 [Resolved] Malware or Trojan Present, Can't Windows Udate or update Malware tools |
Welcome! Register for a free account (or login) > How does it work?
|
|
 May 24 2009, 10:01 AM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home  |
Number of problems. Windows WON'T update. I get error 80244019. Anit-malware and spyware software I download will not update. I have tried: Malwarebytes Anti-Malweare Super Anti Spyware AVG FREE Scans Windows Maleware Remvoval Combo Fix MBAM Setup And several online scans. No dice. Something is running on my machine. Google searches to find solutions either get redirected or "connetction interupted page". Im getting pop ups, and certain google searches send me to random pages not remotely related to my search. Any help is GREATLY appreciated!!!! This is my HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:24 AM, on 5/24/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...1208&m=e620 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6892 bytes And here is my COMBO-FIX Log: ComboFix 09-05-23.04 - Jens 05/24/2009 11:18.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.899 [GMT -4:00] Running from: c:\users\Jens\Desktop\Combo-Fix.exe SP: AdwareAlert *disabled* (Updated) {8FE17B8C-999D-4396-B209-DC2ABE34C169} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\1045spyw9rz1995.cpl c:\windows\10513h9c5tool7bz.ocx c:\windows\106135zy9c.cpl c:\windows\10692vi5us3dz.exe c:\windows\107noz-a-9i5us305.exe c:\windows\107z1h9cktool475.cpl c:\windows\1094sp9m5ot155z.exe c:\windows\11685pamzot9d9.bin c:\windows\118fdownlo9der51z5.exe c:\windows\11902hacktool51z.dll c:\windows\11956zackto9l55e.cpl c:\windows\12458not-a59irus2z2.ocx c:\windows\12598hack5zol644.bin c:\windows\126529pzmbot4b65.cpl c:\windows\1299vi5uz97.bin c:\windows\1344addwz5e12309.ocx c:\windows\1355addw9re213z.bin c:\windows\13621not9a-vz5use5.ocx c:\windows\13905hazktool289.dll c:\windows\13974spz5fa.dll c:\windows\13z4th9eat55906.exe c:\windows\145515acktool19ez.ocx c:\windows\14559troj54z.ocx c:\windows\14590tzo562d.ocx c:\windows\147z45py91.bin c:\windows\14b5t9izf1857.ocx c:\windows\151c9own5oaderz953.ocx c:\windows\1562thr9at1189z.ocx c:\windows\15635szambot972.exe c:\windows\15853troj539z.exe c:\windows\1587s9ea52326z.exe c:\windows\15912h9cktz5l4aa.dll c:\windows\15927not-a-vzru53c.exe c:\windows\15z75spambot9e8.cpl c:\windows\16f3s9eaz1859.exe c:\windows\16z86not-a-vi9us35.bin c:\windows\17078zorm92f5.cpl c:\windows\1728bzc5door99.ocx c:\windows\173z29ro53ad.exe c:\windows\17559zpy59d9.dll c:\windows\17816wo9m45z.ocx c:\windows\179685zoj1bc.exe c:\windows\17991viruz651.exe c:\windows\17z1s9y59b.exe c:\windows\18152s5ambot79dz.dll c:\windows\189dba5kdoor22z99.ocx c:\windows\18z32sp5db9.cpl c:\windows\190fthreaz92535.ocx c:\windows\192n9tza5virus518.ocx c:\windows\19515zpy5695.cpl c:\windows\19523troz54f.exe c:\windows\19962wo5m68dz.dll c:\windows\1998ste5lz097.bin c:\windows\19c0spywarz9592.ocx c:\windows\19f7spywzre5760.cpl c:\windows\19z99tr5j59f.ocx c:\windows\1a6dspzw9re1154.ocx c:\windows\1a99spar5e1z16.exe c:\windows\1abaaddwa95z983.dll c:\windows\1c5es9y5are13z4.exe c:\windows\1cd09zief895.exe c:\windows\1cfstea95z24.exe c:\windows\1e04threa52985z.exe c:\windows\1fe6v9r52z5.cpl c:\windows\1z1585orm2a9.dll c:\windows\1z207not-a-5irus7639.cpl c:\windows\1z259sp9549.bin c:\windows\1z304troj4925.dll c:\windows\1zb3st95l1748.bin c:\windows\1zcdaddwar91559.exe c:\windows\1zd55ir9930.ocx c:\windows\201ethzeat42395.exe c:\windows\2054znot-a-viru51679.ocx c:\windows\20c7thre5z94875.ocx c:\windows\20d3a5dware46z9.exe c:\windows\21954wor957z.bin c:\windows\22543spy956z.exe c:\windows\22560not-9zvir5sc9.cpl c:\windows\22cdsp9wzre1415.bin c:\windows\23581vz9us751.bin c:\windows\23668no9-a-5irzs2ef.exe c:\windows\23fcsz9war52621.bin c:\windows\243309pambot5f8z.cpl c:\windows\24554t9oj56z.bin c:\windows\24z13s5y495.dll c:\windows\25282virus569z.exe c:\windows\25339iruz4fc5.exe c:\windows\254z85py59a.dll c:\windows\2558vir9s49z.exe c:\windows\25601vizusbd9.exe c:\windows\25835ddwaze689.ocx c:\windows\25c6vzr2597.exe c:\windows\25d5zir9639.ocx c:\windows\25z7backdo9r2275.exe c:\windows\26269z5ambot19.bin c:\windows\26555tr9jz3.exe c:\windows\27109szambot25c.exe c:\windows\2750troj25z9.exe c:\windows\2775roz59a.exe c:\windows\27z53hacktool95e.dll c:\windows\2815dzwnloader1998.exe c:\windows\28df9ddware25z55.cpl c:\windows\29170not-a5virus2ez.cpl c:\windows\292715pamzo931.cpl c:\windows\2950threat9z60.ocx c:\windows\29552wozm259.ocx c:\windows\2965s9arse26z4.bin c:\windows\29d5ste5z1149.cpl c:\windows\29zaspyw5re2649.bin c:\windows\2aazthr9at25377.bin c:\windows\2b89szeal5910.exe c:\windows\2b99thizf5681.bin c:\windows\2bf9zhreat3156.cpl c:\windows\2ce5zackdoor969.exe c:\windows\2d99zt5al2486.exe c:\windows\2z086not9a-virus105.ocx c:\windows\2z1235pambot3719.bin c:\windows\2z130worm2955.cpl c:\windows\2z5599ackt5ol25d.cpl c:\windows\2z785hac9t5ol6ba.exe c:\windows\2z85backdoor28789.dll c:\windows\2z984spy935.ocx c:\windows\2z992spy405.exe c:\windows\302269pambztf35.ocx c:\windows\303059izus455.exe c:\windows\30559wzr5702.exe c:\windows\307zs5eal9843.cpl c:\windows\31395tr5j3cz.cpl c:\windows\3151ztroj2f9.exe c:\windows\31847spam95z2f7.exe c:\windows\31d5stez91606.cpl c:\windows\3203zspy559.dll c:\windows\320a9zckdoor5181.ocx c:\windows\3210v5rz390.cpl c:\windows\32300wormz599.dll c:\windows\32465notza-viru92675.ocx c:\windows\32975ir48z.cpl c:\windows\3297vzrus78b5.cpl c:\windows\32a8d9wnloader198z5.cpl c:\windows\32z92not-a-virus4035.bin c:\windows\33b0szarse29235.exe c:\windows\33c3t9ie5925z.exe c:\windows\35206tro92f9z.bin c:\windows\352zthief2969.exe c:\windows\355zthreat97191.bin c:\windows\357edownloazer479.cpl c:\windows\3679no9-5-virusf5z.dll c:\windows\389zadd5are19589.dll c:\windows\39531vzrus5d1.cpl c:\windows\3985troj355z.cpl c:\windows\3995wormz35.exe c:\windows\39c0backdooz1558.cpl c:\windows\3a0caddwaz52394.cpl c:\windows\3bz9steal2571.bin c:\windows\3ef0ba5zdoor9257.exe c:\windows\3fdzdownloa9er16395.ocx c:\windows\3z25not-a-v9rus216.bin c:\windows\3z3dthrea925800.bin c:\windows\3z49backdoor1597.dll c:\windows\3z59add5are864.cpl c:\windows\3z992spy195.ocx c:\windows\4038hackto95z66.ocx c:\windows\4060backdooz9253.exe c:\windows\412zs9ars52766.bin c:\windows\4205vir893z.exe c:\windows\421hackt9oz25.exe c:\windows\4294spzmbot450.ocx c:\windows\452zvirus769.ocx c:\windows\452zworm28c9.cpl c:\windows\4555szyw9re634.bin c:\windows\457zbackdoor98085.bin c:\windows\45z49hr5at14814.exe c:\windows\46d9thzeat54599.bin c:\windows\46z9steal1795.dll c:\windows\4750z5oj904.exe c:\windows\47zddow5l9ader1264.exe c:\windows\4901spamboz1905.ocx c:\windows\49559irus62z.ocx c:\windows\495t9reatz5868.cpl c:\windows\49b15ackdooz9422.exe c:\windows\49ebazdwar5555.exe c:\windows\4abfsparsez5959.cpl c:\windows\4b59sz5al9232.cpl c:\windows\4b5thr9at1z959.exe c:\windows\4b92spzrse29795.ocx c:\windows\4b9atzre5t9229.dll c:\windows\4d935oznloader2916.ocx c:\windows\4e9aszarse1750.cpl c:\windows\4fc5stzal935.bin c:\windows\4z9aa9dware8055.dll c:\windows\4za1sp5ware2495.bin c:\windows\5158downloader9z02.bin c:\windows\51899zirus782.bin c:\windows\51a7back9oor2637z.exe c:\windows\52012troz9f8.ocx c:\windows\5258th9efz520.dll c:\windows\5296virz55.bin c:\windows\5299vzr2555.bin c:\windows\539aczdoor1641.exe c:\windows\54850spam9zt36f.exe c:\windows\55095acktooz959.dll c:\windows\55109zackt9ol79e.dll c:\windows\551cth9zat29159.ocx c:\windows\553ethiz599.ocx c:\windows\553viz2739.ocx c:\windows\5540thzeat27991.dll c:\windows\5585worz45b9.exe c:\windows\559fth9eat1055z.exe c:\windows\55abdownlo9dzr3233.ocx c:\windows\55cstezl971.bin c:\windows\55z4hac9tool6ed.cpl c:\windows\55z8sp92d.cpl c:\windows\569zdownloader2219.bin c:\windows\56b9thrza524775.ocx c:\windows\56c9virz6925.dll c:\windows\5789addware11z6.bin c:\windows\58238hack9ool6z6.bin c:\windows\5869spzrse25915.bin c:\windows\58c8s5ezl18139.dll c:\windows\58z93troj24a.dll c:\windows\590fvirz15.cpl c:\windows\59285vir9s64z.bin c:\windows\5955pa9bzt1fb.ocx c:\windows\5962downloade9z751.bin c:\windows\59659roj2za.ocx c:\windows\59680noz-a-virus369.dll c:\windows\596faddzar59598.dll c:\windows\597adown9ozder688.exe c:\windows\5990spyz6.exe c:\windows\5a10spz9are1252.exe c:\windows\5a80sp95arez98.cpl c:\windows\5ab5s9zal23245.dll c:\windows\5b19viz59.dll c:\windows\5b40downlz9der665.exe c:\windows\5b9fbackd5or944z.dll c:\windows\5bfcdown5oadez2719.bin c:\windows\5c2z5ddware9151.ocx c:\windows\5df2bac9dooz1261.bin c:\windows\5e5eaddwa95180z.ocx c:\windows\5efbzackdoo51749.ocx c:\windows\5f89vir15z5.cpl c:\windows\5fddz9ief8015.bin c:\windows\5z13vi51559.cpl c:\windows\5z1495r2580.ocx c:\windows\5z19t9ief2135.exe c:\windows\5z4as9eal2745.bin c:\windows\5z95sparse391.ocx c:\windows\5zd0st9al104.exe c:\windows\601zvi52991.ocx c:\windows\6020threa519z70.exe c:\windows\602f9py5are2z55.ocx c:\windows\61z5threat59399.dll c:\windows\64549ownl5azer218.bin c:\windows\6570hzckt9ol243.ocx c:\windows\65e2thz9at25484.ocx c:\windows\66z45ir990.cpl c:\windows\67545ir1z769.bin c:\windows\6792szea5484.ocx c:\windows\6875addwaze51799.ocx c:\windows\6885sp9rse1z4.dll c:\windows\6943hackt5ol45z.ocx c:\windows\6965iz893.cpl c:\windows\6b56thrzat23190.dll c:\windows\6c09sz5al9625.bin c:\windows\6c14downzoa9e53.ocx c:\windows\6cf5sparse98z9.ocx c:\windows\6d9d5ir4z6.ocx c:\windows\6dae5tezl2929.ocx c:\windows\6f29do5nloader98z.bin c:\windows\6z16steal3925.cpl c:\windows\6z59threat22392.dll c:\windows\6zb05hief9913.ocx c:\windows\700ezo5nloader18979.cpl c:\windows\709s5z9e.bin c:\windows\7130viz2509.exe c:\windows\743zvir954a7.bin c:\windows\7553spamz5t7c89.bin c:\windows\755bvzr52729.dll c:\windows\75d5threat9z243.dll c:\windows\75ze5ownload9r1043.ocx c:\windows\769ead5w9ze1046.bin c:\windows\76c75zeal5369.bin c:\windows\78b69pars526z9.exe c:\windows\7982spzrse1545.ocx c:\windows\79b9thiez355.exe c:\windows\79d6s5eaz2660.bin c:\windows\79e6spyzare1584.ocx c:\windows\7adbthr9a56459z.dll c:\windows\7c5dvi9z042.ocx c:\windows\7d26downl5ader1918z.exe c:\windows\7f1bbackdzo931055.bin c:\windows\7f35addz9re1866.ocx c:\windows\7z5threat10792.cpl c:\windows\7z9eaddw9re1598.dll c:\windows\811195ruszfc.cpl c:\windows\8139spzmbot7635.ocx c:\windows\8320n5tza-virus1c49.ocx c:\windows\8384w9rz4bc5.bin c:\windows\86z5not-5-vi9us590.ocx c:\windows\8950sp5mb9t7z7.cpl c:\windows\91552not-azviru5654.ocx c:\windows\92a3spyw5rz2833.cpl c:\windows\93851spy58fz.exe c:\windows\945spa5ze2015.ocx c:\windows\9465vir845z.cpl c:\windows\94a0thiez5426.dll c:\windows\94zspyw5re910.cpl c:\windows\9548baz5door2768.bin c:\windows\9589zworm5e6.exe c:\windows\9590v5r31z9.exe c:\windows\95fviz1599.ocx c:\windows\95z42viru552e.cpl c:\windows\9657trzj2ef.exe c:\windows\9705steal556z.ocx c:\windows\9705z5y924.dll c:\windows\97095ackt9ol7e9z.dll c:\windows\9750vir31z.exe c:\windows\97d6spzwa5e2786.ocx c:\windows\98728spambot315z.ocx c:\windows\9908t5oj7ccz.bin c:\windows\992spam5oz387.cpl c:\windows\9944wzrm65b.exe c:\windows\994z5wor576a.exe c:\windows\9990noz-a-v5rus9b7.dll c:\windows\9998z9y5655.ocx c:\windows\9ae8thief253z.ocx c:\windows\9b75hzeat17191.bin c:\windows\9b82addwarez4165.bin c:\windows\9d395pyware2369z.exe c:\windows\9e3stez91508.ocx c:\windows\9z05backdoor3257.cpl c:\windows\9z60spy29e5.exe c:\windows\9zesteal2597.dll c:\windows\a7d5zr9874.ocx c:\windows\b2est9az835.dll c:\windows\be6st5a94z.dll c:\windows\d09v5z145.cpl c:\windows\d5dthz9f570.exe c:\windows\d9btz5eat8869.dll c:\windows\dc9downl5adzr1205.exe c:\windows\de4addwzre24795.bin c:\windows\e7dztea9535.dll c:\windows\e97sparse95z.exe c:\windows\eb9zteal956.cpl c:\windows\system32\1052z9py7d4.exe c:\windows\system32\1058b9ckdoor2647z.bin c:\windows\system32\105daddwarez694.cpl c:\windows\system32\1079ba5kdooz88.exe c:\windows\system32\10915hacktoo527z.dll c:\windows\system32\1139not5a-vizus89.exe c:\windows\system32\11542sp9mzot5a.exe c:\windows\system32\1195zoj3d5.bin c:\windows\system32\120745zcktoo99.ocx c:\windows\system32\12141not-a-vir597z7.exe c:\windows\system32\122a5d9arz374.cpl c:\windows\system32\125z9hacktool42.dll c:\windows\system32\12b1spy9zre5433.dll c:\windows\system32\132za9dware754.dll c:\windows\system32\13411spa95oz6.dll c:\windows\system32\13573spa5bot29z.ocx c:\windows\system32\135cdown9oaderz985.ocx c:\windows\system32\13917zp95cc5.ocx c:\windows\system32\13c5downlzade9326.exe c:\windows\system32\1404zhre9527039.exe c:\windows\system32\14325w95m5zc.cpl c:\windows\system32\1481z5acktool7849.cpl c:\windows\system32\149165iruz41f.cpl c:\windows\system32\14994wo5z5f4.bin c:\windows\system32\15057spambot69z.dll c:\windows\system32\1509v9r264z.cpl c:\windows\system32\150cbackdo9r1z59.exe c:\windows\system32\1512th9eat59305z.dll c:\windows\system32\15355vizus309.exe c:\windows\system32\15475h5czto9l30e.cpl c:\windows\system32\15751spzmb9t3c5.bin c:\windows\system32\15992t9ozec.ocx c:\windows\system32\159fbazkdoor204.cpl c:\windows\system32\15ct9ief1175z.exe c:\windows\system32\15ebstea919z2.bin c:\windows\system32\15f45i9266z.cpl c:\windows\system32\15z4ste5l16539.exe c:\windows\system32\15z5t9oj3385.bin c:\windows\system32\15z5t9oj3d2.bin c:\windows\system32\15z9not-a-virus557.cpl c:\windows\system32\16550hacktzol9c9.exe c:\windows\system32\1693z5pambot35f.dll c:\windows\system32\16c5hreat9422z.cpl c:\windows\system32\171135zambot49d.cpl c:\windows\system32\179z1v5rus7c9.exe c:\windows\system32\17dfd5wnloadez3179.bin c:\windows\system32\18505tr9j7d7z.bin c:\windows\system32\185f9zdware2201.bin c:\windows\system32\18851not-a-5izus795.cpl c:\windows\system32\18955vi9usz35.bin c:\windows\system32\1959azdware17779.ocx c:\windows\system32\195z9n5t-a-virus79a.dll c:\windows\system32\1995zhief454.dll c:\windows\system32\19963virus554z.cpl c:\windows\system32\199btzie52778.bin c:\windows\system32\19z5sparse255.exe c:\windows\system32\1c99addware45z.exe c:\windows\system32\1e7dzwn9o5der780.exe c:\windows\system32\1ef5thre9t1429z.dll c:\windows\system32\1ffbsp5r9e1z26.dll c:\windows\system32\1fz0do5nlo9der3275.dll c:\windows\system32\1z08back59or2181.dll c:\windows\system32\1z12659y630.exe c:\windows\system32\1z354worm987.dll c:\windows\system32\1z561worm69e5.dll c:\windows\system32\1z6195ir9s47e.cpl c:\windows\system32\1z685not5a-virus19c.exe c:\windows\system32\1z855i9us2b8.ocx c:\windows\system32\1z945tro9e6.ocx c:\windows\system32\20481hack5ozl2c9.exe c:\windows\system32\2097vi5z2719.ocx c:\windows\system32\2140tr5jz89.ocx c:\windows\system32\21555spz691.dll c:\windows\system32\21562hac9tooz425.dll c:\windows\system32\21565trojzf9.ocx c:\windows\system32\21906s9zmbot5ba.cpl c:\windows\system32\2200z9py5c5.ocx c:\windows\system32\22051s5a9botzea.ocx c:\windows\system32\230955ot-9-viruszf.exe c:\windows\system32\230zsp9rse1553.exe c:\windows\system32\23435hzcktool91b.cpl c:\windows\system32\236549ro56cz.ocx c:\windows\system32\23685spz5bot595.bin c:\windows\system32\2399st5al21z2.exe c:\windows\system32\23z58not-a-virus3935.dll c:\windows\system32\23z59virus537.exe c:\windows\system32\24335zpy952.dll c:\windows\system32\247z4sp9mbot215.ocx c:\windows\system32\2489dzwnload9r1586.bin c:\windows\system32\249z9spa5bot98.cpl c:\windows\system32\24b2down9oad5r2534z.dll c:\windows\system32\24e65dzware18889.ocx c:\windows\system32\25131spa9boz4cb.dll c:\windows\system32\25156zorm6b99.cpl c:\windows\system32\2549s9eal748z.exe c:\windows\system32\25594spambotc9z.dll c:\windows\system32\255pazs9157.bin c:\windows\system32\25636vzrus793.bin c:\windows\system32\257459wnloader1545z.bin c:\windows\system32\25963vi5uz4ee.cpl c:\windows\system32\26332not-z-viru51ca9.ocx c:\windows\system32\264cs9ywar5249z.ocx c:\windows\system32\26z0thie5698.cpl c:\windows\system32\28391virus251z.cpl c:\windows\system32\2849vir5189z.exe c:\windows\system32\2853backdoor351z9.dll c:\windows\system32\28653sp9mbotz21.dll c:\windows\system32\287189ot-a5viruzd5.cpl c:\windows\system32\28867sp9zbo545b.ocx c:\windows\system32\28958hac5t9olzfe.cpl c:\windows\system32\29058z5rm552.cpl c:\windows\system32\29119s5z57b.dll c:\windows\system32\29139iz2585.cpl c:\windows\system32\291955roj4dz.ocx c:\windows\system32\2952ztroj659.bin c:\windows\system32\29570viz5s12e9.ocx c:\windows\system32\295759iruz401.cpl c:\windows\system32\29785iz515.cpl c:\windows\system32\29851spamzot5b5.dll c:\windows\system32\29994zirus535.ocx c:\windows\system32\29a2backdozr23665.cpl c:\windows\system32\29b3threzt70775.ocx c:\windows\system32\29z97vir5s437.dll c:\windows\system32\29z99spam5ot6e8.ocx c:\windows\system32\2az6downl5a9er1109.ocx c:\windows\system32\2bd4spyza9e45.ocx c:\windows\system32\2bfspzw5re849.bin c:\windows\system32\2c28stza52892.bin c:\windows\system32\2c6spar5e79z.exe c:\windows\system32\2d13spy9ar516z1.ocx c:\windows\system32\2d8zspar9e5904.dll c:\windows\system32\2d9fsp5warz387.cpl c:\windows\system32\2f9ethze5193.exe c:\windows\system32\2zethief539.ocx c:\windows\system32\304z9teal455.ocx c:\windows\system32\3050spa9se382z.cpl c:\windows\system32\3062szarse5339.exe c:\windows\system32\3069hacktool15z.bin c:\windows\system32\3069ztr95c9.dll c:\windows\system32\30c9backdz5r1511.ocx c:\windows\system32\31250vir9s578z.cpl c:\windows\system32\313stezl2509.bin c:\windows\system32\31519hazkt5ol46c9.exe c:\windows\system32\31623wz5m7f89.exe c:\windows\system32\31849h5ef3006z.ocx c:\windows\system32\3189ha5ktool5z2.dll c:\windows\system32\3192az5ware2475.ocx c:\windows\system32\3198tro534z9.bin c:\windows\system32\31c5down9oader1153z.bin c:\windows\system32\3214z9py7b5.cpl c:\windows\system32\32209zre5t29254.bin c:\windows\system32\32297troj55z.bin c:\windows\system32\322z5tr9j743.exe c:\windows\system32\32414not-azvir5s609.ocx c:\windows\system32\334f5hreat10z93.exe c:\windows\system32\33569rzjd0.exe c:\windows\system32\356zaddwa9e2297.bin c:\windows\system32\35791worm54z.ocx c:\windows\system32\35d9spazse2861.ocx c:\windows\system32\35ed9iz1551.cpl c:\windows\system32\373ztroj295.ocx c:\windows\system32\37bbt9rez512253.bin c:\windows\system32\37z9hackto9l5f25.bin c:\windows\system32\382sz59l2888.bin c:\windows\system32\3879vi5z962.bin c:\windows\system32\38d9steal158z5.cpl c:\windows\system32\3935spazbotb9.bin c:\windows\system32\3944viz15905.dll c:\windows\system32\3948sza9bot50f.cpl c:\windows\system32\395bste9l32z3.ocx c:\windows\system32\3965th5efz950.dll c:\windows\system32\396et5r9at2646z.cpl c:\windows\system32\39f59own5oader3z89.bin c:\windows\system32\3b4cad5waz91659.ocx c:\windows\system32\3bc39teal1548z.bin c:\windows\system32\3c94virz5915.dll c:\windows\system32\3ce3sz5ware1951.ocx c:\windows\system32\3f5tzreat19469.bin c:\windows\system32\3fb6addwar918z5.bin c:\windows\system32\3z5aaddware739.dll c:\windows\system32\3zffs5eal1995.exe c:\windows\system32\40a7zhief32159.cpl c:\windows\system32\415adownloazer2329.ocx c:\windows\system32\4225vzru5911.cpl c:\windows\system32\4296spyware2575z.ocx c:\windows\system32\435dbaczdoor15599.exe c:\windows\system32\4369z5eal479.ocx c:\windows\system32\44a4bzckdoor1955.bin c:\windows\system32\4555szeal290.cpl c:\windows\system32\4559zhief555.cpl c:\windows\system32\4573zo9m685.cpl c:\windows\system32\459z95yware661.cpl c:\windows\system32\4685downlzad9r1990.ocx c:\windows\system32\470addwar51z97.ocx c:\windows\system32\4713spy9z5.bin c:\windows\system32\47fzspyw9re25985.dll c:\windows\system32\4815spzmbo95cb.bin c:\windows\system32\4978spambot665z.ocx c:\windows\system32\4978spyware562z.dll c:\windows\system32\499bs5eal341z.ocx c:\windows\system32\49e5vzr5281.ocx c:\windows\system32\4a0dv95135z.cpl c:\windows\system32\4aa9dzwnloader359.ocx c:\windows\system32\4dz8thre9t35477.exe c:\windows\system32\4e5bs9y5arez719.cpl c:\windows\system32\4f2za59door985.ocx c:\windows\system32\4fzabac9do5r1898.dll c:\windows\system32\4z975hreat80899.bin c:\windows\system32\5156thizf2930.exe c:\windows\system32\5158st9alz46.dll c:\windows\system32\5170t5r9zt30910.dll c:\windows\system32\52c6th9ezt3654.dll c:\windows\system32\5330d5wnloa9er3z.exe c:\windows\system32\5405vir9s2zb.dll c:\windows\system32\543znot-a95irusa2.exe c:\windows\system32\5459zhreat12117.ocx c:\windows\system32\545spywarz9068.bin c:\windows\system32\54769h9cktozl5e6.exe c:\windows\system32\5491wor52z9.bin c:\windows\system32\54z9bac5door561.ocx c:\windows\system32\5521zspambotde9.cpl c:\windows\system32\5566a5dwz9e53.exe c:\windows\system32\5568vz92336.bin c:\windows\system32\5582thr9at256z7.exe c:\windows\system32\5619steal21z5.cpl c:\windows\system32\561z5spy409.dll c:\windows\system32\5651h9cktoolzb2.ocx c:\windows\system32\56c3back9ooz1155.cpl c:\windows\system32\5708vi92z20.exe c:\windows\system32\57916z9rm523.dll c:\windows\system32\57925zief9910.ocx c:\windows\system32\585bsz9ware95.exe c:\windows\system32\5895sp59z5.cpl c:\windows\system32\58eaddzare15149.bin c:\windows\system32\5952spazse1403.dll c:\windows\system32\595at9ief2z10.cpl c:\windows\system32\596fs5zr9e3233.ocx c:\windows\system32\59919spz79c.cpl c:\windows\system32\59d2tzief8185.cpl c:\windows\system32\59z5spy130.exe c:\windows\system32\5a8cthzea924285.bin c:\windows\system32\5az59hief7.dll c:\windows\system32\5b54thiefz7039.bin c:\windows\system32\5bbbb9ckdzor646.bin c:\windows\system32\5bd1thre5t21039z.ocx c:\windows\system32\5bz9steal997.dll c:\windows\system32\5d98z5arse1893.dll c:\windows\system32\5de0backdo9r88z.ocx c:\windows\system32\5ec5ste9l159z.bin c:\windows\system32\5f9dthzeat13568.dll c:\windows\system32\5fa19ackdoor27z5.dll c:\windows\system32\5fz6spa9se2638.cpl c:\windows\system32\5z465sp9661.ocx c:\windows\system32\5z6259arse27.dll c:\windows\system32\5z899virus791.cpl c:\windows\system32\5zc49hi5f744.bin c:\windows\system32\5zc7s9y5are646.dll c:\windows\system32\5zd659r1977.cpl c:\windows\system32\5ze2addw9re718.dll c:\windows\system32\6025zhief29505.ocx c:\windows\system32\60665o9-a-virus6az.exe c:\windows\system32\6096down5oaderz13.bin c:\windows\system32\609zs5yware569.cpl c:\windows\system32\6156zparse5199.ocx c:\windows\system32\6372spy5a9e3121z.bin c:\windows\system32\64z1sp9395.ocx c:\windows\system32\65bavir228z9.cpl c:\windows\system32\662z9r5343.exe c:\windows\system32\6643hzck5ool2e9.cpl c:\windows\system32\6664s9ar5e1z81.bin c:\windows\system32\68d29zreat7315.bin c:\windows\system32\691zviru5665.cpl c:\windows\system32\6962not-a-virus5z3.ocx c:\windows\system32\6af3th9za519778.exe c:\windows\system32\6az1down9oade52006.bin c:\windows\system32\6b55backdoor3z549.exe c:\windows\system32\6cfestea92215z.dll c:\windows\system32\6e7adownload9z1539.exe c:\windows\system32\6f405t9al2z26.cpl c:\windows\system32\6z93bac9doo51066.ocx c:\windows\system32\70155ownlzad9r914.exe c:\windows\system32\701fdownlozde52942.exe c:\windows\system32\709ddo5nlo9zer349.cpl c:\windows\system32\71z2b5c9door3011.bin c:\windows\system32\72c5tzief3935.exe c:\windows\system32\7305spamb9z57d.cpl c:\windows\system32\73b2bazkdoor5029.bin c:\windows\system32\752athiez790.bin c:\windows\system32\7538adzw5re2978.dll c:\windows\system32\754fbackzoo5799.exe c:\windows\system32\7595thrzat99552.exe c:\windows\system32\76z3s9yw5re818.exe c:\windows\system32\7852haczt5ol6969.ocx c:\windows\system32\7862ha5ktoo976z.cpl c:\windows\system32\78z4sparse28859.bin c:\windows\system32\7911d9wnlza5er129.cpl c:\windows\system32\79485teaz1368.exe c:\windows\system32\794dzownloader2775.dll c:\windows\system32\795asteal15z79.bin c:\windows\system32\795zthie92470.bin c:\windows\system32\7c4fadd9arz1485.bin c:\windows\system32\7c75stea9161z.cpl c:\windows\system32\7c9addw9rz5969.exe c:\windows\system32\7d52addzare9593.dll c:\windows\system32\7d53th9ez855.dll c:\windows\system32\7d76spywzr93095.cpl c:\windows\system32\7da59pazse1559.ocx c:\windows\system32\7f92s5ealz591.dll c:\windows\system32\7f9azow59oader3186.bin c:\windows\system32\7fz8v951311.exe c:\windows\system32\7z6dd5wnloader2959.exe c:\windows\system32\838sp5w9rz205.cpl c:\windows\system32\8482not-a-5irus6z9.exe c:\windows\system32\86z6t9o5348.dll c:\windows\system32\8920vizus565.bin c:\windows\system32\8926notza-9i5us2dc.dll c:\windows\system32\8d8dow5zoader21179.exe c:\windows\system32\9016zorm5ae9.ocx c:\windows\system32\90c5spazse436.dll c:\windows\system32\92500troj62z.cpl c:\windows\system32\92758trzj2ed.exe c:\windows\system32\92z9st5al1869.dll c:\windows\system32\9378worm5z9.ocx c:\windows\system32\93a9spyza5e1088.ocx c:\windows\system32\93z5th5ef2493.dll c:\windows\system32\948z3spa5botb9.cpl c:\windows\system32\9521spy71z.exe c:\windows\system32\9542spyz95.ocx c:\windows\system32\954ztroj3e25.cpl c:\windows\system32\957615roz4bd.exe c:\windows\system32\9579nzt-a-virus74d5.cpl c:\windows\system32\959spywarez591.exe c:\windows\system32\95cespy5arez654.exe c:\windows\system32\9650troj209z.cpl c:\windows\system32\971znot-a-vir9s151.exe c:\windows\system32\9775spywar529z5.cpl c:\windows\system32\97zdown9oa5er2991.dll c:\windows\system32\985w9rm4d6z.exe c:\windows\system32\9911stzal505.ocx c:\windows\system32\9956tzoj70e.cpl c:\windows\system32\9975pz4d9.cpl c:\windows\system32\99aes5zware2975.exe c:\windows\system32\99z6troj525.ocx c:\windows\system32\9ad5tez91376.cpl c:\windows\system32\9ezspars51800.bin c:\windows\system32\9zeaaddware12905.bin c:\windows\system32\ac9ad9ware3z54.cpl c:\windows\system32\c51spy9are294z5.dll c:\windows\system32\c6bzte5l2379.exe c:\windows\system32\e09addwa5ez993.cpl c:\windows\system32\ff8a9dwaze3635.ocx c:\windows\system32\z0821not-a-v9rus615.cpl c:\windows\system32\z3260virus759.cpl c:\windows\system32\z335spa9se157.dll c:\windows\system32\z3975troj916.dll c:\windows\system32\z4945spy1a5.exe c:\windows\system32\z4b6s5ea92263.dll c:\windows\system32\z568vi9u5ab.ocx c:\windows\system32\z5809pambot5b4.ocx c:\windows\system32\z594threat56518.ocx c:\windows\system32\z6197v5rus74.exe c:\windows\system32\z6519hief1355.cpl c:\windows\system32\z73125roj595.cpl c:\windows\system32\z7618troj7e59.bin c:\windows\system32\z776dow5loader1819.exe c:\windows\system32\z8375spam9ot1d1.bin c:\windows\system32\z8dev9r2959.cpl c:\windows\system32\z9417spy2f5.dll c:\windows\system32\z9dfsparse1485.dll c:\windows\system32\zb4a9dware1405.cpl c:\windows\system32\zc5es9arse911.dll c:\windows\system32\zc755ir598.dll c:\windows\system32\zdebackdoor52909.dll c:\windows\system32\zec9vir9535.ocx c:\windows\system32\zfcfthreat93351.cpl c:\windows\TEMP\{8481E583-9484-4DF2-9264-589E4D0FDF76}\_Setup.dll c:\windows\TEMP\{BB84CF8B-0E6A-42EA-8F78-89D8A135A8E5}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_IsRes.dll c:\windows\TEMP\{BB84CF8B-0E6A-42EA-8F78-89D8A135A8E5}\{7F811A54-5A09-4579-90E1-C93498E230D9}\_ISUser.dll c:\windows\TEMP\{BB84CF8B-0E6A-42EA-8F78-89D8A135A8E5}\{7F811A54-5A09-4579-90E1-C93498E230D9}\isrt.dll c:\windows\z0f8d5wnload9r1525.ocx c:\windows\z1002hacktool9615.dll c:\windows\z15vi9215.ocx c:\windows\z177hack59ol327.ocx c:\windows\z190s5arse3107.exe c:\windows\z2496w59m7c6.dll c:\windows\z2919v5rus389.exe c:\windows\z3158sp91b3.dll c:\windows\z3795spambot4d3.cpl c:\windows\z406steal1459.ocx c:\windows\z4199worm5fc.ocx c:\windows\z4715v59us1bd.ocx c:\windows\z562spy3c59.dll c:\windows\z6ffspa5se20229.bin c:\windows\z7355not-a-vir9s439.exe c:\windows\z7529ot-a-virus11a.ocx c:\windows\z8f85hreat18689.bin c:\windows\z905threat258905.exe c:\windows\z9d9a5dware1585.bin c:\windows\zbef5ir1129.ocx c:\windows\zd6fthief29975.ocx c:\windows\zf6659yware2454.cpl . ((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 ))))))))))))))))))))))))))))))) . 2009-05-24 15:15 . 2009-05-24 15:15 -------- d-----w C:\32788R22FWJFW 2009-05-24 15:03 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 15:03 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 15:03 . 2009-05-24 15:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-23 04:36 . 2009-05-23 04:37 41148 ----a-w C:\MGlogs.zip 2009-05-23 04:36 . 2009-05-23 04:37 -------- d-----w C:\MGtools 2009-05-22 23:33 . 2009-05-24 15:43 117760 ----a-w c:\users\Jens\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-21 13:46 . 2009-05-21 13:46 -------- d-----w C:\Autoruns 2009-05-20 00:45 . 2009-05-20 00:46 -------- d-----w c:\windows\BDOSCAN8 2009-05-19 23:41 . 2009-05-07 23:07 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll 2009-05-19 14:09 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-05-19 14:09 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-05-19 14:09 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-19 14:09 . 2009-05-19 14:10 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-19 14:09 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-05-19 14:09 . 2009-05-19 14:11 -------- d-----w c:\program files\Spyware Doctor 2009-05-19 14:09 . 2009-05-19 14:09 -------- d-----w c:\users\Jens\AppData\Roaming\PC Tools 2009-05-19 14:07 . 2009-05-19 14:07 -------- d-----w c:\programdata\Google Updater 2009-05-18 23:24 . 2009-05-21 13:57 -------- d-----w c:\program files\a-squared Free 2009-05-12 18:41 . 2009-05-18 22:58 -------- d-----w c:\program files\Panda Security 2009-05-12 11:53 . 2008-12-04 05:25 120832 ----a-w c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\z43igteg.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-05-11 18:17 . 2009-05-11 18:17 -------- d-----w c:\program files\Common Files\Express Digital 2009-05-11 18:17 . 2009-05-11 18:17 -------- d-----w c:\programdata\ExpressDigital 2009-05-11 17:59 . 2009-05-11 17:59 -------- d-----w c:\users\Jens\AppData\Roaming\ExpressDigital 2009-05-11 17:58 . 2009-05-11 17:58 -------- d-----w c:\program files\Common Files\Nikon 2009-05-11 17:57 . 2009-05-11 17:57 -------- d-----w c:\program files\ExpressDigital 2009-05-07 23:07 . 2009-05-07 23:07 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 23:07 . 2009-05-07 23:07 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 23:07 . 2009-05-07 23:07 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 23:07 . 2009-05-07 23:07 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-07 23:07 . 2009-05-24 13:49 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 18:21 . 2009-05-07 18:21 -------- d-----w c:\programdata\SUPERAntiSpyware.com 2009-05-07 18:20 . 2009-05-22 23:32 -------- d-----w c:\program files\SUPERAntiSpyware 2009-05-07 18:20 . 2009-05-22 23:32 -------- d-----w c:\users\Jens\AppData\Roaming\SUPERAntiSpyware.com 2009-05-07 17:06 . 2009-05-07 23:24 -------- d-----w c:\program files\Exterminate It! 2009-05-07 16:00 . 2009-05-12 18:34 4565024 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-07 15:57 . 2009-05-12 18:25 -------- d-----w c:\programdata\ParetoLogic 2009-05-07 15:57 . 2009-05-12 18:25 -------- d-----w c:\program files\Common Files\ParetoLogic 2009-05-07 13:32 . 2009-05-07 13:51 -------- d-----w c:\programdata\Webroot 2009-05-07 13:32 . 2009-05-07 13:32 -------- d-----w c:\users\Jens\AppData\Roaming\Webroot 2009-05-07 13:32 . 2009-05-07 13:32 -------- d-----w c:\program files\Webroot 2009-05-06 23:32 . 2009-05-06 23:32 -------- d-----w c:\program files\Opanda 2009-05-05 20:08 . 2009-05-05 20:08 -------- dc-h--w c:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C} 2009-05-01 04:56 . 2009-05-01 04:56 129096 ---ha-w c:\windows\system32\mlfcache.dat 2009-05-01 04:18 . 2009-05-01 04:18 -------- d-----w c:\windows\system32\IOSUBSYS 2009-05-01 00:48 . 2008-11-24 07:06 9200 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-05-01 00:48 . 2008-11-24 07:06 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-05-01 00:48 . 2009-05-01 00:48 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-04-29 19:05 . 2009-04-29 19:05 -------- d--h--w c:\windows\msdownld.tmp 2009-04-29 19:05 . 2009-04-29 19:05 -------- d-----w c:\program files\Windows Media Components 2009-04-29 18:23 . 2009-04-29 18:23 -------- d-----w c:\program files\ffdshow 2009-04-29 16:05 . 2009-04-29 16:05 -------- d-----w c:\users\Jens\AppData\Roaming\Canon 2009-04-29 15:30 . 2009-04-29 15:41 -------- d-----w c:\program files\Canon 2009-04-27 22:49 . 2009-04-27 22:49 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll 2009-04-27 13:54 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{A2D63F91-AD80-47F8-A83A-42E2262C690F}\mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-19 14:09 . 2009-03-21 15:27 -------- d-----w c:\programdata\PC Tools 2009-05-19 14:07 . 2008-12-12 10:10 -------- d-----w c:\program files\Google 2009-05-19 03:40 . 2009-02-24 17:06 -------- d-----w c:\program files\PowerDataRecovery 2009-05-18 23:03 . 2009-03-11 11:58 -------- d-----w c:\programdata\Lavasoft 2009-05-12 18:34 . 2009-05-07 16:00 51092 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-12 11:54 . 2009-03-12 12:44 -------- d-----w c:\program files\Windows Live Safety Center 2009-05-08 00:19 . 2009-02-16 18:39 -------- d-----w c:\program files\Java 2009-05-07 20:30 . 2009-02-12 18:58 -------- d-----w c:\program files\Steam 2009-05-07 15:08 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender 2009-05-07 15:08 . 2009-04-03 16:08 -------- d--h--w c:\programdata\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32} 2009-05-07 15:08 . 2009-02-11 15:00 -------- d-----w c:\programdata\FLEXnet 2009-05-03 16:46 . 2008-08-24 11:18 -------- d-----w c:\programdata\Microsoft Help 2009-04-30 00:15 . 2009-02-11 05:37 72184 ----a-w c:\users\Jens\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-29 18:36 . 2009-03-18 21:07 -------- d-----w c:\programdata\NCH Software 2009-04-29 18:22 . 2008-08-24 10:53 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-29 16:04 . 2009-03-18 21:07 -------- d-----w c:\program files\NCH Software 2009-04-29 15:28 . 2008-12-12 10:02 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-23 18:12 . 2009-02-12 18:58 -------- d-----w c:\program files\Common Files\Steam 2009-04-20 00:51 . 2009-04-20 00:50 -------- d-----w c:\program files\PokerStars 2009-04-16 07:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-14 00:39 . 2009-03-11 11:52 4656976 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2009-04-06 18:43 . 2009-04-06 18:42 -------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor 2009-04-03 16:09 . 2009-04-03 16:09 -------- d-----w c:\users\Jens\AppData\Roaming\uniblue 2009-04-03 16:08 . 2009-04-03 16:08 -------- d-----w c:\program files\Uniblue 2009-04-01 20:40 . 2009-04-01 20:40 -------- d-----w c:\users\Jens\AppData\Roaming\acccore 2009-04-01 20:39 . 2009-04-01 20:37 -------- d-----w c:\programdata\AOL OCP 2009-04-01 20:38 . 2009-04-01 20:36 -------- d-----w c:\program files\AIM6 2009-04-01 20:38 . 2009-04-01 20:38 -------- d-----w c:\program files\Common Files\Software Update Utility 2009-04-01 20:37 . 2009-04-01 20:37 -------- d-----w c:\program files\Viewpoint 2009-04-01 20:37 . 2009-04-01 20:37 -------- d-----w c:\programdata\Viewpoint 2009-04-01 20:37 . 2009-04-01 20:37 -------- d-----w c:\programdata\acccore 2009-04-01 20:37 . 2009-04-01 20:37 -------- d-----w c:\programdata\AOL 2009-04-01 20:36 . 2009-04-01 20:36 -------- d-----w c:\program files\Common Files\AOL 2009-03-30 17:42 . 2009-03-30 17:42 0 ----a-w c:\windows\nsreg.dat 2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll 2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll 2009-03-17 03:38 . 2009-04-16 03:42 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 03:42 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-10 23:58 . 2009-03-10 23:58 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-09 09:19 . 2009-02-16 18:40 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 11:34 . 2009-04-29 18:34 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-04-29 18:34 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-04-29 18:34 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-04-29 18:34 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-04-29 18:34 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-04-29 18:34 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-04-29 18:34 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-04-29 18:34 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-04-29 18:34 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-04-29 18:34 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-04-29 18:34 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 11:32 . 2009-04-29 18:34 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-04-29 18:34 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-04-29 18:34 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-04-29 18:34 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-04-29 18:34 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 11:31 . 2009-04-29 18:34 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 11:22 . 2009-04-29 18:34 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys 2009-03-05 23:02 . 2009-03-05 23:02 35247359 ----a-w c:\windows\system32\xa12033449.exe 2009-03-05 23:02 . 2009-03-05 23:02 35247359 ----a-w c:\windows\system32\xa12028550.exe 2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll 2009-03-04 10:12 . 2009-04-03 16:08 771360 -c--a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32}\Uniblue SpeedUpMyPc 4\7E35FCFD\D628A3BB\UBSysMan.dll 2009-03-03 04:46 . 2009-04-16 03:42 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 03:42 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-16 03:42 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 03:42 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 03:42 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 03:42 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 03:42 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 03:42 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 03:42 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 03:42 17408 ----a-w c:\windows\system32\iashost.exe 2009-02-26 23:06 . 2009-02-26 23:06 16 ----a-w c:\windows\popcinfo.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-01-20 2523960] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-07 1947928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3198850635-3864095973-2275556364-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{093A98ED-E568-4F0F-B2FB-CC70D975C99D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{DE5A48C5-F572-4A32-9A1B-35F21ABF82AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{E297E9A1-3FA1-443E-9542-F4C9C476E98A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{4BA69C72-496D-4748-B1AB-99070A33E8D9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{B52A64D0-133F-4E84-AEB2-1F5D0665EBE0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{FFF650C9-9EE3-430A-ADFB-A340224C7AE7}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0C44E26D-3970-4D11-B586-D7093BEA60A1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4D180EA7-9E78-4FD0-96FF-B754BABE6384}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A5B273F6-B093-4160-94ED-AD06063189D5}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "{604EF47D-A2EB-44B1-A5EB-5A0F0F490041}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "TCP Query User{1BBB7BF0-5A2B-47BB-B013-D2E3DE048A24}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{0EF6ED46-F2BC-4CA4-89D1-22A36E99FC98}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{99F2EBC7-F774-4DE2-BD1B-C40091BD664E}"= UDP:27662:BitComet 27662 TCP "{8C756DC5-0200-4EDE-9038-F14A451EDA80}"= TCP:27662:BitComet 27662 UDP "{6D15FF4E-19DE-4CEF-9792-B778B5CBCC78}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{350F64DC-75F0-441F-B470-EF51CD69D96B}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{DBDA2FB7-61C5-4F30-A6B8-D495D1CEE99F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{25B4B7D6-3FAF-497D-AC38-6AF691CEE76F}c:\\program files\\steam\\steamapps\\veddieedder\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\veddieedder\counter-strike source\hl2.exe:hl2 "UDP Query User{DD0F5DAB-A87D-4F66-ACB4-967952971909}c:\\program files\\steam\\steamapps\\veddieedder\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\veddieedder\counter-strike source\hl2.exe:hl2 "{AD2BC52B-7008-4F60-9722-553F33D9314A}"= UDP:c:\program files\Steam\Steam.exe:Steam "{4C8D3234-D1B1-4141-8BC0-9F824EFAF1A6}"= TCP:c:\program files\Steam\Steam.exe:Steam "{5113B410-6F6C-4635-8735-9EF590E11AB4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{941B7D29-0B6C-4045-8B66-929AA75CAFD5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{907BF0B9-7E97-496B-97F6-DFB572EBE5C3}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{04F88EBD-7707-40B6-A9A5-1B9A1C0A73F3}"= TCP:c:\program files\AIM6\aim6.exe:AIM "{453B8A78-F6FD-4B47-BA7C-AFEE5CF0E57D}"= UDP:27662:BitComet 27662 TCP "{8819E728-FCE2-470C-963A-45AD1F6D3674}"= TCP:27662:BitComet 27662 UDP "TCP Query User{D424E666-0A82-475A-8DA8-2B042000192E}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM "UDP Query User{56FE6D5A-123C-4649-AA4A-20353C13ED33}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM "{296F4507-4A66-4A36-93F1-242036198975}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{470EB4DF-57C8-4D18-A572-16B6BBD26495}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{478D719D-62F0-4792-969A-255BF74481BA}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start "{B760B642-8135-47CA-90E6-C3B148A14508}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start "{761747B0-32F4-4D1A-BB95-413015C2E541}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{4AB3D5A3-CDAA-49F1-9744-40450D7699B7}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{506213E9-5FD7-4EEF-B7AB-BDA367C34AE4}"= UDP:c:\program files\SUPERAntiSpyware\SASINST.EXE:SASINST.EXE "{F1F58DA8-5094-4B1F-8317-456C75200CFE}"= TCP:c:\program files\SUPERAntiSpyware\SASINST.EXE:SASINST.EXE "{DEB02C8C-9BE5-473F-A990-6CF8756DF51A}"= UDP:c:\program files\SUPERAntiSpyware\SSUpdate.exe:SSUpdate.exe "{1AF67ED2-CD5F-47D7-BD6E-2BF1F094CDB0}"= TCP:c:\program files\SUPERAntiSpyware\SSUpdate.exe:SSUpdate.exe "{3554F478-A96D-4168-BB85-2C32A0D1BCB2}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{A04DC243-34A7-4B2B-B875-C24289CAD521}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{E8FBFFCE-B4CE-4103-B441-82605D025EF4}"= UDP:c:\program files\a-squared Free\a2free.exe:a-squared Free "{30BD205B-86D3-4342-BCB6-89A3C0DBB14B}"= TCP:c:\program files\a-squared Free\a2free.exe:a-squared Free "{8E5461DB-0AB7-4FA1-A79D-29F98B011C57}"= Disabled:UDP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5185F3C4-77AD-47A7-A484-947BE2138ED2}"= Disabled:TCP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{C9E7984B-10C6-44FC-9DE6-D601BC27CDA9}"= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{4FF67F03-A4CD-4B97-9DC4-F7BFA391E2B4}"= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{2631842E-6E29-43C6-B522-C02EB02FF319}"= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{F392374F-2059-4E2B-8095-304E2BF46B34}"= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{D3900F41-B16C-4A55-981F-571FB592B5D1}"= UDP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{0ABBFCD9-F74A-4517-960E-CB1920FD3B74}"= TCP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{18C89647-D61D-4245-9D37-CE32E8AC3D6A}"= UDP:c:\program files\Spyware Doctor\pctsSvc.exe:pctsSvc.exe "{16BAB245-CEDE-4EC5-BD66-BF20015F177F}"= TCP:c:\program files\Spyware Doctor\pctsSvc.exe:pctsSvc.exe "{DC81FD51-AAD9-4E82-9E53-7411B5229FC3}"= UDP:c:\program files\Spyware Doctor\Update.exe:Update.exe "{72B5CEE2-D24D-415F-91D4-D2A1E69B43B6}"= TCP:c:\program files\Spyware Doctor\Update.exe:Update.exe R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/19/2009 10:09 AM 130424] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/7/2009 7:07 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/7/2009 7:07 PM 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 7:07 PM 298776] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384] R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [12/12/2008 6:09 AM 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072] R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/18/2007 12:09 AM 11032] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408] R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\System32\drivers\UsbFltr.sys [4/9/2007 9:50 AM 9600] S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [8/24/2008 7:08 AM 388096] S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [3/12/2007 10:12 AM 256000] S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [5/19/2009 10:09 AM 64392] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/19/2009 10:09 AM 348752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 14:07] . - - - - ORPHANS REMOVED - - - - HKLM-Run-eRecoveryService - (no file) SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = www.hotmail.com mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1208&m=e620 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm FF - ProfilePath - c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\z43igteg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 11:41 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\wlanext.exe c:\program files\a-squared Free\a2service.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\System32\PnkBstrA.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\AVG\AVG8\avgtray.exe c:\windows\System32\wbem\WMIADAP.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-05-24 11:47 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-24 15:47 Pre-Run: 39,978,983,424 bytes free Post-Run: 39,846,846,464 bytes free 1086 --- E O F --- 2009-04-29 18:44 |
 |
 
|
|
Replies
(15 - 29)
|
Jun 2 2009, 05:17 AM
Post
#16
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Gmer log
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-02 07:16:23 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80795240] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80795432] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8BD5CDF0] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8079563A] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 43C 81EC2A00 8 Bytes [40, 52, 79, 80, 32, 54, 79, ...] {INC EAX; PUSH EDX; JNS 0xffffffffffffff84; XOR DL, [ECX+EDI*2-0x80]} .text ntkrnlpa.exe!KeSetTimerEx + 854 81EC2E18 4 Bytes [F0, CD, D5, 8B] .text ntkrnlpa.exe!KeSetTimerEx + 918 81EC2EDC 4 Bytes [3A, 56, 79, 80] PAGE spsys.sys!?SPVersion@@3PADA + 1A67 94F1703F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B58 94F17130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 94F17137 2214 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE spsys.sys!?SPVersion@@3PADA + 2406 94F179DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...] PAGE spsys.sys!?SPVersion@@3PADA + 2436 94F17A0E 44 Bytes [05, 00, 00, 39, 54, 8D, D0, ...] PAGE ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74947BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749898C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7494D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7493F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74947599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7493E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7497B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7494D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7494012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74940095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749371F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749CD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749675E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7493DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7493668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749366BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[488] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74941E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2e c9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
Jun 2 2009, 09:14 AM
Post
#17
|
|
 Forum God / Classroom Admin Assistant  Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
COMBOFIX-Script
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. |
|
|
|
|
Jun 2 2009, 09:47 AM
Post
#18
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
2nd COMBO FIX LOG
ComboFix 09-05-25.A2 - Jens 06/02/2009 11:35.4 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.848 [GMT -4:00] Running from: c:\users\Jens\Desktop\Combo-Fix.exe Command switches used :: c:\users\Jens\Desktop\CFScript.txt SP: AdwareAlert *disabled* (Updated) {8FE17B8C-999D-4396-B209-DC2ABE34C169} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 ))))))))))))))))))))))))))))))) . 2009-06-02 15:42 . 2009-06-02 15:42 -------- d-----w c:\users\Jens\AppData\Local\temp 2009-06-01 16:08 . 2009-06-01 16:47 -------- d-----w C:\Rooter$ 2009-05-26 22:59 . 2006-06-19 17:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll 2009-05-26 22:59 . 2006-05-25 19:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll 2009-05-26 22:59 . 2005-08-26 05:50 77312 ----a-w c:\windows\system32\ztvunace26.dll 2009-05-26 22:59 . 2003-02-03 00:06 153088 ----a-w c:\windows\system32\UNRAR3.dll 2009-05-26 22:59 . 2002-03-06 05:00 75264 ----a-w c:\windows\system32\unacev2.dll 2009-05-26 22:59 . 2009-05-26 23:00 -------- d-----w c:\program files\Trojan Remover 2009-05-26 22:59 . 2009-05-26 22:59 -------- d-----w c:\users\Jens\AppData\Roaming\Simply Super Software 2009-05-26 22:59 . 2009-05-26 22:59 -------- d-----w c:\programdata\Simply Super Software 2009-05-26 22:19 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys 2009-05-24 15:58 . 2009-05-24 15:58 -------- d-----w c:\program files\Trend Micro 2009-05-24 15:03 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 15:03 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 15:03 . 2009-05-24 15:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-23 04:36 . 2009-05-23 04:37 41148 ----a-w C:\MGlogs.zip 2009-05-23 04:36 . 2009-05-23 04:37 -------- d-----w C:\MGtools 2009-05-22 23:33 . 2009-06-01 23:10 117760 ----a-w c:\users\Jens\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-21 13:46 . 2009-05-21 13:46 -------- d-----w C:\Autoruns 2009-05-20 00:45 . 2009-05-20 00:46 -------- d-----w c:\windows\BDOSCAN8 2009-05-19 23:41 . 2009-05-07 23:07 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll 2009-05-19 14:09 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-05-19 14:09 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-05-19 14:09 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-19 14:09 . 2009-05-19 14:10 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-19 14:09 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-05-19 14:09 . 2009-05-19 14:11 -------- d-----w c:\program files\Spyware Doctor 2009-05-19 14:09 . 2009-05-19 14:09 -------- d-----w c:\users\Jens\AppData\Roaming\PC Tools 2009-05-19 14:07 . 2009-05-19 14:07 -------- d-----w c:\programdata\Google Updater 2009-05-18 23:24 . 2009-05-26 23:10 -------- d-----w c:\program files\a-squared Free 2009-05-12 18:41 . 2009-05-18 22:58 -------- d-----w c:\program files\Panda Security 2009-05-12 11:53 . 2008-12-04 05:25 120832 ----a-w c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\z43igteg.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-05-11 18:17 . 2009-05-11 18:17 -------- d-----w c:\program files\Common Files\Express Digital 2009-05-11 18:17 . 2009-05-11 18:17 -------- d-----w c:\programdata\ExpressDigital 2009-05-11 17:59 . 2009-05-11 17:59 -------- d-----w c:\users\Jens\AppData\Roaming\ExpressDigital 2009-05-11 17:58 . 2009-05-11 17:58 -------- d-----w c:\program files\Common Files\Nikon 2009-05-11 17:57 . 2009-05-11 17:57 -------- d-----w c:\program files\ExpressDigital 2009-05-07 23:07 . 2009-05-07 23:07 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-07 23:07 . 2009-05-07 23:07 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 23:07 . 2009-05-07 23:07 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-07 23:07 . 2009-05-07 23:07 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-07 23:07 . 2009-06-02 12:49 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-07 18:21 . 2009-05-07 18:21 -------- d-----w c:\programdata\SUPERAntiSpyware.com 2009-05-07 18:20 . 2009-05-29 20:21 -------- d-----w c:\program files\SUPERAntiSpyware 2009-05-07 18:20 . 2009-05-22 23:32 -------- d-----w c:\users\Jens\AppData\Roaming\SUPERAntiSpyware.com 2009-05-07 17:06 . 2009-05-07 23:24 -------- d-----w c:\program files\Exterminate It! 2009-05-07 16:00 . 2009-05-12 18:34 4565024 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-07 15:57 . 2009-05-12 18:25 -------- d-----w c:\programdata\ParetoLogic 2009-05-07 15:57 . 2009-05-12 18:25 -------- d-----w c:\program files\Common Files\ParetoLogic 2009-05-07 13:32 . 2009-05-07 13:51 -------- d-----w c:\programdata\Webroot 2009-05-07 13:32 . 2009-05-07 13:32 -------- d-----w c:\users\Jens\AppData\Roaming\Webroot 2009-05-07 13:32 . 2009-05-07 13:32 -------- d-----w c:\program files\Webroot 2009-05-06 23:32 . 2009-05-06 23:32 -------- d-----w c:\program files\Opanda 2009-05-05 20:08 . 2009-05-05 20:08 -------- dc-h--w c:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 17:40 . 2009-02-11 15:00 -------- d-----w c:\programdata\FLEXnet 2009-05-19 14:09 . 2009-03-21 15:27 -------- d-----w c:\programdata\PC Tools 2009-05-19 14:07 . 2008-12-12 10:10 -------- d-----w c:\program files\Google 2009-05-19 03:40 . 2009-02-24 17:06 -------- d-----w c:\program files\PowerDataRecovery 2009-05-18 23:03 . 2009-03-11 11:58 -------- d-----w c:\programdata\Lavasoft 2009-05-12 18:34 . 2009-05-07 16:00 51092 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-12 11:54 . 2009-03-12 12:44 -------- d-----w c:\program files\Windows Live Safety Center 2009-05-08 00:19 . 2009-02-16 18:39 -------- d-----w c:\program files\Java 2009-05-07 20:30 . 2009-02-12 18:58 -------- d-----w c:\program files\Steam 2009-05-07 15:08 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender 2009-05-07 15:08 . 2009-04-03 16:08 -------- d--h--w c:\programdata\{63A9FDE6-FCC7-4E26-A4CF-552A08431B32} 2009-05-03 16:46 . 2008-08-24 11:18 -------- d-----w c:\programdata\Microsoft Help 2009-05-01 04:56 . 2009-05-01 04:56 129096 ---ha-w c:\windows\system32\mlfcache.dat 2009-05-01 00:48 . 2009-05-01 00:48 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-04-30 00:15 . 2009-02-11 05:37 72184 ----a-w c:\users\Jens\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-29 19:05 . 2009-04-29 19:05 -------- d-----w c:\program files\Windows Media Components 2009-04-29 18:36 . 2009-03-18 21:07 -------- d-----w c:\programdata\NCH Software 2009-04-29 18:23 . 2009-04-29 18:23 -------- d-----w c:\program files\ffdshow 2009-04-29 18:22 . 2008-08-24 10:53 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-29 16:05 . 2009-04-29 16:05 -------- d-----w c:\users\Jens\AppData\Roaming\Canon 2009-04-29 16:04 . 2009-03-18 21:07 -------- d-----w c:\program files\NCH Software 2009-04-29 15:41 . 2009-04-29 15:30 -------- d-----w c:\program files\Canon 2009-04-29 15:28 . 2008-12-12 10:02 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-27 22:49 . 2009-04-27 22:49 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-04-23 18:12 . 2009-02-12 18:58 -------- d-----w c:\program files\Common Files\Steam 2009-04-20 00:51 . 2009-04-20 00:50 -------- d-----w c:\program files\PokerStars 2009-04-16 07:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-06 18:43 . 2009-04-06 18:42 -------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor 2009-04-03 16:09 . 2009-04-03 16:09 -------- d-----w c:\users\Jens\AppData\Roaming\uniblue 2009-04-03 16:08 . 2009-04-03 16:08 -------- d-----w c:\program files\Uniblue 2009-03-30 17:42 . 2009-03-30 17:42 0 ----a-w c:\windows\nsreg.dat 2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll 2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll 2009-03-17 03:38 . 2009-04-16 03:42 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 03:42 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-10 23:58 . 2009-03-10 23:58 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-09 09:19 . 2009-02-16 18:40 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 11:34 . 2009-04-29 18:34 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-04-29 18:34 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-04-29 18:34 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-04-29 18:34 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-04-29 18:34 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-04-29 18:34 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-04-29 18:34 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-04-29 18:34 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-04-29 18:34 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-04-29 18:34 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-04-29 18:34 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 11:32 . 2009-04-29 18:34 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-04-29 18:34 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-04-29 18:34 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-04-29 18:34 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-04-29 18:34 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 11:31 . 2009-04-29 18:34 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 11:22 . 2009-04-29 18:34 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys 2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-24_15.41.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-06-01 23:10 57968 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:02 . 2009-06-01 23:11 78356 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-02-11 05:37 . 2009-06-01 23:11 12742 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3198850635-3864095973-2275556364-1000_UserData.bin - 2009-02-11 05:33 . 2009-05-24 14:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-11 05:33 . 2009-06-01 16:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-11 05:33 . 2009-06-01 16:03 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-02-11 05:33 . 2009-05-24 14:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-11 05:33 . 2009-06-01 16:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-11 05:33 . 2009-05-24 14:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\System32\drivers\avgarkt.sys - 2009-05-24 15:37 . 2009-05-24 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-06-01 23:08 . 2009-06-01 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-05-24 15:37 . 2009-05-24 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-06-01 23:08 . 2009-06-01 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-05-27 17:22 595684 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-05-21 19:33 595684 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-05-27 17:22 101350 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-05-21 19:33 101350 c:\windows\System32\perfc009.dat - 2009-04-29 18:55 . 2009-05-23 01:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-04-29 18:55 . 2009-05-26 22:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-01-20 2523960] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-07 1947928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3198850635-3864095973-2275556364-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{093A98ED-E568-4F0F-B2FB-CC70D975C99D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{DE5A48C5-F572-4A32-9A1B-35F21ABF82AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{E297E9A1-3FA1-443E-9542-F4C9C476E98A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{4BA69C72-496D-4748-B1AB-99070A33E8D9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{B52A64D0-133F-4E84-AEB2-1F5D0665EBE0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{FFF650C9-9EE3-430A-ADFB-A340224C7AE7}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0C44E26D-3970-4D11-B586-D7093BEA60A1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4D180EA7-9E78-4FD0-96FF-B754BABE6384}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A5B273F6-B093-4160-94ED-AD06063189D5}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "{604EF47D-A2EB-44B1-A5EB-5A0F0F490041}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "TCP Query User{1BBB7BF0-5A2B-47BB-B013-D2E3DE048A24}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{0EF6ED46-F2BC-4CA4-89D1-22A36E99FC98}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{99F2EBC7-F774-4DE2-BD1B-C40091BD664E}"= UDP:27662:BitComet 27662 TCP "{8C756DC5-0200-4EDE-9038-F14A451EDA80}"= TCP:27662:BitComet 27662 UDP "{6D15FF4E-19DE-4CEF-9792-B778B5CBCC78}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{350F64DC-75F0-441F-B470-EF51CD69D96B}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade "{DBDA2FB7-61C5-4F30-A6B8-D495D1CEE99F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{25B4B7D6-3FAF-497D-AC38-6AF691CEE76F}c:\\program files\\steam\\steamapps\\veddieedder\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\veddieedder\counter-strike source\hl2.exe:hl2 "UDP Query User{DD0F5DAB-A87D-4F66-ACB4-967952971909}c:\\program files\\steam\\steamapps\\veddieedder\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\veddieedder\counter-strike source\hl2.exe:hl2 "{AD2BC52B-7008-4F60-9722-553F33D9314A}"= UDP:c:\program files\Steam\Steam.exe:Steam "{4C8D3234-D1B1-4141-8BC0-9F824EFAF1A6}"= TCP:c:\program files\Steam\Steam.exe:Steam "{5113B410-6F6C-4635-8735-9EF590E11AB4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{941B7D29-0B6C-4045-8B66-929AA75CAFD5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{907BF0B9-7E97-496B-97F6-DFB572EBE5C3}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{04F88EBD-7707-40B6-A9A5-1B9A1C0A73F3}"= TCP:c:\program files\AIM6\aim6.exe:AIM "{453B8A78-F6FD-4B47-BA7C-AFEE5CF0E57D}"= UDP:27662:BitComet 27662 TCP "{8819E728-FCE2-470C-963A-45AD1F6D3674}"= TCP:27662:BitComet 27662 UDP "TCP Query User{D424E666-0A82-475A-8DA8-2B042000192E}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM "UDP Query User{56FE6D5A-123C-4649-AA4A-20353C13ED33}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM "{296F4507-4A66-4A36-93F1-242036198975}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{470EB4DF-57C8-4D18-A572-16B6BBD26495}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{478D719D-62F0-4792-969A-255BF74481BA}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start "{B760B642-8135-47CA-90E6-C3B148A14508}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start "{761747B0-32F4-4D1A-BB95-413015C2E541}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{4AB3D5A3-CDAA-49F1-9744-40450D7699B7}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition "{506213E9-5FD7-4EEF-B7AB-BDA367C34AE4}"= UDP:c:\program files\SUPERAntiSpyware\SASINST.EXE:SASINST.EXE "{F1F58DA8-5094-4B1F-8317-456C75200CFE}"= TCP:c:\program files\SUPERAntiSpyware\SASINST.EXE:SASINST.EXE "{DEB02C8C-9BE5-473F-A990-6CF8756DF51A}"= UDP:c:\program files\SUPERAntiSpyware\SSUpdate.exe:SSUpdate.exe "{1AF67ED2-CD5F-47D7-BD6E-2BF1F094CDB0}"= TCP:c:\program files\SUPERAntiSpyware\SSUpdate.exe:SSUpdate.exe "{3554F478-A96D-4168-BB85-2C32A0D1BCB2}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{A04DC243-34A7-4B2B-B875-C24289CAD521}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{E8FBFFCE-B4CE-4103-B441-82605D025EF4}"= UDP:c:\program files\a-squared Free\a2free.exe:a-squared Free "{30BD205B-86D3-4342-BCB6-89A3C0DBB14B}"= TCP:c:\program files\a-squared Free\a2free.exe:a-squared Free "{8E5461DB-0AB7-4FA1-A79D-29F98B011C57}"= Disabled:UDP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5185F3C4-77AD-47A7-A484-947BE2138ED2}"= Disabled:TCP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{C9E7984B-10C6-44FC-9DE6-D601BC27CDA9}"= Disabled:UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{4FF67F03-A4CD-4B97-9DC4-F7BFA391E2B4}"= Disabled:TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{2631842E-6E29-43C6-B522-C02EB02FF319}"= Disabled:UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{F392374F-2059-4E2B-8095-304E2BF46B34}"= Disabled:TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{D3900F41-B16C-4A55-981F-571FB592B5D1}"= UDP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{0ABBFCD9-F74A-4517-960E-CB1920FD3B74}"= TCP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{18C89647-D61D-4245-9D37-CE32E8AC3D6A}"= UDP:c:\program files\Spyware Doctor\pctsSvc.exe:pctsSvc.exe "{16BAB245-CEDE-4EC5-BD66-BF20015F177F}"= TCP:c:\program files\Spyware Doctor\pctsSvc.exe:pctsSvc.exe "{DC81FD51-AAD9-4E82-9E53-7411B5229FC3}"= UDP:c:\program files\Spyware Doctor\Update.exe:Update.exe "{72B5CEE2-D24D-415F-91D4-D2A1E69B43B6}"= TCP:c:\program files\Spyware Doctor\Update.exe:Update.exe R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/19/2009 10:09 AM 130424] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/7/2009 7:07 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [5/7/2009 7:07 PM 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 7:07 PM 298776] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384] R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [12/12/2008 6:09 AM 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072] R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/18/2007 12:09 AM 11032] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408] R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\System32\drivers\UsbFltr.sys [4/9/2007 9:50 AM 9600] S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [8/24/2008 7:08 AM 388096] S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [3/12/2007 10:12 AM 256000] S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [5/19/2009 10:09 AM 64392] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/19/2009 10:09 AM 348752] --- Other Services/Drivers In Memory --- *Deregistered* - inyafakj [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 14:07] . . ------- Supplementary Scan ------- . uStart Page = www.hotmail.com mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1208&m=e620 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm FF - ProfilePath - c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\z43igteg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-02 11:42 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-06-02 11:46 ComboFix-quarantined-files.txt 2009-06-02 15:46 ComboFix2.txt 2009-06-01 17:06 ComboFix3.txt 2009-05-26 18:40 ComboFix4.txt 2009-05-24 15:47 Pre-Run: 36,443,926,528 bytes free Post-Run: 36,528,500,736 bytes free 306 --- E O F --- 2009-04-29 18:44 |
|
|
|
|
Jun 2 2009, 10:14 AM
Post
#19
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
There is something going wrong with your AVG. Please download one of these AV's: 1) Antivir PersonalEditionClassic -Free anti-virus software for Windows. -Detects and removes more than 50,000 viruses. Free support. 2) avast! 4 Home Edition -Anti-virus program for Windows. -The home edition is freeware for noncommercial user Then disconnect from the internet (unplug your wire) and uninstall your AVG. Then install which ever AV program you picked. Then connect back to the internet and see if you can update it. |
|
|
|
|
Jun 2 2009, 10:54 AM
Post
#20
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Tomk,
Okay, uninstalled AVG< installed Avira, and it successfully updated. I didn't run a scan because you didn't instruct me to do so yet. Shall I? Thanks Jens |
|
|
|
|
Jun 2 2009, 11:03 AM
Post
#21
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
Yes please. I'm hoping that some of your problem was a failed install of AVG. After your scan, please let me have a new HijackThis log. This post has been edited by Tomk: Jun 2 2009, 11:03 AM |
|
|
|
|
Jun 2 2009, 12:58 PM
Post
#22
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Tomk,
Avira found 5 trojans/viruses. Repaired them. Will run Hijack This now. I know you didnt ask for it, but here's the "report" from Avira. Will post Hijack This as soon as its completed. Thanks! Jens Avira AntiVir Personal Report file date: Tuesday, June 02, 2009 13:24 Scanning for 1446896 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : SYSTEM Computer name : JENS-PC Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26 ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 16:50:54 ANTIVIR3.VDF : 7.1.4.48 89600 Bytes 6/2/2009 16:50:55 Engineversion : 8.2.0.180 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/2/2009 16:51:06 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 6/2/2009 16:51:06 AESCN.DLL : 8.1.2.3 127347 Bytes 6/2/2009 16:51:05 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/2/2009 16:51:04 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 6/2/2009 16:51:04 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56 AEGEN.DLL : 8.1.1.44 348532 Bytes 6/2/2009 16:51:02 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/2/2009 16:50:55 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Tuesday, June 02, 2009 13:24 Starting search for hidden objects. '82594' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'BitComet.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'SchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'BackupSvc.exe' - '1' Module(s) have been scanned Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned Scan process 'ETService.exe' - '1' Module(s) have been scanned Scan process 'Agentsvc.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'wlanext.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 55 processes with 55 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '50' files ). Starting the file scan: Begin scan in 'C:\' <OS> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Qoobox\Quarantine\C\Windows\25d5zir9639.ocx.vir [DETECTION] Contains recognition pattern of the SPR/Fake.PcCleanPro program C:\Qoobox\Quarantine\C\Windows\5df2bac9dooz1261.bin.vir [DETECTION] Is the TR/PSW.OnlineGam.AF Trojan C:\Qoobox\Quarantine\C\Windows\79b9thiez355.exe.vir [DETECTION] Contains recognition pattern of the SPR/Tool.eBlaster program C:\Qoobox\Quarantine\C\Windows\z4199worm5fc.ocx.vir [DETECTION] Is the TR/PSW.Online.aklq Trojan C:\Qoobox\Quarantine\C\Windows\System32\92758trzj2ed.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.pwf back-door program Beginning disinfection: C:\Qoobox\Quarantine\C\Windows\25d5zir9639.ocx.vir [DETECTION] Contains recognition pattern of the SPR/Fake.PcCleanPro program [NOTE] The file was moved to '4a89761c.qua'! C:\Qoobox\Quarantine\C\Windows\5df2bac9dooz1261.bin.vir [DETECTION] Is the TR/PSW.OnlineGam.AF Trojan [NOTE] The file was moved to '4a8b764b.qua'! C:\Qoobox\Quarantine\C\Windows\79b9thiez355.exe.vir [DETECTION] Contains recognition pattern of the SPR/Tool.eBlaster program [NOTE] The file was moved to '4a877620.qua'! C:\Qoobox\Quarantine\C\Windows\z4199worm5fc.ocx.vir [DETECTION] Is the TR/PSW.Online.aklq Trojan [NOTE] The file was moved to '4a56761c.qua'! C:\Qoobox\Quarantine\C\Windows\System32\92758trzj2ed.exe.vir [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.pwf back-door program [NOTE] The file was moved to '4a5c761a.qua'! End of the scan: Tuesday, June 02, 2009 14:56 Used time: 1:31:29 Hour(s) The scan has been done completely. 22184 Scanned directories 348942 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 348936 Files not concerned 2171 Archives were scanned 1 Warnings 6 Notes 82594 Objects were scanned with rootkit scan 0 Hidden objects were found |
|
|
|
|
Jun 2 2009, 01:01 PM
Post
#23
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:01:20 PM, on 6/2/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hotmail.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...1208&m=e620 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6814 bytes |
|
|
|
|
Jun 2 2009, 02:00 PM
Post
#24
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
Everything that Avira found was in a quarantine already.
Now, Avira will obviously update. How about Windows? Please check things out and let me know how it's working now. |
|
|
|
|
Jun 2 2009, 02:09 PM
Post
#25
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Tomk,
Yes, Avira updates. AVG updated too. But none of the other maleware programs would. IE Super Anti Spyware, Malwarebytes Anti Maleware, etc. I just tried to install the same windows update I've been previously unable to install, still got error 80244019.  Thanks, Jens |
|
|
|
|
Jun 2 2009, 03:15 PM
Post
#26
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2
|
|
|
|
|
Jun 3 2009, 11:52 AM
Post
#27
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Tomk,
SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 13:52 on 03/06/2009 by Jens (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] (No values found) -=End Of File=- Thanks, Jens |
|
|
|
|
Jun 3 2009, 12:05 PM
Post
#28
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
COMBOFIX-Script
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Then please let me know if Windows will update. |
|
|
|
|
Jun 3 2009, 12:34 PM
Post
#29
|
|
|
Authentic Member Group: Authentic Member Posts: 23 Joined: 24-May 09 Member No.: 85,934 Operating System: Windows Vista Home |
Tomk,
I saved the file in Notepad, as instructed. The previous times the .txt file was dragged into ComboFix, it worked flawlessly. I am getting the error: You cannot rename ComboFix as Combo-Fix, Please use another name, preferably made up of alphanumeric characters. |
|
|
|
|
Jun 3 2009, 12:39 PM
Post
#30
|
|
|
Forum God / Classroom Admin Assistant Group: Classroom Teacher Posts: 12,333 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp |
jensvad,
I'm thinking that Avira scrambled ComboFix when you did it's scan. Let's do this because it's faster. Please download the OTM by OldTimer.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. |
|
|
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
 |
3 | AplusWebMaster | 77 | Today, 03:46 AM Last post by: AplusWebMaster |
||
|
 |
7 | shawnav | 169 | Today, 02:06 AM Last post by: ken545 |
||
|
8 | ZeroMovement | 132 | Today, 12:39 AM Last post by: ZeroMovement |
|||
 |
 |
268 | AplusWebMaster | 19,729 | Yesterday, 06:33 PM Last post by: AplusWebMaster |
||
|
Time is now: 22nd March 2010 - 05:04 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
