DavidC

Members

View Profile See their activity

Posts
10
Joined
March 8, 2009
Last visited
August 12, 2009

Reputation

0 Neutral

Is my machine infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Okay, that's a relief. Thank you for your help.
- August 12, 2009
- 7 replies
Is my machine infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Okay, here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.5889 # api_version=3.0.2 # EOSSerial=4dc000f6a1b6624d9249efe867c47660 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-08-11 01:41:12 # local_time=2009-08-11 02:41:12 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1027 62 0 7 135362280312500 # compatibility_mode=1797 21 100 100 546786718750 # compatibility_mode=6401 61 100 100 208628949687500 # scanned=77324 # found=0 # cleaned=0 # scan_time=966
- August 11, 2009
- 7 replies
Is my machine infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Hi, To be honest I'm not sure whether I have a problem or not. My computer has been running fine but when I was surfing the web today I got two detection warnings for HEUR/HTML. Malware. I have read online that Avira AntiVir sometimes has trouble with certain types of web scripts and erroneously identifies them as viruses so maybe that's what's going on here. I was just hoping that maybe one of the experts on this forum could take a look at my logs to make sure there's nothing nasty lurking on my machine.
- August 10, 2009
- 7 replies
Is my machine infected?

DavidC posted a topic in Resolved Malware Removal Logs

Hello, I use both Avira AntiVir and MBAM to keep my PC secure. In the last few days I have repeatedly been getting AntiVir detections of malware whenever I browse the internet, including: HEUR/HTML.Malware(heuristic) HTML/Spoofing.Gen(virus) HTML/Infected.Webpage.Gen(virus) In each case I have selected the "Move to Quarantine" option but I am still getting the alerts. I have performed full scans with MBAM and found nothing. Are these false positives or is my machine infected with someting? Also the other day my computer shut itself down for no obvious reason while I was surfing the web, which increased my nervousness. I was hoping someone here would be kind enough to take a look at my logs and let me know if you spot anything untoward? Hijack ThisLog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:35:22, on 05/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.broadband.o2.co.uk O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 12360 bytes MBAM Log: Malwarebytes' Anti-Malware 1.40 Database version: 2563 Windows 5.1.2600 Service Pack 3 05/08/2009 12:12:14 mbam-log-2009-08-05 (12-12-14).txt Scan type: Quick Scan Objects scanned: 101462 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- August 5, 2009
- 7 replies
Am I still infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

No, it still seems to be running fine.
- March 11, 2009
- 11 replies
Am I still infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Okay, I managed to install Java successfully and was then able to download Kaspersky Online Scanner but I was not able to alter the Scan Settings as you requested. The settings are locked on "Spyware, Adware, Dialers and Other" and there appears to be no way of changing this. I ran the scan anyway and the results are shown below along with a fresh HJT log. KOS Log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, March 11, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, March 11, 2009 18:35:54 Records in database: 1889542 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 73169 Threat name: 1 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:54:16 File name / Threat name / Threats count C:\System Volume Information\_restore{AAB8C0D8-8EEC-412E-ABA4-CA205DCF57DC}\RP121\A0020053.dll Infected: Trojan.Win32.BHO.nnr 1 C:\System Volume Information\_restore{AAB8C0D8-8EEC-412E-ABA4-CA205DCF57DC}\RP121\A0020094.dll Infected: Trojan.Win32.BHO.nnr 1 C:\System Volume Information\_restore{AAB8C0D8-8EEC-412E-ABA4-CA205DCF57DC}\RP121\A0020136.dll Infected: Trojan.Win32.BHO.nnr 1 The selected area was scanned. HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:49:06, on 11/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 11126 bytes
- March 11, 2009
- 11 replies
Am I still infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Hi, I followed steps 1-3 but I am apparently still unable to remove the last traces of old Java from my machine. When I try to remove it through the control panel I get a message saying "The feature you are trying to use is on a network resource that is unavailable". It seems to be trying to find a folder named "jre1.6.0_10-c-l.msi" but I have searched and I cannot find a file or folder of that name anywhere on my computer. Because of this problem I am unable to install a fresh version of Java and without Java I am unable to download the Kaspersky Online AV Scanner. Other than that, my computer seems to be behaving fine. The "System Restore" panel has come back and everything else seems to be running smoothly. Here is the latest HiJack This Log you asked for: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:48:21, on 11/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 10733 bytes
- March 11, 2009
- 11 replies
Am I still infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Hello again, I followed your instructions precisely and was able to remove Java 6 Update 7 but I cannot remove Java 6 Update 11. I just get get a message saying "Cannot delete jqs.exe: Access is denied". Here are the logs you asked for. Combofix: ComboFix 09-03-06.02 - David 2009-03-10 12:38:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1329 [GMT 0:00] Running from: c:\documents and settings\David\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\avgrsstx(2).dll c:\windows\system32\srvblck2.tmp c:\windows\system32\urhtps.dat c:\windows\system32\wmpns.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\avgrsstx(2).dll c:\windows\system32\srvblck2.tmp c:\windows\system32\urhtps.dat c:\windows\system32\wmpns.dll . ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))) . 2009-03-09 17:51 . 2009-03-09 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip 2009-03-08 21:42 . 2009-03-08 21:42 <DIR> d-------- c:\program files\Trend Micro 2009-03-08 20:33 . 2009-03-08 20:33 <DIR> d-------- c:\program files\Avira 2009-03-08 20:33 . 2009-03-08 20:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-07 21:35 . 2009-03-08 00:42 <DIR> d-------- c:\windows\system32\cock 2009-03-06 23:47 . 2009-03-07 21:37 <DIR> d-------- C:\$AVG8.VAULT$ 2009-03-06 23:29 . 2009-03-07 21:37 <DIR> d-------- c:\windows\system32\drivers\Avg(2) 2009-03-06 23:29 . 2009-03-06 23:29 <DIR> d-------- c:\program files\AVG 2009-03-06 23:29 . 2009-03-08 16:51 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR 2009-03-06 23:29 . 2009-03-06 23:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-06 15:20 . 2009-03-06 15:20 <DIR> d-------- c:\program files\JRE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-09 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-06 23:24 --------- d-----w c:\program files\Google 2009-03-06 15:20 --------- d-----w c:\program files\OpenOffice.org 3 2009-03-06 11:06 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-03-04 18:17 --------- d-----w c:\program files\epson 2009-02-27 22:12 --------- d-----w c:\documents and settings\David\Application Data\Apple Computer 2009-02-25 15:45 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-23 23:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-20 11:24 --------- d-----w c:\program files\Kensington Display Adapter 2009-01-20 11:24 --------- d-----w c:\program files\DisplayLink Core Software . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\DisplayLink Core Software ---- 2009-03-10 12:38 93819 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkService.log 2009-03-10 12:30 69329 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkManager.log 2009-03-10 12:28 96158 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkKensingtonSupport.log 2009-03-10 12:28 7213 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkKensingtonSupportAddOnApi.log 2009-03-10 12:28 57764 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkUI.log 2009-03-10 12:28 28694 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkUIAddOnApi.log 2009-03-10 12:28 0 --a------ c:\program files\DisplayLink Core Software\Debug\noName_noID.edid 2009-03-10 11:41 102475 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkManager.old.log 2009-03-10 11:41 102447 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkKensingtonSupportAddOnApi.old.log 2009-03-09 12:28 102456 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkUIAddOnApi.old.log 2009-03-08 16:10 102565 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkService.old.log 2009-03-02 11:32 102536 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkUI.old.log 2009-01-20 11:24 308 --a------ c:\program files\DisplayLink Core Software\Debug\MsiExec.log 2009-01-20 11:24 152 --a------ c:\program files\DisplayLink Core Software\Debug\Setup.log 2009-01-20 11:23 292 --a------ c:\program files\DisplayLink Core Software\Debug\fi_11867.log 2009-01-20 11:23 16696 --a------ c:\program files\DisplayLink Core Software\Debug\AddOnApi.log 2009-01-17 08:58 103097 --a------ c:\program files\DisplayLink Core Software\Debug\AddOnApi.old.log 2009-01-03 02:40 102422 --a------ c:\program files\DisplayLink Core Software\Debug\DisplayLinkKensingtonSupport.old.log 2008-12-18 16:27 9945 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkmirror.cat 2008-12-18 16:27 9911 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkga.cat 2008-12-18 16:27 836968 --a------ c:\program files\DisplayLink Core Software\AddOnApi.dll 2008-12-18 16:27 698728 --a------ c:\program files\DisplayLink Core Software\DisplayLinkDisplayAgent64.exe 2008-12-18 16:27 492904 --a------ c:\program files\DisplayLink Core Software\DisplayLinkUI.exe 2008-12-18 16:27 46258 --a------ c:\program files\DisplayLink Core Software\USBDriver\usbdriver_license.txt 2008-12-18 16:27 462184 --a------ c:\program files\DisplayLink Core Software\DLDisplayAgentHelper64.dll 2008-12-18 16:27 447848 --a------ c:\program files\DisplayLink Core Software\DisplayLinkService.exe 2008-12-18 16:27 43880 --a------ c:\program files\DisplayLink Core Software\DisplayLinkusb.dll 2008-12-18 16:27 427368 --a------ c:\program files\DisplayLink Core Software\DisplayLinkDisplayAgent32.exe 2008-12-18 16:27 41472 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkGADisp64.dll 2008-12-18 16:27 385024 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkUsbCo64.dll 2008-12-18 16:27 3478 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkMirror.inf 2008-12-18 16:27 345448 --a------ c:\program files\DisplayLink Core Software\DLDisplayAgentHelper32.dll 2008-12-18 16:27 333160 --a------ c:\program files\DisplayLink Core Software\InstallerApi.dll 2008-12-18 16:27 31232 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkgadisp.dll 2008-12-18 16:27 299008 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkusbco2.dll 2008-12-18 16:27 25088 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkMirrorDisp64.dll 2008-12-18 16:27 24576 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkGAPort64.sys 2008-12-18 16:27 2440 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkGA.inf 2008-12-18 16:27 20992 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkusbport.sys 2008-12-18 16:27 20992 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkMirrorPort64.sys 2008-12-18 16:27 20736 --a------ c:\program files\DisplayLink Core Software\AdapterDriver\DisplayLinkgaport.sys 2008-12-18 16:27 198591 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkusb.inf 2008-12-18 16:27 18944 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkmirrorport.sys 2008-12-18 16:27 16896 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkUsbPort64.sys 2008-12-18 16:27 16512 --a------ c:\program files\DisplayLink Core Software\MirrorDriver\DisplayLinkmirrordisp.dll 2008-12-18 16:27 129513 --a------ c:\program files\DisplayLink Core Software\USBDriver\DisplayLinkUsb.cat 2008-12-18 16:26 568871 --a------ c:\program files\DisplayLink Core Software\firmware_ocelot_all.ncf 2008-12-18 16:26 568867 --a------ c:\program files\DisplayLink Core Software\firmware_elpida_all.ncf 2008-12-18 16:26 4707688 --a------ c:\program files\DisplayLink Core Software\DisplayLinkManager.exe 2008-12-18 16:26 339761 --a------ c:\program files\DisplayLink Core Software\firmware_serval_all.ncf 2008-12-18 16:26 339759 --a------ c:\program files\DisplayLink Core Software\firmware_serval_v2_all.ncf 2008-12-18 16:26 339759 --a------ c:\program files\DisplayLink Core Software\firmware_lynx_all.ncf 2008-12-18 16:26 339757 --a------ c:\program files\DisplayLink Core Software\firmware_serval_v3_all.ncf 2008-12-18 16:26 15680 --a------ c:\program files\DisplayLink Core Software\End User Licence Agreement_EN.rtf 2008-10-31 11:18 142 --a------ c:\program files\DisplayLink Core Software\Debug\MSI81.log 2008-10-31 11:18 142 --a------ c:\program files\DisplayLink Core Software\Debug\MSI80.log 2008-10-31 11:16 0 --a------ c:\program files\DisplayLink Core Software\Debug\noName_IIB0000-2236.140.00000000.edid ---- Directory of c:\program files\Kensington Display Adapter ---- 2009-01-20 11:24 380 --a------ c:\program files\Kensington Display Adapter\DisplayLinkUpdater.ini 2009-01-20 11:23 13350248 --a------ c:\program files\Kensington Display Adapter\updates\4.6.16208.0\Setup.exe 2009-01-20 11:21 343 --a------ c:\program files\Kensington Display Adapter\updates\updates.aiu 2008-12-29 02:39 2364 --a------ c:\program files\Kensington Display Adapter\AddOnApi.log 2008-12-18 17:17 759616 --a------ c:\program files\Kensington Display Adapter\DisplayLinkUpdater.exe 2008-12-18 17:17 349544 --a------ c:\program files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe 2008-12-18 17:17 12014 --a------ c:\program files\Kensington Display Adapter\End User Licence Agreement_EN.rtf 2008-10-31 11:18 8217960 --a------ c:\program files\Kensington Display Adapter\updates\4.4.11867.0\Setup.exe ---- Directory of c:\windows\system32\cock ---- 2009-03-08 16:15 95 --a------ c:\windows\system32\cock\david@atdmt[1].txt 2009-03-08 16:15 318 --a------ c:\windows\system32\cock\david@ad.yieldmanager[2].txt 2009-03-08 13:41 180 --a------ c:\windows\system32\cock\david@tribalfusion[1].txt 2009-03-08 13:41 178 --a------ c:\windows\system32\cock\david@tribalfusion[2].txt 2009-03-08 13:41 115 --a------ c:\windows\system32\cock\david@doubleclick[2].txt 2009-03-08 13:38 208 --a------ c:\windows\system32\cock\david@doubleclick[1].txt 2009-03-08 13:35 94 --a------ c:\windows\system32\cock\david@atdmt[2].txt 2009-03-08 13:35 320 --a------ c:\windows\system32\cock\david@ad.yieldmanager[1].txt 2009-03-08 01:08 91 --a------ c:\windows\system32\cock\david@apmebf[1].txt 2009-03-08 01:08 394 --a------ c:\windows\system32\cock\david@fastclick[1].txt 2009-03-08 00:42 370 --a------ c:\windows\system32\cock\david@advertising[2].txt 2009-03-07 23:17 2308 --a------ c:\windows\system32\cock\david@revsci[1].txt 2009-03-07 22:47 501 --a------ c:\windows\system32\cock\david@adbrite[2].txt 2009-03-07 22:44 68 --a------ c:\windows\system32\cock\david@c7.zedo[1].txt 2009-03-07 22:44 2008 --a------ c:\windows\system32\cock\david@revsci[2].txt 2009-03-07 22:44 160 --a------ c:\windows\system32\cock\david@zedo[2].txt 2009-03-07 21:53 162 --a------ c:\windows\system32\cock\david@realmedia[2].txt ((((((((((((((((((((((((((((( SnapShot@2009-03-09_16.49.53.70 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll + 2009-03-09 17:52:16 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F66110.exe + 2009-03-09 17:52:16 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F6617.exe - 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 14:09:44 92,696 ----a-w c:\windows\system32\cdm.dll + 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll - 2008-04-14 00:12:24 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-10 03:11:20 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-08-20 05:30:51 1,499,136 -c--a-w c:\windows\system32\dllcache\shdocvw.dll + 2008-10-16 01:00:10 1,499,136 -c--a-w c:\windows\system32\dllcache\shdocvw.dll + 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll - 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys - 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2004-08-04 05:00:00 656,384 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-04-14 00:12:09 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll + 2008-06-10 06:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2008-04-14 00:12:58 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-11-07 16:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys - 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll - 2008-04-14 00:12:24 103,936 ----a-w c:\windows\system32\logagent.exe + 2008-06-10 03:11:20 103,936 ----a-w c:\windows\system32\logagent.exe + 2009-02-11 20:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe - 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll + 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll - 2009-03-09 16:47:11 80,742 ----a-w c:\windows\system32\perfc009.dat + 2009-03-10 12:27:01 80,742 ----a-w c:\windows\system32\perfc009.dat - 2009-03-09 16:47:11 449,444 ----a-w c:\windows\system32\perfh009.dat + 2009-03-10 12:27:01 449,444 ----a-w c:\windows\system32\perfh009.dat - 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\system32\shdocvw.dll + 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\system32\shdocvw.dll - 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll - 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll - 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll - 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe - 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll - 2004-08-04 05:00:00 656,384 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll - 2008-04-14 00:12:09 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-10 06:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll - 2008-04-14 00:12:58 2,109,440 ----a-w c:\windows\system32\wmvcore.dll + 2008-11-07 16:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll - 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 14:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 14:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 14:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 14:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 14:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll + 2009-03-10 12:40:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_144.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 39408] "EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-12-01 282624] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-25 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2008-01-03 49152] "eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "AdminWorks Tray"="c:\acer\LANScope Agent\awtray.exe" [2007-05-22 1459992] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-09-29 342528] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-29 198184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\quicktime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984] "nwiz"="nwiz.exe" [2007-11-28 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\David\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-01-03 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-31 17:37 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\O2\\bin\\wificfg.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DisplayLink Core Software\\DisplayLinkManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:UDP"= 9999:UDP:LANScope UDP Port "2804:TCP"= 2804:TCP:LANScope TCP Port R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-08-25 26768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-12-18 447848] R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-06-09 17664] R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-06-07 90112] R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?] R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-03 18072] R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-05-30 14616] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-06-13 15640] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-09 10944] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2008-12-18 20736] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2008-12-18 18944] R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-01-20 20992] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976] S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2008-09-20 81920] . Contents of the 'Scheduled Tasks' folder 2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/?fr=fptb-acer uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://en.uk.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://en.uk.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-10 12:40:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\LANScope Agent\awServ.exe c:\program files\DisplayLink Core Software\DisplayLinkManager.exe c:\program files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe c:\program files\DisplayLink Core Software\DisplayLinkUI.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Empowering Technology\eLock\LockServ.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\acer\LANScope Agent\lockkm.exe c:\windows\system32\rundll32.exe c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\iPod\bin\iPodService.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-03-10 12:41:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-10 12:41:54 Pre-Run: 135,698,661,376 bytes free Post-Run: 135,687,467,008 bytes free 372 --- E O F --- 2009-03-09 16:52:45 MBAM: Malwarebytes' Anti-Malware 1.34 Database version: 1831 Windows 5.1.2600 Service Pack 3 10/03/2009 13:30:26 mbam-log-2009-03-10 (13-30-26).txt Scan type: Quick Scan Objects scanned: 72502 Time elapsed: 1 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:34:49, on 10/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 11853 bytes
- March 10, 2009
- 11 replies
Am I still infected?

DavidC replied to DavidC's topic in Resolved Malware Removal Logs

Hi again, Thanks for your reply. I followed your instructions and I am now able to access websites normally. Here are the logs you asked for. ComboFix: ComboFix 09-03-06.02 - David 2009-03-09 16:46:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1362 [GMT 0:00] Running from: c:\documents and settings\david\desktop\combofix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cks c:\windows\system32\cks\david@ad.yieldmanager[1].txt c:\windows\system32\cks\david@ad.yieldmanager[2].txt c:\windows\system32\cks\david@apmebf[1].txt c:\windows\system32\cks\david@atdmt[1].txt c:\windows\system32\cks\david@atdmt[2].txt c:\windows\system32\cks\david@avgtechnologies.112.2o7[1].txt c:\windows\system32\cks\david@doubleclick[1].txt c:\windows\system32\cks\david@doubleclick[2].txt c:\windows\system32\cks\david@trinitymirror.112.2o7[1].txt c:\windows\system32\dtw5d c:\windows\system32\dtw5d\avnotify_UAs001.dat c:\windows\system32\dtw5d\DisplayLinkUpdater_UAs001.dat c:\windows\system32\dtw5d\Explorer_UAs003.dat c:\windows\system32\dtw5d\jre-6u12-windows-i586-p-iftw[1]_UAs001.dat c:\windows\system32\dtw5d\jre-6u12-windows-i586-p-iftw[1]_UAs002.dat c:\windows\system32\dtw5d\jusched_UAs001.dat c:\windows\system32\dtw5d\netbanke_2009.03.08.041505_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.041505_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.055948_david@ad.yieldmanager[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.055948_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.060028_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.064313_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.065126_david@ad.yieldmanager[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.065126_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.065731_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.065851_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.071036_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.074941_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.075241_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.092559_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.094854_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.102109_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.08.114314_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.010316_david@doubleclick[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.015451_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.015451_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.034152_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.034152_david@doubleclick[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.035613_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044623_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044623_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044623_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044628_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044628_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044628_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044633_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044633_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044633_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044638_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044638_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044638_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044643_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044643_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044643_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044648_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044648_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044648_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044653_david@ad.yieldmanager[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044653_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.044653_david@doubleclick[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.123126_david@ad.yieldmanager[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.123126_david@atdmt[1].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.125101_david@atdmt[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.125319_david@doubleclick[2].txt c:\windows\system32\dtw5d\netbanke_2009.03.09.125414_david@doubleclick[1].txt c:\windows\system32\dtw5d\update_UAs001.dat c:\windows\system32\korlg.ini c:\windows\system32\ldshyr.old c:\windows\system32\nwklr.ini c:\windows\system32\nwpp.ini c:\windows\system32\nwwlnt.ini c:\windows\system32\powrprof(2).dll c:\windows\system32\ppdnp.ini c:\windows\system32\pporlg.ini c:\windows\system32\srvblck.tmp c:\windows\system32\UAs c:\windows\system32\UAs\avnotify_UAs001.dat c:\windows\system32\UAs\bcont_nm_UAs001.dat c:\windows\system32\UAs\DisplayLinkUpdater_UAs001.dat c:\windows\system32\UAs\Explorer_UAs001.dat c:\windows\system32\UAs\Explorer_UAs002.dat c:\windows\system32\UAs\Explorer_UAs003.dat c:\windows\system32\UAs\GoogleToolbarManager_0531C63A913CC9D1_UAs001.dat c:\windows\system32\UAs\googletoolbarnotifier_UAs001.dat c:\windows\system32\UAs\googletoolbarnotifier_UAs002.dat c:\windows\system32\UAs\GoogleUpdater_UAs001.dat c:\windows\system32\UAs\gtbF.tmp_UAs001.dat c:\windows\system32\UAs\iexplore_UAs001.dat c:\windows\system32\UAs\iexplore_UAs002.dat c:\windows\system32\UAs\iexplore_UAs003.dat c:\windows\system32\UAs\iexplore_UAs004.dat c:\windows\system32\UAs\iexplore_UAs005.dat c:\windows\system32\UAs\jre-6u12-windows-i586-p-iftw[1]_UAs001.dat c:\windows\system32\UAs\jre-6u12-windows-i586-p-iftw[1]_UAs002.dat c:\windows\system32\UAs\jusched_UAs001.dat c:\windows\system32\UAs\mbam_UAs001.dat c:\windows\system32\UAs\mbam_UAs002.dat c:\windows\system32\UAs\sprtcmd_UAs001.dat c:\windows\system32\UAs\sprtsvc_UAs001.dat c:\windows\system32\UAs\ssupdate_UAs001.dat c:\windows\system32\UAs\superantispyware_UAs001.dat c:\windows\system32\UAs\superantispyware_UAs002.dat c:\windows\system32\UAs\svchost_UAs001.dat c:\windows\system32\UAs\update_UAs001.dat c:\windows\system32\UAs\WgaTray_UAs001.dat c:\windows\system32\windmlp.ini c:\windows\system32\wininet(2).dll c:\windows\system32\worlg.ini Infected copy of c:\windows\system32\powrprof.dll was found and disinfected Restored copy from - c:\windows\$NtServicePackUninstall$\powrprof.dll Infected copy of c:\windows\system32\wininet.dll was found and disinfected Restored copy from - c:\windows\$NtUninstallKB867282$\wininet.dll Infected copy of c:\windows\system32\kernel32.dll was found and disinfected Restored copy from - c:\windows\$NtUninstallKB935839$\kernel32.dll . ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))) . 2009-03-08 21:42 . 2009-03-08 21:42 <DIR> d-------- c:\program files\Trend Micro 2009-03-08 20:33 . 2009-03-08 20:33 <DIR> d-------- c:\program files\Avira 2009-03-08 20:33 . 2009-03-08 20:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-08 18:50 . 2008-07-19 05:09 1,811,656 --a------ c:\windows\system32\wuaueng.dll 2009-03-08 18:50 . 2008-07-19 05:09 563,912 --a------ c:\windows\system32\wuapi.dll 2009-03-08 18:50 . 2008-07-19 05:09 325,832 --a------ c:\windows\system32\wucltui.dll 2009-03-08 18:50 . 2008-07-19 05:09 215,752 --a------ c:\windows\system32\wuaucpl.cpl 2009-03-08 18:50 . 2008-07-19 05:09 205,000 --a------ c:\windows\system32\wuweb.dll 2009-03-08 18:50 . 2008-07-19 05:10 94,920 --a------ c:\windows\system32\cdm.dll 2009-03-08 18:50 . 2008-07-19 05:10 53,448 --a------ c:\windows\system32\wuauclt.exe 2009-03-08 18:50 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll 2009-03-08 18:50 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll 2009-03-08 18:50 . 2008-10-16 14:08 34,328 --a--c--- c:\windows\system32\dllcache\wups.dll 2009-03-08 00:52 . 2009-03-09 15:41 293 --a------ c:\windows\system32\urhtps.dat 2009-03-07 21:35 . 2009-03-08 00:42 <DIR> d-------- c:\windows\system32\cock 2009-03-07 21:35 . 2009-03-07 21:35 112 --a------ c:\windows\system32\srvblck2.tmp 2009-03-06 23:47 . 2009-03-07 21:37 <DIR> d-------- C:\$AVG8.VAULT$ 2009-03-06 23:29 . 2009-03-07 21:37 <DIR> d-------- c:\windows\system32\drivers\Avg(2) 2009-03-06 23:29 . 2009-03-06 23:29 <DIR> d-------- c:\program files\AVG 2009-03-06 23:29 . 2009-03-08 16:51 <DIR> d-------- c:\documents and settings\David\Application Data\AVGTOOLBAR 2009-03-06 23:29 . 2009-03-06 23:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-06 23:29 . 2009-03-06 23:29 10,520 --a------ c:\windows\system32\avgrsstx(2).dll 2009-03-06 15:20 . 2009-03-06 15:20 <DIR> d-------- c:\program files\JRE 2009-03-03 18:45 . 2008-04-14 00:12 221,184 --a------ c:\windows\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-08 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-06 23:24 --------- d-----w c:\program files\Google 2009-03-06 15:20 --------- d-----w c:\program files\OpenOffice.org 3 2009-03-06 11:06 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-03-04 18:17 --------- d-----w c:\program files\epson 2009-02-27 22:12 --------- d-----w c:\documents and settings\David\Application Data\Apple Computer 2009-02-25 15:45 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-23 23:19 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-20 11:24 --------- d-----w c:\program files\Kensington Display Adapter 2009-01-20 11:24 --------- d-----w c:\program files\DisplayLink Core Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 39408] "EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" [2007-12-01 282624] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-25 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-28 81920] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2008-01-03 49152] "eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "AdminWorks Tray"="c:\acer\LANScope Agent\awtray.exe" [2007-05-22 1459992] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-09-29 342528] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-29 198184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\quicktime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2007-11-28 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\David\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-01-03 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-31 17:37 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\O2\\bin\\wificfg.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"= "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DisplayLink Core Software\\DisplayLinkManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:UDP"= 9999:UDP:LANScope UDP Port "2804:TCP"= 2804:TCP:LANScope TCP Port R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-08-25 26768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [2008-12-18 447848] R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-06-09 17664] R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-06-07 90112] R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?] R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-03 18072] R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-05-30 14616] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-06-13 15640] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-09 10944] R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2008-12-18 20736] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2008-12-18 18944] R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-01-20 20992] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?] S2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976] S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2008-09-20 81920] . Contents of the 'Scheduled Tasks' folder 2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-installnet.exe - c:\acer\LANScope Agent\Installnet.exe HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/?fr=fptb-acer uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://en.uk.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://en.uk.acer.yahoo.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 16:48:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(716) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\DisplayLink Core Software\DisplayLinkManager.exe c:\windows\system32\rundll32.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe c:\acer\LANScope Agent\awServ.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe c:\program files\DisplayLink Core Software\DisplayLinkUI.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Empowering Technology\eLock\LockServ.exe c:\acer\LANScope Agent\lockkm.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-09 16:50:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-09 16:50:23 Pre-Run: 135,583,809,536 bytes free Post-Run: 135,805,173,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 327 --- E O F --- 2008-11-12 10:32:55 Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:22, on 09/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 13314 bytes DDS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:22, on 09/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\LANScope Agent\awtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\O2\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 13314 bytes Boot Log: Service Pack 3 3 9 2009 17:26:21.359 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver UBHelper.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\nvsmu.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\NTIDrvr.sys Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\nvnetbus.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys Loaded driver \SystemRoot\system32\DRIVERS\DisplayLinkGAport.sys Loaded driver \SystemRoot\system32\DRIVERS\DisplayLinkmirrorport.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\DRIVERS\NVENETFD.sys Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Did not load driver \SystemRoot\System32\Drivers\Mpfp.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\ssmdrv.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Did not load driver \SystemRoot\system32\drivers\mfehidk.sys Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\avipbb.sys Loaded driver \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys Loaded driver \SystemRoot\system32\DRIVERS\DisplayLinkUsbPort.sys Loaded driver \SystemRoot\System32\Drivers\AF15BDA.sys Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \??\C:\WINDOWS\system32\drivers\int15.sys Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\drivers\netlimiter.sys Loaded driver \??\C:\WINDOWS\system32\drivers\netlock.sys Loaded driver \??\C:\WINDOWS\system32\drivers\osaio.sys Loaded driver \??\C:\WINDOWS\system32\drivers\osanbm.sys Loaded driver \??\C:\WINDOWS\system32\drivers\tvicport.sys Loaded driver \??\C:\WINDOWS\system32\drivers\zntport.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \??\C:\WINDOWS\system32\Drivers\psdfilter.sys Loaded driver \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys Loaded driver \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys Loaded driver \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS Loaded driver \SystemRoot\system32\drivers\kmixer.sys I have also included the Attach.txt as a zip file as directed. Thanks again for all your help. Attach.zip Attach.zip
- March 9, 2009
- 11 replies
Am I still infected?

DavidC posted a topic in Resolved Malware Removal Logs

Hi, I have been plagued by malware for the last 2 days. The first I knew of it was when my computer restarted itself for no apparent reason while I was browsing the web. This made me nervous so I ran scans with both Malwarebytes Anti-Malware and SuperAntiSpyware and between them they found a whole bunch of nasty stuff including multiple pieces of Vundo Variant adware and something called spyware.banker. I also did a scan with Avira AntiVir that found something called tr.trash/gen trojan. I thought I had managed to get rid of all the malware on my machine but as soon as I fired up Internet Explorer it all came flooding back. In desperation I tried using System Restore to reset my computer to the way it was a week ago but I am not entirely sure if the operation completed successfully as the System Restore menu is now unavailable to me - I just get a blank window. I have run further scans using both MBAM and SAS and they have both come up clean but my computer still seems to be running much more slowly than it should and I am unable to access certain websites such as my bank and email account. Also Java seems to have disappeared from my computer for some reason and it refuses to let me download a new version. I am hoping that one of you kind people will be able to take a look at my logs and tell me whether I still have a virus lurking on my machine somewhere or whether I have simply managed to screw up my computer through my own efforts at dealing with the problem. Here is the MBAM log: Malwarebytes' Anti-Malware 1.34 Database version: 1815 Windows 5.1.2600 Service Pack 3 08/03/2009 23:33:09 mbam-log-2009-03-08 (23-33-09).txt Scan type: Quick Scan Objects scanned: 74162 Time elapsed: 1 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:31, on 08/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\windows\system32\rundll32.exe c:\windows\rthdcpl.exe c:\program files\cyberlink\powerdvd\pdvdserv.exe c:\windows\system32\sysmonitor.exe c:\acer\empowering technology\erecovery\eragent.exe c:\acer\lanscope agent\awtray.exe c:\acer\empowering technology\elock\monitor\lockmon.exe c:\acer\empowering technology\edatasecurity\edsloader.exe c:\program files\o2\bin\sprtcmd.exe c:\program files\itunes\ituneshelper.exe c:\program files\java\jre6\bin\jusched.exe c:\program files\avira\antivir personaledition classic\avgnt.exe c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe c:\windows\system32\spool\drivers\w32x86\3\e_fatieje.exe c:\windows\system32\ctfmon.exe c:\program files\blazevideo\blazedtv 2.5a\mediadetector.exe c:\program files\superantispyware\superantispyware.exe c:\acer\empowering technology\acer.empowering.framework.launcher.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe c:\program files\openoffice.org 3\program\soffice.exe c:\program files\openoffice.org 3\program\soffice.bin C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\O2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Acer\LANScope Agent\LockKM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe c:\program files\internet explorer\iexplore.exe c:\program files\trend micro\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fptb-acer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (file missing) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [installnet.exe] "C:\Acer\LANScope Agent\Installnet.exe" "C:\Acer\LANScope Agent\ O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [zogowojala] Rundll32.exe "C:\WINDOWS\system32\pokarisu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [zogowojala] Rundll32.exe "C:\WINDOWS\system32\pokarisu.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 13604 bytes I would greatly appreciate any help you can give me.
- March 8, 2009
- 11 replies

Sign In

DavidC

Posts

Joined

Last visited

Reputation

Is my machine infected?

Is my machine infected?

Is my machine infected?

Is my machine infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information