 0 d-----w- C:\Windows\system32\eu-ES
2009-10-21 11:37:55 . 2009-10-21 11:39:55 0 d-----w- C:\Windows\system32\vi-VN
2009-10-21 11:15:46 . 2009-10-21 11:15:46 0 d-----w- C:\Windows\system32\EventProviders
2009-10-20 17:12:59 . 2009-04-11 06:28:22 406528 ----a-w- C:\Windows\system32\msvcp60.dll
2009-10-20 17:11:59 . 2009-04-11 06:28:26 177664 ----a-w- C:\Windows\system32\WSDMon.dll
2009-10-20 17:10:45 . 2009-04-11 06:28:18 247808 ----a-w- C:\Windows\system32\drvstore.dll
2009-10-20 16:39:05 . 2009-09-10 16:48:01 218624 ----a-w- C:\Windows\system32\msv1_0.dll
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-10-20 16:39:02 . 2009-08-04 12:34:19 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-10-20 16:33:06 . 2009-09-04 11:41:59 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-10-20 16:32:46 . 2009-09-14 09:29:50 144896 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-10-20 16:30:40 . 2009-05-08 12:53:00 604672 ----a-w- C:\Windows\system32\WMSPDMOD.DLL
2009-10-20 16:23:46 . 2009-10-01 14:29:14 195440 ----a-w- C:\Windows\system32\MpSigStub.exe
2009-10-20 15:47:24 . 2009-10-20 15:47:24 3584 ----a-r- C:\Users\Auberey\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-10-20 15:47:23 . 2009-10-20 15:47:23 0 d-----w- C:\Program Files\Windows Installer Clean Up
2009-10-20 15:47:00 . 2009-10-20 15:47:00 0 d-----w- C:\Program Files\MSECACHE
2009-10-20 15:28:10 . 2009-10-20 15:28:11 86016 ----a-w- C:\ProgramData\NOS\Adobe_Downloads\arh.exe
2009-10-17 12:50:49 . 2009-10-06 12:15:53 2023704 ----a-w- C:\ProgramData\avg8\update\backup\avgtray.exe
2009-10-07 13:59:27 . 2009-10-06 12:15:05 1142552 ----a-w- C:\ProgramData\avg8\update\backup\avgupd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 00:25:06 . 2008-12-31 22:47:11 0 d-----w- C:\Users\Auberey\AppData\Roaming\WTablet
2009-11-04 23:57:55 . 2009-03-23 03:34:02 117760 ----a-w- C:\Users\Auberey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 13:17:33 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1304)
2009-11-04 12:41:39 . 2009-04-20 14:00:48 1356 ----a-w- C:\Users\Auberey\AppData\Local\d3d9caps.dat
2009-11-04 03:27:17 . 2008-09-18 16:04:06 4096 d-----w- C:\Program Files\Common Files\Adobe
2009-11-01 21:22:39 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1318)
2009-11-01 19:55:59 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1048)
2009-11-01 19:17:28 . 2008-09-17 13:09:56 0 d-----w- C:\ProgramData\avg8(1132)
2009-11-01 01:53:26 . 2008-09-17 13:09:58 0 d-----w- C:\Program Files\AVG
2009-10-21 11:40:50 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-10-21 11:40:50 . 2006-11-02 11:18:33 4096 d-----w- C:\Program Files\Windows Mail
2009-10-21 11:40:48 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Sidebar
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Journal
2009-10-21 11:40:47 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Collaboration
2009-10-21 11:40:43 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Photo Gallery
2009-10-21 11:40:37 . 2006-11-02 12:37:34 4096 d-----w- C:\Program Files\Windows Defender
2009-10-21 11:37:46 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-10-21 11:35:20 . 2009-10-21 11:35:20 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 15:52:39 . 2008-09-18 16:00:14 4096 d-----w- C:\ProgramData\NOS
2009-10-17 14:56:10 . 2008-09-17 13:11:52 4096 d-----w- C:\Program Files\SUPERAntiSpyware
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:14 . 2008-11-01 21:34:49 3766 --sha-w- C:\ProgramData\KGyGaAvL.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-10-05 23:32:01 . 2008-11-01 21:34:50 168 --sha-r- C:\ProgramData\46F4CA0B28.sys
2009-09-26 18:45:18 . 2009-09-25 01:49:22 126970 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\uninstall.exe
2009-09-26 18:45:18 . 2009-08-03 21:48:42 4187512 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 01:49:21 . 2009-06-16 06:35:40 4183416 ----a-w- C:\Users\Auberey\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-09-18 03:47:05 . 2009-09-18 03:47:03 45 ----a-w- C:\Users\Auberey\jagex_runescape_preferences2.dat
2009-09-18 03:47:05 . 2009-09-18 03:46:04 37 ----a-w- C:\Users\Auberey\jagex_runescape_preferences.dat
2009-09-09 23:19:37 . 2008-09-17 10:18:53 4096 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-07 22:33:39 . 2009-09-07 22:33:39 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-07 19:53:36 . 2006-11-02 10:32:57 101888 ----a-w- C:\Windows\system32\ifxcardm.dll
2009-09-07 19:53:33 . 2006-11-02 10:32:57 82432 ----a-w- C:\Windows\system32\axaltocm.dll
2009-09-07 19:36:16 . 2008-11-22 05:57:23 4096 d-----w- C:\Program Files\Java
2009-09-07 18:45:30 . 2009-09-07 18:45:30 0 d-----w- C:\Users\Auberey\AppData\Roaming\PeerNetworking
2009-08-29 00:27:49 . 2009-09-02 23:20:59 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 . 2009-09-02 23:20:57 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 . 2009-10-20 16:38:11 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-08-27 05:17:43 . 2009-10-20 16:38:09 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-08-27 03:42:29 . 2009-10-20 16:38:09 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-08-26 16:43:18 . 2008-09-16 21:34:43 140960 ----a-w- C:\Users\Auberey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 03:33:52 . 2009-08-18 03:33:52 1193832 ----a-w- C:\Windows\system32\FM20.DLL
2009-08-15 12:36:06 . 2009-02-02 14:48:34 11952 ----a-w- C:\Windows\system32\avgrsstx.dll
2009-08-15 12:36:05 . 2008-09-17 13:10:05 335240 ----a-w- C:\Windows\system32\drivers\avgldx86.sys
2009-08-15 12:36:05 . 2008-09-17 13:10:01 27784 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys
2009-08-14 16:27:34 . 2009-09-09 17:40:55 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-08-14 15:53:34 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\netevent.dll
2009-08-14 13:49:20 . 2009-09-09 17:40:51 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-08-14 13:49:18 . 2009-09-09 17:40:51 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-08-14 13:49:15 . 2009-09-09 17:40:52 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:52 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-08-14 13:49:14 . 2009-09-09 17:40:51 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-08-14 13:49:13 . 2009-09-09 17:40:51 10240 ----a-w- C:\Windows\system32\finger.exe
2009-08-14 13:48:21 . 2009-09-09 17:40:54 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48:02 . 2009-09-09 17:40:54 105984 ----a-w- C:\Windows\system32\netiohlp.dll
2009-01-13 20:56:45 . 2009-01-06 22:43:10 88 --sh--r- C:\Windows\System32\46F4CA0B28.sys
2009-01-13 20:59:34 . 2009-01-06 22:43:10 952 --sha-w- C:\Windows\System32\KGyGaAvL.sys
2009-06-19 19:15:45 . 2009-06-19 19:15:45 8975 --sh--w- C:\Windows\System32\vudigoyi.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55:58 1090816 ----a-w- C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 13:55:58 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 12:42:59 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-18 18:01:34 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-18 18:01:26 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-18 18:01:30 133656]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 06:12:02 483328]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 19:53:56 1312080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-9-19 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 13:57:20 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 14:36:54 73728 ----a-w- C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,a8,99,f1,43,52,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4215972033-1050644244-1932678965-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [9/17/2008 8:10:05 AM 335240]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 1:07:14 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07:12 PM 74480]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [10/2/2008 9:01:13 PM 93544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [5/7/2009 6:11:20 PM 1153368]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [12/31/2008 5:43:14 PM 1373480]
R3 ti21sony;ti21sony;C:\Windows\System32\drivers\ti21sony.sys [9/16/2008 9:48:44 PM 227328]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 8:20:45 AM 297752]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [10/20/2008 11:20:30 AM 61440]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe [10/20/2008 11:19:39 AM 2711312]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [9/5/2009 6:17:46 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48:42 PM 704864]
S3 getPlus(R) Installer;getPlus(R) Installer;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [8/16/2009 5:24:57 PM 59552]
S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe -k getPlusHelper [9/18/2008 7:24:33 AM 21504]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07:16 PM 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 C:\Windows\Tasks\NSSstub.job
- C:\Windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-03 04:24:24 . 2009-01-03 04:24:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll
AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150} - C:\Program Files\Corel\Corel Painter X\MSILauncher {91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}
sorry, hope this one is complete
•
•
Join Date: Nov 2009
Posts: 96
Reputation:
Solved Threads: 0
Junior Poster in Training
0
#18 18 Days Ago
my husband was watching it and said that it shut itself down a couple of minutes after it had finished and something about a dump file but it went too fast for him to read it. Would it be in the event log?
0
#19 18 Days Ago
Hey! Thanks for getting back so quickly!
I'm only okay at reading HJT logs, but as a general rule of thumb I've found, anything that doesn't have a name is bad news, and anything that doesn't look familiar, google search it.
By this logic, the following look suspicious to me:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll (file missing)
I'm not too sure about this one:
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
upon google searches, it seems to be part of Adobe something or other, but its curious that it's unlabeled...
This one checks out on a google search as part of spyware doctor:
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
My suggestion would be to fix the R3 and 2 O2s I mentioned above and see if that helps.
Everything else I read through looks about right to me.
Let us know how that turns out!
--John, MCS
A+ Certified
I'm only okay at reading HJT logs, but as a general rule of thumb I've found, anything that doesn't have a name is bad news, and anything that doesn't look familiar, google search it.
By this logic, the following look suspicious to me:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {744EC540-7CAC-4B6A-8581-CBD7CC81024B} - C:\Windows\system32\jkkKeCtS.dll (file missing)
I'm not too sure about this one:
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
upon google searches, it seems to be part of Adobe something or other, but its curious that it's unlabeled...
This one checks out on a google search as part of spyware doctor:
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
My suggestion would be to fix the R3 and 2 O2s I mentioned above and see if that helps.
Everything else I read through looks about right to me.
Let us know how that turns out!
--John, MCS
A+ Certified
Last edited by MCSChiefTech; 18 Days Ago at 9:14 pm.
•
•
•
•
Originally Posted by khwhitaker 
my husband was watching it and said that it shut itself down a couple of minutes after it had finished and something about a dump file but it went too fast for him to read it. Would it be in the event log?
There are a few things I'd suggest here.
To keep it from restarting in the future, so you can read and WRITE DOWN the exact error (and the hex IE: 0x0000000, 0x231HD77 etc... code) for us, go Start orb>Right click "Computer">Properties>Advanced system settings (on the left)>Advanced tab>Startup and Recovery>Under "System failure" uncheck "automatically restart"
There should be some data in the log as well. This link will help you help us:
http://www.bleepingcomputer.com/forums/topic40108.html
I think its for windows XP but it is similar enough that it should be straightforward.
Let us know what you find or if you need more help!
I'm going to be out for a while tonight, so I may not be able to check back for a while- but you're in good hands here on Daniweb.
Good luck!
--John, MCS
A+ Certified
|
Similar Threads
- Windows Vista Infected Big Time!! (Viruses, Spyware and other Nasties)
- Windows Vista, AVG I-Worm/Nuwar.U (Viruses, Spyware and other Nasties)
- News Story: How to turn your iPhone into a Windows Vista clone (Windows Vista and Windows 7)
- Need help downloading antivirus with Windows Vista (Windows Vista and Windows 7)
- Windows Vista virus..help?? (Windows Vista and Windows 7)
- News Story: Windows Vista (Windows Vista and Windows 7)
- News Story: Windows Vista launch date set; Microsoft prepares (Windows Vista and Windows 7)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Nothing working
- Next Thread: After Antivirus System Pro no web access
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
