Jump to content

tekkfall

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. tekkfall
    An error occurred when I tried to run the script. It the said CSF or CFS script (either or), was incorrectly spelt and didn't run.
  2. tekkfall
    ComboFix 09-02-06.04 - Dan Tilley 2009-02-08 0:08:47.4 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.237 [GMT -8:00] Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe Command switches used :: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) FW: Sygate Personal Firewall *disabled* FW: ZoneAlarm Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))) . 2009-02-06 17:06 . 2004-10-15 18:17 60,496 --a------ e:\windows\system32\drivers\Teefer.sys 2009-02-06 17:06 . 2004-10-15 18:18 21,075 --a------ e:\windows\system32\drivers\wpsdrvnt.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg6n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg5n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg4n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg3n.sys 2009-02-06 17:05 . 2009-02-06 17:05 <DIR> d-------- e:\program files\Sygate 2009-02-06 17:05 . 2004-10-15 18:32 83,096 --a------ e:\windows\system32\SSSensor.dll 2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES8A.tmp 2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES88.tmp 2009-02-06 14:13 . 2009-02-06 14:13 <DIR> d-------- e:\program files\Java 2009-02-06 14:13 . 2009-02-06 14:13 410,984 --a------ e:\windows\system32\deploytk.dll 2009-02-06 13:03 . 2009-02-06 13:03 <DIR> d--hs---- E:\FOUND.001 2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes 2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro 2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira 2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET 2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire 2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys 2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment 2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe 2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys 2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools 2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft 2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll 2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour 2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H 2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner 2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000 2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys 2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys 2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys 2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys 2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP 2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe 2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi 2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll 2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe 2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active 2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe 2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat 2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS 2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe 2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents 2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing 2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 21:12 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe 2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll 2009-01-06 13:41 --------- d-----w e:\program files\NT Registry Optimizer 2009-01-06 13:08 --------- d-----w e:\program files\Defraggler 2009-01-06 13:05 --------- d-----w e:\program files\Spybot - Search & Destroy 2009-01-06 12:20 --------- d-----w e:\program files\Microsoft Silverlight 2009-01-06 08:12 10,070 ----a-w e:\windows\system32\msrep32.dll 2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo 2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo 2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll 2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo 2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009 2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP 2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll 2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll 2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll 2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe 2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-05_21.09.50.42 ))))))))))))))))))))))))))))))))))))))))) . - 2004-07-15 19:23:44 626,688 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 19:23:44 327,680 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-10-16 02:31:58 99,480 ----a-w e:\windows\system32\FwsVpn.dll - 2007-09-25 06:30:28 135,168 ----a-w e:\windows\system32\java.exe + 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\java.exe - 2007-09-25 06:30:30 135,168 ----a-w e:\windows\system32\javaw.exe + 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\javaw.exe - 2007-09-25 07:31:42 139,264 ----a-w e:\windows\system32\javaws.exe + 2009-02-06 22:13:26 148,888 ----a-w e:\windows\system32\javaws.exe + 2004-10-16 02:31:56 218,264 ----a-w e:\windows\system32\SetAid.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SmcService"="e:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=e:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] e:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-02-06 14:13 136600 e:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BOCore"=2 (0x2) "ose"=3 (0x3) "Messenger"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) "vsmon"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "SupportSoft RemoteAssist"=3 (0x3) "WLSetupSvc"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "idsvc"=3 (0x3) "sdAuxService"=2 (0x2) "sdCoreService"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "wscsvc"=2 (0x2) "wuauserv"=2 (0x2) "srservice"=2 (0x2) "VideoAcceleratorService"=2 (0x2) "usnjsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "WinDefend"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "gusvc"=3 (0x3) "ASKService"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Lavasoft Ad-Aware Service"=2 (0x2) "LiveTurbineMessageService"=3 (0x3) "LiveTurbineNetworkService"=3 (0x3) "JavaQuickStarterService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Office12\\OUTLOOK.EXE"= "c:\\Office12\\groove.exe"= "c:\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= "e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"= "d:\\Turbine Download Manager\\TurbineNetworkService.exe"= "d:\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16881:UDP"= 16881:UDP:rty "62048:TCP"= 62048:TCP:Utor "62048:UDP"= 62048:UDP:utor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160] R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 ekrn;Eset Service;"e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?] S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472] S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608] S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?] S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 00:12:46 Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(908) e:\program files\SUPERAntiSpyware\SASWINLO.dll e:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-08 0:15:29 ComboFix-quarantined-files.txt 2009-02-08 08:15:24 ComboFix4.txt 2009-02-06 05:10:58 ComboFix3.txt 2009-02-06 20:48:34 ComboFix2.txt 2009-02-07 09:24:26 Pre-Run: 7,888,125,952 bytes free Post-Run: 7,866,302,464 bytes free Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 284 --- E O F --- 2008-12-20 07:40:26
  3. tekkfall
    I did the boot scan and it found no problems, just alot of warnings. Pertaining to unable to remove certain files or something. I couldn't copy/paste the log so sorry for being vague.
  4. tekkfall
    just to clarify...after I burn this to the cd, what should happen? Anything else I need to do, like post some more logs?
  5. tekkfall
    The first command line didnt work. Second one worked and disk check found no errors. Even after the removal tools, the combofix still detected eset and avg still on the system /sigh. ComboFix 09-02-06.02 - Dan Tilley 2009-02-07 1:19:57.3 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.114 [GMT -8:00] Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) FW: Sygate Personal Firewall *enabled* FW: ZoneAlarm Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-06 17:06 . 2004-10-15 18:17 60,496 --a------ e:\windows\system32\drivers\Teefer.sys 2009-02-06 17:06 . 2004-10-15 18:18 21,075 --a------ e:\windows\system32\drivers\wpsdrvnt.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg6n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg5n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg4n.sys 2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg3n.sys 2009-02-06 17:05 . 2009-02-06 17:05 <DIR> d-------- e:\program files\Sygate 2009-02-06 17:05 . 2004-10-15 18:32 83,096 --a------ e:\windows\system32\SSSensor.dll 2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES8A.tmp 2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES88.tmp 2009-02-06 14:13 . 2009-02-06 14:13 <DIR> d-------- e:\program files\Java 2009-02-06 14:13 . 2009-02-06 14:13 410,984 --a------ e:\windows\system32\deploytk.dll 2009-02-06 13:03 . 2009-02-06 13:03 <DIR> d--hs---- E:\FOUND.001 2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes 2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro 2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira 2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET 2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire 2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys 2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment 2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe 2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys 2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools 2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft 2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll 2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour 2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H 2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner 2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000 2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys 2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys 2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys 2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys 2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP 2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe 2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi 2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll 2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe 2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active 2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe 2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat 2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS 2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe 2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents 2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing 2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 21:12 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe 2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll 2009-01-06 13:41 --------- d-----w e:\program files\NT Registry Optimizer 2009-01-06 13:08 --------- d-----w e:\program files\Defraggler 2009-01-06 13:05 --------- d-----w e:\program files\Spybot - Search & Destroy 2009-01-06 12:20 --------- d-----w e:\program files\Microsoft Silverlight 2009-01-06 08:12 10,070 ----a-w e:\windows\system32\msrep32.dll 2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo 2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo 2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll 2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo 2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009 2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP 2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll 2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll 2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll 2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe 2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-05_21.09.50.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-07 01:05:58 4,608 ----a-r e:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe - 2004-07-15 19:23:44 626,688 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-07-15 19:23:44 327,680 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2004-10-16 02:31:58 99,480 ----a-w e:\windows\system32\FwsVpn.dll - 2007-09-25 06:30:28 135,168 ----a-w e:\windows\system32\java.exe + 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\java.exe - 2007-09-25 06:30:30 135,168 ----a-w e:\windows\system32\javaw.exe + 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\javaw.exe - 2007-09-25 07:31:42 139,264 ----a-w e:\windows\system32\javaws.exe + 2009-02-06 22:13:26 148,888 ----a-w e:\windows\system32\javaws.exe + 2004-10-16 02:31:56 218,264 ----a-w e:\windows\system32\SetAid.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SmcService"="e:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=e:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] e:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-02-06 14:13 136600 e:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BOCore"=2 (0x2) "ose"=3 (0x3) "Messenger"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) "vsmon"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "SupportSoft RemoteAssist"=3 (0x3) "WLSetupSvc"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "idsvc"=3 (0x3) "sdAuxService"=2 (0x2) "sdCoreService"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "wscsvc"=2 (0x2) "wuauserv"=2 (0x2) "srservice"=2 (0x2) "VideoAcceleratorService"=2 (0x2) "usnjsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "WinDefend"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "gusvc"=3 (0x3) "ASKService"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Lavasoft Ad-Aware Service"=2 (0x2) "LiveTurbineMessageService"=3 (0x3) "LiveTurbineNetworkService"=3 (0x3) "JavaQuickStarterService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Office12\\OUTLOOK.EXE"= "c:\\Office12\\groove.exe"= "c:\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= "e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"= "d:\\Turbine Download Manager\\TurbineNetworkService.exe"= "d:\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16881:UDP"= 16881:UDP:rty "62048:TCP"= 62048:TCP:Utor "62048:UDP"= 62048:UDP:utor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160] R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 ekrn;Eset Service;"e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?] S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472] S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608] S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?] S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - SMCSERVICE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-swg - e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-07 01:22:24 Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1508) e:\program files\SUPERAntiSpyware\SASWINLO.dll e:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-07 1:24:22 ComboFix-quarantined-files.txt 2009-02-07 09:24:16 ComboFix3.txt 2009-02-06 05:10:58 ComboFix2.txt 2009-02-06 20:48:34 Pre-Run: 8,016,232,448 bytes free Post-Run: 8,029,323,264 bytes free Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 287 --- E O F --- 2008-12-20 07:40:26
  6. tekkfall
    I cannot locate that folder you specified. I put it in the search box, but I got legit looking files that i normal use, instead of those weird symbols in the file name. I also downloaded the Eset and AVG removal tools to get rid of those two.
  7. tekkfall
    Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 5.1.2600 Service Pack 3, v.3311 2/6/2009 12:56:01 PM mbam-log-2009-02-06 (12-56-01).txt Scan type: Quick Scan Objects scanned: 55438 Time elapsed: 5 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:06:20 PM, on 2/6/2009 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- End of file - 3903 bytes I don't know if you need the combofix log, but here it is. ComboFix 09-02-06.01 - Dan Tilley 2009-02-06 12:44:16.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.223 [GMT -8:00] Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) FW: ZoneAlarm Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-05 07:43 . 2009-02-05 07:43 <DIR> d-------- e:\program files\Google 2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes 2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro 2009-02-04 18:53 . 2009-02-04 18:53 <DIR> d-------- e:\program files\Opera 2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira 2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg 2009-01-28 22:51 . 2008-03-03 18:21 568 --ah----- e:\windows\nod32fixtemdono.reg 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\program files\ESET 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET 2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire 2009-01-28 22:05 . 2009-01-28 22:05 <DIR> d-------- e:\program files\iolo 2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys 2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\iolo 2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment 2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe 2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys 2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools 2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft 2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll 2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour 2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H 2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo! 2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000 2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\PC Tools 2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys 2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys 2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys 2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys 2009-01-19 19:15 . 2009-01-19 19:15 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo 2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP 2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe 2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi 2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll 2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe 2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active 2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe 2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat 2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS 2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe 2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents 2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing 2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft 2009-01-06 05:41 . 2009-01-06 05:41 <DIR> d-------- e:\program files\NT Registry Optimizer 2009-01-06 05:08 . 2009-01-06 05:08 <DIR> d-------- e:\program files\Defraggler 2009-01-06 05:05 . 2009-01-06 05:05 <DIR> d-------- e:\program files\Spybot - Search & Destroy 2009-01-06 04:20 . 2009-01-06 04:20 <DIR> d-------- e:\program files\Microsoft Silverlight 2009-01-06 03:42 . 2009-01-06 03:42 <DIR> d-------- e:\windows\system32\URTTEMP 2009-01-06 00:28 . 2006-01-01 01:04 10,027 --a------ e:\windows\system32\mspriv32.dll 2009-01-06 00:12 . 2009-01-06 00:12 10,070 --a------ e:\windows\system32\msrep32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 07:26 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe 2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll 2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo 2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo 2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll 2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo 2008-12-21 05:13 --------- d-----w e:\documents and settings\Dan Tilley\Application Data\TuneUp Software 2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009 2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP 2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll 2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll 2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll 2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe 2008-11-06 16:35 200,704 ----a-w e:\windows\system32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w e:\windows\system32\libdivx.dll 2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="e:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-02-12 169984] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=e:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] e:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2009-02-05 07:43 171448 e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BOCore"=2 (0x2) "ose"=3 (0x3) "Messenger"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) "vsmon"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "SupportSoft RemoteAssist"=3 (0x3) "WLSetupSvc"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "idsvc"=3 (0x3) "sdAuxService"=2 (0x2) "sdCoreService"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "wscsvc"=2 (0x2) "wuauserv"=2 (0x2) "srservice"=2 (0x2) "VideoAcceleratorService"=2 (0x2) "usnjsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "WinDefend"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "gusvc"=3 (0x3) "ASKService"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Lavasoft Ad-Aware Service"=2 (0x2) "LiveTurbineMessageService"=3 (0x3) "LiveTurbineNetworkService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Office12\\OUTLOOK.EXE"= "c:\\Office12\\groove.exe"= "c:\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= "e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"= "d:\\Turbine Download Manager\\TurbineNetworkService.exe"= "d:\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16881:UDP"= 16881:UDP:rty "62048:TCP"= 62048:TCP:Utor "62048:UDP"= 62048:UDP:utor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160] R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys --> e:\windows\system32\Drivers\avgldx86.sys [?] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe --> e:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S4 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048] S4 ioloSystemService;iolo System Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472] S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608] S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?] S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?] --- Other Services/Drivers In Memory --- *Deregistered* - PAGEDFRG [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SunJavaUpdateSched - e:\program files\Java\jre1.6.0_03\bin\jusched.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 12:46:46 Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI scanning hidden processes ... e:\windows\explorer.exe [908] 0x832445C0 scanning hidden autostart entries ... scanning hidden files ... e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\P 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\y 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\' 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\w 6045696 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\" 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7815168 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\y 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\k 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\D 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 5718016 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 4472832 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 4341760 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\B 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\N 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6766592 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2703360 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5128192 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\- 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 2965504 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 4669440 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7749632 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 5128192 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 5128192 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 7749632 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 4472832 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\O 4538368 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2244608 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\; 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 4472832 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7356416 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\W 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 4472832 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 4538368 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 4538368 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 5390336 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3751936 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\N 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3751936 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3489792 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2703360 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5128192 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\- 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 2965504 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 5193728 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\P 6569984 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3751936 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 7487488 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4472832 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 3489792 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 2572288 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 5783552 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 5390336 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\D 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 6569984 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 6242304 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 4538368 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 4538368 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 6766592 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3620864 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3358720 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 671744 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 4407296 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3162112 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 5390336 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 7225344 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 5390336 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3686400 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 2113536 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3817472 bytes e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\\ 7290880 bytes scan completed successfully hidden files: 482 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1100) e:\program files\SUPERAntiSpyware\SASWINLO.dll e:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-06 12:48:31 ComboFix-quarantined-files.txt 2009-02-06 20:48:30 ComboFix2.txt 2009-02-06 05:10:58 Pre-Run: 7,993,835,520 bytes free Post-Run: 7,998,619,648 bytes free Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 756 --- E O F --- 2008-12-20 07:40:26
  8. tekkfall
    Excuse my poor forum etiquette, I apologize. Here is the combofix log. ComboFix 09-02-05.01 - Dan Tilley 2009-02-05 21:07:34.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.293 [GMT -8:00] Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) FW: ZoneAlarm Firewall *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\system32\drivers\TDSSserv.sys e:\windows\system32\tdssadw.dll e:\windows\system32\TDSSerrors.log e:\windows\system32\tdssinit.dll e:\windows\system32\TDSSl.dll e:\windows\system32\TDSSlog.dll e:\windows\system32\tdssmain.dll e:\windows\system32\TDSSserf.dll e:\windows\system32\TDSSserf1.dll e:\windows\system32\TDSSservers.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv -------\Legacy_TDSSserv ((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-05 07:43 . 2009-02-05 07:43 <DIR> d-------- e:\program files\Google 2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes 2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro 2009-02-04 18:53 . 2009-02-04 18:53 <DIR> d-------- e:\program files\Opera 2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira 2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira 2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg 2009-01-28 22:51 . 2008-03-03 18:21 568 --ah----- e:\windows\nod32fixtemdono.reg 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\program files\ESET 2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET 2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire 2009-01-28 22:05 . 2009-01-28 22:05 <DIR> d-------- e:\program files\iolo 2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys 2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\iolo 2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment 2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com 2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe 2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys 2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools 2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft 2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll 2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple 2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour 2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works 2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H 2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner 2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo! 2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000 2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\PC Tools 2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys 2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys 2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys 2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys 2009-01-19 19:15 . 2009-01-19 19:15 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo 2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP 2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe 2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi 2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll 2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe 2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active 2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe 2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat 2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS 2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe 2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents 2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing 2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft 2009-01-06 05:41 . 2009-01-06 05:41 <DIR> d-------- e:\program files\NT Registry Optimizer 2009-01-06 05:08 . 2009-01-06 05:08 <DIR> d-------- e:\program files\Defraggler 2009-01-06 05:05 . 2009-01-06 05:05 <DIR> d-------- e:\program files\Spybot - Search & Destroy 2009-01-06 04:20 . 2009-01-06 04:20 <DIR> d-------- e:\program files\Microsoft Silverlight 2009-01-06 03:42 . 2009-01-06 03:42 <DIR> d-------- e:\windows\system32\URTTEMP 2009-01-06 00:28 . 2006-01-01 01:04 10,027 --a------ e:\windows\system32\mspriv32.dll 2009-01-06 00:12 . 2009-01-06 00:12 10,070 --a------ e:\windows\system32\msrep32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 07:26 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe 2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll 2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo 2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo 2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll 2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo 2008-12-21 05:13 --------- d-----w e:\documents and settings\Dan Tilley\Application Data\TuneUp Software 2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009 2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software 2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP 2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll 2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll 2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll 2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe 2008-11-06 16:35 200,704 ----a-w e:\windows\system32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w e:\windows\system32\libdivx.dll 2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-14 34880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=e:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] e:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 e:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2009-02-05 07:43 171448 e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BOCore"=2 (0x2) "ose"=3 (0x3) "Messenger"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "aawservice"=2 (0x2) "vsmon"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "SupportSoft RemoteAssist"=3 (0x3) "WLSetupSvc"=3 (0x3) "odserv"=3 (0x3) "MDM"=2 (0x2) "idsvc"=3 (0x3) "sdAuxService"=2 (0x2) "sdCoreService"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "wscsvc"=2 (0x2) "wuauserv"=2 (0x2) "srservice"=2 (0x2) "VideoAcceleratorService"=2 (0x2) "usnjsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "WinDefend"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "gusvc"=3 (0x3) "ASKService"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Lavasoft Ad-Aware Service"=2 (0x2) "LiveTurbineMessageService"=3 (0x3) "LiveTurbineNetworkService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Office12\\OUTLOOK.EXE"= "c:\\Office12\\groove.exe"= "c:\\Office12\\ONENOTE.EXE"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= "e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"= "d:\\Turbine Download Manager\\TurbineNetworkService.exe"= "d:\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16881:UDP"= 16881:UDP:rty "62048:TCP"= 62048:TCP:Utor "62048:UDP"= 62048:UDP:utor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160] R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys --> e:\windows\system32\Drivers\avgldx86.sys [?] S3 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472] S3 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608] S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe --> e:\progra~1\AVG\AVG8\avgwdsvc.exe [?] S4 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048] S4 ioloSystemService;iolo System Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?] S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - I:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46] . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) MSConfigStartUp-AdobeUpdater - e:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe MSConfigStartUp-Aim6 - e:\program files\AIM6\aim6.exe MSConfigStartUp-AppleSyncNotifier - e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-AVG7_CC - e:\progra~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-AVG8_TRAY - e:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-BOC-425 - e:\progra~1\Comodo\CBOClean\BOC425.exe MSConfigStartUp-PC Connection Agent - e:\program files\Microsoft ActiveSync\wcescomm.exe MSConfigStartUp-HP Software Update - e:\program files\HP\HP Software Update\HPWuSchd2.exe MSConfigStartUp-Let's Just Play Challenge Tracker - e:\program files\Let's Just Play Challenge Tracker\Let's Just Play Challenge Tracker.exe MSConfigStartUp-MSMSGS - e:\program files\Messenger\msmsgs.exe MSConfigStartUp-MySpaceIM - e:\program files\MySpace\IM\MySpaceIM.exe MSConfigStartUp-realteke - e:\documents and settings\Dan Tilley\Application Data\Google\cijwg16225165.exe MSConfigStartUp-SDTray - e:\program files\Spyware Doctor\SDTrayApp.exe MSConfigStartUp-SpeedBitVideoAccelerator - e:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe MSConfigStartUp-TkBellExe - e:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-TrojanScanner - e:\program files\Trojan Remover\Trjscan.exe MSConfigStartUp-Veoh - e:\program files\Veoh Networks\Veoh\VeohClient.exe MSConfigStartUp-ZoneAlarm Client - e:\program files\Zone Labs\ZoneAlarm\zlclient.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = localhost:9095 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-05 21:09:33 Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1100) e:\program files\SUPERAntiSpyware\SASWINLO.dll e:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-05 21:10:56 ComboFix-quarantined-files.txt 2009-02-06 05:10:56 Pre-Run: 7,786,512,384 bytes free Post-Run: 7,847,297,024 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\="Microsoft Windows" Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 320 --- E O F --- 2008-12-20 07:40:26 Here is the new hijack this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:12:54 PM, on 2/5/2009 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\notepad.exe E:\WINDOWS\system32\imapi.exe E:\WINDOWS\explorer.exe E:\WINDOWS\System32\svchost.exe E:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineMessageService.exe O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineNetworkService.exe -- End of file - 5335 bytes
  9. tekkfall
    anyone out there?
  10. tekkfall
    Hello, new poster here. My computer has been getting constant pop ups of corrupt files to run chkdsk and what-not. The files work just fine but I still keep getting these messages, I run the chkdsk utility and it says the drives are locked. I run them during the restart, but the weird thing, is it zips through the test in a matter of seconds, and it says complete. I run CCleaner daily along with Avira Antivirus, Spybot S&D, and Spyware Killer Pro. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:16 PM, on 2/4/2009 Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe E:\Program Files\Mozilla Firefox\firefox.exe D:\Turbine Download Manager\TurbineMessageService.exe D:\Turbine Download Manager\TurbineNetworkService.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file) O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineMessageService.exe O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineNetworkService.exe -- End of file - 5683 bytes Now onto the Malwarebytes problem. I've been getting these same infections for weeks, even while running in safe mode. Thanks for your time. Malwarebytes' Anti-Malware 1.33 Database version: 1730 Windows 5.1.2600 Service Pack 3, v.3311 2/4/2009 8:21:52 PM mbam-log-2009-02-04 (20-21-52).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 117577 Time elapsed: 1 hour(s), 11 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: e:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: E:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. E:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.