Jump to content

Recommended Posts

so about a week ago i started hearing advertisements (lysol, xfinity, other big names), random audio snippets, LOTS of clicking (IE click sound), my Wave mutes itself constantly, random pop-up ads, i think thats about it. I've run a bunch of antispyware programs and still can't get rid of it. its getting worse and starting to slow down my computer. makes watching or listening to anything w/ audio difficult because ads, music, and the clicking randomly go off. any suggestions? windows xp.

Link to post
Share on other sites

thank you, here's the results from the DDS scan:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Andrew at 20:00:16.71 on Sat 07/24/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2602 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe 4

svchost.exe 4

c:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\Program Files\Sophos\Remote Management System\RouterNT.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\OA001Mon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Andrew\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/ig

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [sRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup

uRun: [uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [OA001Mon] c:\windows\OA001Mon.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\andrew\application data\dvdvideosoftiehelpers\youtubetomp3.htm

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\v0ob8yq2.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll

FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-24 165456]

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2010-2-19 14464]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-2-12 111232]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-2-12 38912]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-22 532224]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-24 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-2-12 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-2-12 98304]

R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-6-2 266240]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-6-2 172032]

R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-6-2 794624]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-1-22 112512]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-24 40384]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-1-22 134144]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-22 143968]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-1-22 33832]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-1-22 240344]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2010-1-22 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-22 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-22 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2010-1-22 232744]

S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\regt.cfxxe" /s "c:\combofix\cregb.dat" --> c:\combofix\PEV.cfxxe [?]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-2-12 14976]

=============== Created Last 30 ================

2010-07-24 19:10:09 0 d-sha-r- C:\cmdcons

2010-07-24 19:08:10 77312 ----a-w- c:\windows\MBR.exe

2010-07-24 19:08:09 256512 ----a-w- c:\windows\PEV.exe

2010-07-24 19:08:09 161792 ----a-w- c:\windows\SWREG.exe

2010-07-24 18:44:04 0 d-----w- c:\docume~1\andrew\applic~1\Malwarebytes

2010-07-24 18:43:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-24 18:43:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-24 18:43:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-24 18:43:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-24 17:27:32 0 d-----w- c:\docume~1\andrew\applic~1\SUPERAntiSpyware.com

2010-07-24 17:27:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-24 17:27:25 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-24 17:23:53 38848 ----a-w- c:\windows\avastSS.scr

2010-07-24 17:23:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-07-23 20:58:18 42 ----a-w- c:\windows\system32\scud.udf

2010-07-22 16:31:09 0 d-----w- c:\docume~1\andrew\applic~1\CheckPoint

2010-07-22 16:30:51 0 d-----w- c:\program files\Conduit

2010-07-22 16:30:50 0 d-----w- c:\program files\ZoneAlarm

2010-07-22 16:30:38 0 d-----w- c:\program files\CheckPoint

2010-07-22 16:30:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-07-22 16:30:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-07-22 16:30:24 0 d-----w- c:\windows\system32\ZoneLabs

2010-07-22 16:30:22 421442 ----a-w- c:\windows\system32\vsconfig.xml

2010-07-22 16:30:21 0 d-----w- c:\program files\Zone Labs

2010-07-22 16:29:30 0 d-----w- c:\windows\Internet Logs

2010-07-22 16:28:51 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-22 16:28:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-07-21 15:15:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Uniblue

2010-07-21 15:14:59 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe

2010-07-21 15:14:59 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe

2010-07-21 14:22:34 0 d-----w- c:\docume~1\andrew\applic~1\Uniblue

2010-07-21 14:22:23 0 d-----w- c:\program files\Uniblue

2010-07-21 08:17:33 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-15 16:38:23 0 d-----w- C:\$AVG

2010-07-15 16:29:00 0 d-----w- c:\program files\AVG

2010-07-15 15:35:39 0 d-----w- c:\windows\LastGood.Tmp

2010-07-14 16:27:04 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-09 00:22:13 194 ----a-w- C:\Shortcut to CD Drive.lnk

2010-07-09 00:18:01 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-07-08 23:11:16 0 d-----w- c:\program files\DAEMON Tools Toolbar

2010-07-08 23:11:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-08 23:10:48 0 d-----w- c:\docume~1\andrew\applic~1\DAEMON Tools Lite

2010-07-08 23:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2010-07-08 19:53:50 0 d-----w- c:\program files\Titus

2010-07-03 23:20:18 0 d--h--w- c:\program files\InstallJammer Registry

2010-07-03 23:20:13 0 d-----w- c:\docume~1\andrew\applic~1\Gmote

2010-07-03 23:19:44 0 d-----w- c:\program files\GmoteServer

2010-06-29 07:55:34 0 d-----w- c:\program files\iPod

2010-06-29 07:55:27 0 d-----w- c:\program files\iTunes

2010-06-29 07:52:42 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-18 23:51:47 139630 ----a-w- c:\windows\system32\nvModes.dat

2010-06-03 17:48:24 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll

2010-06-03 17:48:15 111232 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys

2010-06-02 18:36:08 38912 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-02 06:34:15 1860352 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 20:00:33.95 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (Sophos and avast). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

yeah i can't log onto the internet at my college if i dont have sophos and i dont like it, thats why i have 2. is sophos any good?

MBRCheck, version 1.1.1

© 2010, AD

\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

i just thought it seemed pretty bare-bones and had never heard of it so i wasnt sure how good it was. i guess ill take avast off then, thanks for the info. when i hit y and enter, this is what came up:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Link to post
Share on other sites

  • Staff

Great.

Let's make sure nothing else is present.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 10-07-31.04 - Andrew 08/01/2010 15:37:23.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2943 [GMT -4:00]

Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))

.

2010-07-30 17:20 . 2008-04-14 04:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-07-30 17:20 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-07-29 08:58 . 2010-07-29 08:58 -------- d--h--r- c:\documents and settings\Andrew\Application Data\SecuROM

2010-07-29 08:57 . 2010-07-29 08:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM

2010-07-29 08:54 . 2010-07-29 08:54 -------- d-----w- c:\windows\system32\drivers\umdf

2010-07-29 08:53 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-07-29 08:53 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-07-29 08:53 . 2010-07-30 17:16 -------- d-----w- c:\windows\LastGood

2010-07-29 08:53 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-07-29 08:53 . 2010-07-29 08:53 -------- d-----w- c:\windows\Logs

2010-07-29 08:53 . 2010-07-29 08:53 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-07-29 08:53 . 2010-07-29 08:53 -------- d-----w- c:\windows\system32\xlive

2010-07-29 08:12 . 2010-07-29 08:13 -------- d-----w- c:\program files\iTunes

2010-07-29 08:12 . 2010-07-29 08:13 -------- d-----w- c:\program files\iPod

2010-07-28 04:17 . 2010-07-29 18:20 -------- d-----w- c:\program files\Rockstar Games

2010-07-24 18:44 . 2010-07-24 18:44 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes

2010-07-24 18:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-24 18:43 . 2010-07-24 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-24 18:43 . 2010-07-24 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-24 18:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-24 17:27 . 2010-07-24 17:27 -------- d-----w- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com

2010-07-24 17:27 . 2010-07-24 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-07-24 17:27 . 2010-07-24 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-24 17:23 . 2010-07-29 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-07-24 17:23 . 2010-07-24 17:23 -------- d-----w- c:\program files\Alwil Software

2010-07-23 06:06 . 2010-07-23 07:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit

2010-07-23 06:06 . 2010-07-23 20:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ZoneAlarm

2010-07-22 16:31 . 2010-07-22 16:31 -------- d-----w- c:\documents and settings\Andrew\Application Data\CheckPoint

2010-07-22 16:29 . 2010-08-01 19:44 -------- d-----w- c:\windows\Internet Logs

2010-07-22 16:28 . 2010-07-24 17:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-22 16:28 . 2010-07-24 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-21 15:15 . 2010-07-21 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Uniblue

2010-07-21 15:14 . 2010-01-11 07:41 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe

2010-07-21 15:14 . 2010-01-11 07:41 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe

2010-07-21 14:22 . 2010-07-21 15:05 -------- d-----w- c:\documents and settings\Andrew\Application Data\Uniblue

2010-07-21 14:22 . 2010-07-21 14:22 -------- d-----w- c:\program files\Uniblue

2010-07-21 08:17 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-21 08:16 . 2010-07-21 08:16 -------- d-----w- c:\program files\Windows Defender

2010-07-21 07:59 . 2010-07-21 07:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert

2010-07-21 07:34 . 2010-07-21 08:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-20 04:11 . 2010-07-24 17:10 0 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\prvlcl.dat

2010-07-15 16:38 . 2010-07-15 16:38 -------- d-----w- C:\$AVG

2010-07-15 16:29 . 2010-07-15 16:29 -------- d-----w- c:\program files\AVG

2010-07-15 15:35 . 2010-07-15 16:29 -------- d-----w- c:\windows\LastGood.Tmp

2010-07-14 18:48 . 2010-07-14 18:48 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Sophos

2010-07-14 18:43 . 2010-07-14 18:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search

2010-07-14 18:43 . 2010-07-22 15:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar

2010-07-14 16:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-13 01:13 . 2010-07-13 01:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search

2010-07-13 01:13 . 2010-07-25 03:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar

2010-07-09 00:18 . 2010-07-09 00:18 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-07-08 23:11 . 2010-07-08 23:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-08 23:10 . 2010-07-09 00:04 -------- d-----w- c:\documents and settings\Andrew\Application Data\DAEMON Tools Lite

2010-07-08 23:10 . 2010-07-08 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-07-08 19:53 . 2010-07-08 19:53 -------- d-----w- c:\program files\Titus

2010-07-03 23:20 . 2010-07-03 23:20 -------- d--h--w- c:\program files\InstallJammer Registry

2010-07-03 23:20 . 2010-08-01 19:27 -------- d-----w- c:\documents and settings\Andrew\Application Data\Gmote

2010-07-03 23:19 . 2010-07-03 23:19 -------- d-----w- c:\program files\GmoteServer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-01 19:47 . 2010-02-12 17:16 -------- d-----w- c:\documents and settings\Andrew\Application Data\LimeWire

2010-08-01 19:47 . 2010-02-16 21:33 -------- d-----w- c:\program files\PeerGuardian2

2010-08-01 19:45 . 2010-02-12 15:43 0 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\WavXMapDrive.bat

2010-08-01 19:21 . 2010-01-22 18:00 139630 ----a-w- c:\windows\system32\nvModes.dat

2010-07-30 17:16 . 2010-07-30 17:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2010-07-29 08:18 . 2010-01-22 18:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-29 08:12 . 2010-02-12 16:55 -------- d-----w- c:\program files\Common Files\Apple

2010-07-25 03:26 . 2010-02-12 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-24 17:32 . 2010-07-24 17:31 1082989 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-07-24 17:27 . 2010-07-24 17:27 63488 ----a-w- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-24 17:27 . 2010-07-24 17:27 52224 ----a-w- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-24 17:27 . 2010-07-24 17:27 117760 ----a-w- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-23 13:36 . 2010-02-18 16:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-07-23 13:36 . 2010-02-18 16:39 -------- d-----w- c:\program files\DVDVideoSoft

2010-07-23 08:13 . 2010-02-21 07:56 -------- d-----w- c:\documents and settings\Andrew\Application Data\vlc

2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-09 03:00 . 2010-07-22 16:30 52224 ----a-w- c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll

2010-06-09 03:00 . 2010-07-22 16:30 101376 ----a-w- c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll

2010-06-08 15:54 . 2010-02-17 22:13 -------- d-----w- c:\documents and settings\Andrew\Application Data\Skype

2010-06-05 17:03 . 2010-01-22 18:37 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-03 17:48 . 2010-02-12 16:40 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll

2010-06-03 17:48 . 2010-02-12 16:40 111232 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys

2010-06-03 15:48 . 2010-06-03 15:48 503808 ----a-w- c:\documents and settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57ca662c-n\msvcp71.dll

2010-06-03 15:48 . 2010-06-03 15:48 499712 ----a-w- c:\documents and settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57ca662c-n\jmc.dll

2010-06-03 15:48 . 2010-06-03 15:48 348160 ----a-w- c:\documents and settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-57ca662c-n\msvcr71.dll

2010-06-02 18:36 . 2010-02-12 16:40 38912 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys

2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-25 3261688]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-12 2937528]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2010-01-11 1431816]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]

"nwiz"="nwiz.exe" [2008-08-28 1630208]

"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]

"OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-22 149280]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\Andrew\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-7 245760]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584]

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1253152]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Nexon\\Combat Arms\\Engine.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"57953:TCP"= 57953:TCP:Pando Media Booster

"57953:UDP"= 57953:UDP:Pando Media Booster

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2/19/2010 4:24 PM 14464]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2/12/2010 12:40 PM 111232]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2/12/2010 12:40 PM 38912]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 7:56 AM 133968]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [4/27/2009 3:40 PM 293968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [6/26/2009 11:26 AM 812392]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [6/26/2009 11:26 AM 26984]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [7/16/2009 2:04 PM 376096]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2/12/2010 12:40 PM 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2/12/2010 12:40 PM 98304]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/22/2010 3:50 PM 112512]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [1/22/2010 2:38 PM 134144]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/22/2010 2:38 PM 143968]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [1/22/2010 3:51 PM 33832]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [1/22/2010 3:50 PM 240344]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [1/22/2010 3:51 PM 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [1/22/2010 3:51 PM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [1/22/2010 3:51 PM 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [1/22/2010 2:26 PM 232744]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 7:28 AM 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2/12/2010 12:40 PM 14976]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/8/2010 7:11 PM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-08-01 c:\windows\Tasks\Scan for Potentially Unwanted Applications 12pm and 6pm.job

- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-02-12 16:40]

2010-07-21 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-07-21 07:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/ig

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andrew\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\v0ob8yq2.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - component: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll

FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-01 15:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]

"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1448942130-3757941279-2847524208-1005\Software\SecuROM\License information*]

"datasecu"=hex:73,f8,15,44,e8,09,43,de,ea,93,62,ac,b5,68,bb,9b,71,92,6a,c0,1a,

1c,56,2f,89,b6,2d,0c,d8,27,86,18,7c,70,c1,c3,54,ab,d7,10,88,15,55,de,77,02,\

"rkeysecu"=hex:1a,37,02,b2,1e,52,77,38,19,fb,f2,a5,73,47,41,62

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)

c:\windows\system32\waveGina.dll

c:\windows\system32\AmRes_en.dll

c:\windows\system32\OEM_Resources.dll

c:\program files\Wave Systems Corp\Common\SsoProxy.dll

c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll

c:\program files\Wave Systems Corp\Dell Preboot Manager\PBMCredentialManager.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmAutoLogon.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\WCR10.dll

c:\program files\Wave Systems Corp\Authentication Manager\Authentec2.dll

c:\program files\Wave Systems Corp\Authentication Manager\Broadcom2.dll

c:\program files\Wave Systems Corp\Authentication Manager\Upek2.dll

c:\program files\Wave Systems Corp\Authentication Manager\Validity2.dll

c:\program files\Wave Systems Corp\Authentication Manager\AT8Plugin2.dll

c:\program files\Wave Systems Corp\Authentication Manager\SCPlugin2.dll

c:\program files\Wave Systems Corp\Authentication Manager\TPMPlugin2.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1020)

c:\windows\system32\wvauth.dll

c:\program files\Wave Systems Corp\Common\CryptoManager.dll

c:\windows\system32\wclient14.dll

c:\windows\system32\tcg15.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

c:\program files\Wave Systems Corp\Common\SsoProxy.dll

c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll

c:\program files\Wave Systems Corp\Dell Preboot Manager\PBMCredentialManager.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmAutoLogon.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\WCR10.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(2908)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\NetProvCredMan.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\drivers\audio\r213367\stacsv.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Sophos\Remote Management System\RouterNT.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\msiexec.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2010-08-01 15:50:39 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-01 19:50

ComboFix2.txt 2010-07-24 19:41

ComboFix3.txt 2010-07-24 19:25

Pre-Run: 29,877,833,728 bytes free

Post-Run: 30,181,302,272 bytes free

- - End Of File - - BAD56823DB26EBF6E0BECD0FED0B7698

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by at 15:54:16.82 on Sun 08/01/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2656 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

c:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Sophos\Remote Management System\RouterNT.exe

C:\WINDOWS\OA001Mon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DellTPad\HidFind.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Andrew\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/ig

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [sRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe

uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup

uRun: [uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [OA001Mon] c:\windows\OA001Mon.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\andrew\application data\dvdvideosoftiehelpers\youtubetomp3.htm

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\v0ob8yq2.default\

FF - prefs.js: browser.search.selectedEngine - DAEMON Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\v0ob8yq2.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll

FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2010-2-19 14464]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-2-12 111232]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-2-12 38912]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-22 532224]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-2-12 80936]

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-2-12 98304]

R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-6-2 266240]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-6-2 172032]

R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-6-2 794624]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-1-22 112512]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-1-22 134144]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-22 143968]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-1-22 33832]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-1-22 240344]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2010-1-22 148056]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-1-22 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-1-22 280096]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2010-1-22 232744]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-2-12 14976]

=============== Created Last 30 ================

2010-08-01 19:34:13 98816 ----a-w- c:\windows\sed.exe

2010-07-30 17:20:25 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-07-30 17:20:25 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-07-30 17:16:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2010-07-30 02:12:38 599 ----a-w- c:\windows\es.RPT

2010-07-29 08:57:57 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM

2010-07-29 08:53:10 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-07-29 08:53:10 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-07-29 08:53:08 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-07-29 08:53:07 0 d-----w- c:\windows\Logs

2010-07-29 08:53:04 0 d-----w- c:\windows\system32\xlive

2010-07-29 08:53:04 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-07-29 08:12:46 0 d-----w- c:\program files\iTunes

2010-07-29 08:12:46 0 d-----w- c:\program files\iPod

2010-07-28 04:17:51 0 d-----w- c:\program files\Rockstar Games

2010-07-24 19:10:09 0 d-sha-r- C:\cmdcons

2010-07-24 19:08:10 77312 ----a-w- c:\windows\MBR.exe

2010-07-24 19:08:09 256512 ----a-w- c:\windows\PEV.exe

2010-07-24 19:08:09 161792 ----a-w- c:\windows\SWREG.exe

2010-07-24 18:44:04 0 d-----w- c:\docume~1\andrew\applic~1\Malwarebytes

2010-07-24 18:43:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-24 18:43:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-24 18:43:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-24 18:43:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-24 17:27:32 0 d-----w- c:\docume~1\andrew\applic~1\SUPERAntiSpyware.com

2010-07-24 17:27:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-24 17:27:25 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-24 17:23:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-07-23 20:58:18 42 ----a-w- c:\windows\system32\scud.udf

2010-07-22 16:31:09 0 d-----w- c:\docume~1\andrew\applic~1\CheckPoint

2010-07-22 16:30:51 0 d-----w- c:\program files\Conduit

2010-07-22 16:30:50 0 d-----w- c:\program files\ZoneAlarm

2010-07-22 16:30:38 0 d-----w- c:\program files\CheckPoint

2010-07-22 16:30:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-07-22 16:30:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-07-22 16:30:24 0 d-----w- c:\windows\system32\ZoneLabs

2010-07-22 16:30:22 421442 ----a-w- c:\windows\system32\vsconfig.xml

2010-07-22 16:30:21 0 d-----w- c:\program files\Zone Labs

2010-07-22 16:29:30 0 d-----w- c:\windows\Internet Logs

2010-07-22 16:28:51 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-07-22 16:28:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-07-21 15:15:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Uniblue

2010-07-21 15:14:59 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe

2010-07-21 15:14:59 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe

2010-07-21 14:22:34 0 d-----w- c:\docume~1\andrew\applic~1\Uniblue

2010-07-21 14:22:23 0 d-----w- c:\program files\Uniblue

2010-07-21 08:17:33 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-07-15 16:38:23 0 d-----w- C:\$AVG

2010-07-15 16:29:00 0 d-----w- c:\program files\AVG

2010-07-15 15:35:39 0 d-----w- c:\windows\LastGood.Tmp

2010-07-14 16:27:04 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-09 00:22:13 194 ----a-w- C:\Shortcut to CD Drive.lnk

2010-07-09 00:18:01 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-07-08 23:11:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-07-08 23:10:48 0 d-----w- c:\docume~1\andrew\applic~1\DAEMON Tools Lite

2010-07-08 23:10:44 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite

2010-07-08 19:53:50 0 d-----w- c:\program files\Titus

2010-07-03 23:20:18 0 d--h--w- c:\program files\InstallJammer Registry

2010-07-03 23:20:13 0 d-----w- c:\docume~1\andrew\applic~1\Gmote

2010-07-03 23:19:44 0 d-----w- c:\program files\GmoteServer

==================== Find3M ====================

2010-08-01 19:21:42 139630 ----a-w- c:\windows\system32\nvModes.dat

2010-06-03 17:48:24 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll

2010-06-03 17:48:15 111232 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 15:54:31.35 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Everything is still running great, I haven't noticed any issues since running the MBR check.

Scanning Report

Monday, August 2, 2010 12:32:40 - 14:02:43

Computer name: DJF3CJL1

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

2 malware found

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Statistics

Scanned:

* Files: 54057

* System: 3650

* Not scanned: 12

Actions:

* Disinfected: 2

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS

* C:\HIBERFIL.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

* C:\DOCUMENTS AND SETTINGS\ANDREW\LOCAL SETTINGS\TEMP\HSPERFDATA_ANDREW\3844

* C:\DOCUMENTS AND SETTINGS\ANDREW\LOCAL SETTINGS\TEMP\HSPERFDATA_ANDREW\5164

* C:\DOCUMENTS AND SETTINGS\ANDREW\APPLICATION DATA\CHECKPOINT\ZONEALARM TOOLBAR\SITES

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Copyright

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Sophos Anti-Virus

ZoneAlarm

ZoneAlarm Toolbar

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 16

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 9.3.3

Mozilla Firefox (3.6.8)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Windows Defender MSASCui.exe

Sophos Sophos Anti-Virus SAVAdminService.exe

SRS Labs SRS Premium Sound SRSPremiumSoundBig_Small.exe

Windows Defender MsMpEng.exe

Windows Defender MSASCui.exe

Zone Labs ZoneAlarm zlclient.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

  • Staff

Yes just delete the icon now.

If there are no other issues, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :rolleyes:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.