Virus Log Please Help

**antbann** · #1 1st Oct 2009, 14:53

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/01/2009 at 10:25 PM

Application Version : 4.29.1002

Core Rules Database Version : 4139
Trace Rules Database Version: 2071

Scan type : Complete Scan
Total Scan Time : 01:12:41

Memory items scanned : 720
Memory threats detected : 0
Registry items scanned : 6189
Registry threats detected : 12
File items scanned : 20463
File threats detected : 10

Adware.SystemSearchDispatch
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
HKU\S-1-5-21-685867523-3107031544-2776910091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D}
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx
C:\Program Files\System Search Dispatcher\1.3.0.840\Data
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe
C:\Program Files\System Search Dispatcher\1.3.0.840
C:\Program Files\System Search Dispatcher

Adware.DesktopSmileyToolbar
HKU\S-1-5-21-685867523-3107031544-2776910091-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
HKU\S-1-5-21-685867523-3107031544-2776910091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.DoubleD
HKU\S-1-5-21-685867523-3107031544-2776910091-1003\Software\DoubleD
HKLM\Software\DoubleD
HKLM\Software\DoubleD\DoubleD
C:\Program Files\DoubleD\GamingHarbor Toolbar
C:\Program Files\DoubleD

Malwarebytes' Anti-Malware 1.41
Database version: 2887
Windows 6.0.6002 Service Pack 2

01/10/2009 22:50:24
mbam-log-2009-10-01 (22-50-24).txt

Scan type: Quick Scan
Objects scanned: 84199
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Can any one please look at this and advise me please.

**evilfantasy** · #2 1st Oct 2009, 16:45

Hey antbann. Long time no see.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

**antbann** · #3 2nd Oct 2009, 00:30

Well i thought id say hi,

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 27/05/2009 06:31:51
System Uptime: 10/02/2009 06:49:07 (5618 hours ago)

Motherboard: Acer | | Columbia
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | U2E1 | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 32 GiB total, 13.235 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 31.95 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&31D BA1D9&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&31D BA1D9&0&00E0
Service: b57nd60x

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
AVG Free 8.5
Broadcom Driver v4.170.25.19_Foxconn Installation Program
Broadcom Gigabit Integrated Controller
CCleaner (remove only)
Football Manager 2009
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 15
Launch Manager
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
Picasa 3
PowerDVD
Realtek High Definition Audio Driver
Sky Broadband
Steam
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinZip 12.1

==== Event Viewer Messages From Past Week ========

30/09/2009 18:17:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
30/09/2009 16:57:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
30/09/2009 16:57:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
30/09/2009 16:56:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
30/09/2009 16:43:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
30/09/2009 16:33:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
30/09/2009 16:32:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
30/09/2009 16:31:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
30/09/2009 16:30:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Irmon service.
29/09/2009 16:01:26, Error: EventLog [6008] - The previous system shutdown at 15:59:51 on 29/09/2009 was unexpected.
26/09/2009 07:18:38, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001F3A6FB99B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
02/10/2009 08:00:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/10/2009 06:50:40, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/10/2009 06:38:46, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001F3A6FB99B has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/10/2009 12:08:10, Error: EventLog [6008] - The previous system shutdown at 08:12:01 on 01/10/2009 was unexpected.

==== End Of File ===========================

DDS (Ver_09-09-29.01) - NTFSx86
Run by laura and me at 8:27:28.10 on 02/10/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1014.293 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Users\LAURAA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Users\laura and me\AppData\Local\Google\Update\1.2.183.7\GoogleCra shHandler.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\Logagent.exe
C:\Users\laura and me\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\laura and me\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Users\laura and me\AppData\Local\Google\Chrome\Application\chrome. exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\laura and me\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.sky.com/
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id%language
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80134
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80134
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Google Update] "c:\users\laura and me\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-23 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-20 27632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-23 180736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-6 13224]

=============== Created Last 30 ================

2009-10-01 21:00 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-01 21:00 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-10-01 20:59 <DIR> --d----- c:\users\lauraa~1\appdata\roaming\SUPERAntiSpyware .com
2009-10-01 20:59 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-01 20:58 <DIR> --d----- c:\users\lauraa~1\appdata\roaming\Malwarebytes
2009-10-01 20:58 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 20:58 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-01 20:58 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-01 20:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 20:58 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-01 20:47 <DIR> --d----- c:\program files\CCleaner
2009-10-01 20:45 <DIR> --d----- c:\users\laura and me\CD95F661A5C444F5A6AAECDD91C240B8.TMP
2009-09-27 12:48 <DIR> --d----- c:\windows\system32\x64
2009-09-27 12:46 <DIR> --d----- c:\users\laura and me\{8fdfd85e-f4f8-4d0d-994e-2dc5809a6cbb}
2009-09-27 12:00 97,184 a------- c:\windows\system32\drivers\SE2Cmdm.sys
2009-09-27 12:00 90,800 a------- c:\windows\system32\drivers\se2Cunic.sys
2009-09-27 12:00 86,560 a------- c:\windows\system32\drivers\SE2Cobex.sys
2009-09-27 12:00 18,704 a------- c:\windows\system32\drivers\se2Cnd5.sys
2009-09-27 12:00 5,872 a------- c:\windows\system32\drivers\SE2Cwhnt.sys
2009-09-27 12:00 5,872 a------- c:\windows\system32\drivers\SE2Cwh.sys
2009-09-27 12:00 61,600 a------- c:\windows\system32\drivers\SE2Cbus.sys
2009-09-27 12:00 9,360 a------- c:\windows\system32\drivers\SE2Cmdfl.sys
2009-09-27 12:00 6,240 a------- c:\windows\system32\drivers\SE2Ccmnt.sys
2009-09-27 12:00 6,240 a------- c:\windows\system32\drivers\SE2Ccm.sys
2009-09-27 12:00 4,128 a------- c:\windows\system32\drivers\se2Ccr.sys
2009-09-23 07:46 <DIR> --d----- c:\programdata\LightScribe
2009-09-23 07:46 <DIR> --d----- c:\progra~2\LightScribe
2009-09-20 21:45 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ggsemc_010 07.Wdf
2009-09-20 21:38 <DIR> --d----- c:\program files\common files\Sony Ericsson
2009-09-20 21:23 <DIR> --d----- c:\programdata\BVRP Software
2009-09-20 21:19 27,632 a------- c:\windows\system32\drivers\seehcri.sys
2009-09-20 21:18 <DIR> --d----- c:\programdata\Sony Ericsson
2009-09-20 21:18 <DIR> --d----- c:\progra~2\Sony Ericsson
2009-09-19 21:20 <DIR> --d----- c:\programdata\WinZip
2009-09-18 11:31 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-18 11:31 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-18 11:31 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-18 08:27 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-17 21:50 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-09-17 21:50 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-09-17 21:50 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-09-17 21:50 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-09-17 21:50 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-09-17 21:50 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-09-17 21:50 1,480,704 a------- c:\windows\system32\mssrch.dll
2009-09-17 21:48 1,078,784 a------- c:\windows\system32\diagperf.dll
2009-09-17 21:47 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-17 21:46 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-09-17 21:45 1,575,936 a------- c:\windows\system32\WMVENCOD.DLL
2009-09-17 21:44 180,736 a------- c:\windows\system32\drivers\rdpwd.sys
2009-09-17 21:43 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-09-17 21:43 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-09-17 21:43 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-09-17 21:43 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-09-17 21:43 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-09-17 21:43 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-09-17 21:43 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-09-17 21:43 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-09-17 21:42 218,624 a------- c:\windows\system32\wdscore.dll
2009-09-17 21:42 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-09-17 21:42 247,808 a------- c:\windows\system32\drvstore.dll
2009-09-09 19:58 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 19:58 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 19:58 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 19:58 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 19:58 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 19:58 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 19:58 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 19:58 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 19:58 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 19:58 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 19:58 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 14:24 <DIR> --d----- c:\users\laura and me\NTI-Shadow
2009-09-02 10:00 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 10:00 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-09-27 12:48 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-27 12:48 51,200 a------- c:\windows\inf\infpub.dat
2009-09-27 12:47 143,360 a------- c:\windows\inf\infstor.dat
2009-09-18 11:31 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-23 09:22 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-23 09:22 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 14:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 13:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 13:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 13:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 13:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 20:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 20:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 20:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 20:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 18:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-19 14:35 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\lo cal\microsoft\windows\history\history.ie5\index.da t
2009-06-19 14:35 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\lo cal\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-19 14:35 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\ro aming\microsoft\windows\cookies\index.dat

============= FINISH: 8:28:15.37 ===============

thanks

**evilfantasy** · #4 2nd Oct 2009, 14:34

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

**antbann** · #5 3rd Oct 2009, 01:34

ComboFix 09-10-01.05 - laura and me 03/10/2009 8:27.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1014.140 [GMT 1:00]
Running from: c:\users\laura and me\Documents\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bcmwl6.inf
c:\windows\System32\Desktop_.ini
c:\windows\system32\oem16.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 07:36 . 2009-10-03 07:36 -------- d-----w- c:\users\laura and me\AppData\Local\temp
2009-10-03 07:36 . 2009-10-03 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 18:56 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 20:00 . 2009-10-01 20:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-01 19:59 . 2009-10-01 19:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-01 19:59 . 2009-10-01 19:59 -------- d-----w- c:\users\laura and me\AppData\Roaming\SUPERAntiSpyware.com
2009-10-01 19:58 . 2009-10-01 19:58 -------- d-----w- c:\users\laura and me\AppData\Roaming\Malwarebytes
2009-10-01 19:58 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 19:58 . 2009-10-01 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 19:58 . 2009-10-01 19:58 -------- d-----w- c:\programdata\Malwarebytes
2009-10-01 19:58 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 19:47 . 2009-10-01 19:47 -------- d-----w- c:\program files\CCleaner
2009-10-01 19:45 . 2009-10-01 19:45 -------- d-----w- c:\users\laura and me\CD95F661A5C444F5A6AAECDD91C240B8.TMP
2009-09-27 11:48 . 2009-09-27 11:48 -------- d-----w- c:\windows\system32\x64
2009-09-27 11:46 . 2009-09-27 11:47 -------- d-----w- c:\users\laura and me\{8fdfd85e-f4f8-4d0d-994e-2dc5809a6cbb}
2009-09-27 11:00 . 2006-05-01 11:05 86560 ----a-w- c:\windows\system32\drivers\SE2Cobex.sys
2009-09-27 11:00 . 2006-05-01 11:03 97184 ----a-w- c:\windows\system32\drivers\SE2Cmdm.sys
2009-09-27 11:00 . 2006-05-01 11:02 5872 ----a-w- c:\windows\system32\drivers\SE2Cwhnt.sys
2009-09-27 11:00 . 2006-05-01 11:02 5872 ----a-w- c:\windows\system32\drivers\SE2Cwh.sys
2009-09-27 11:00 . 2006-05-01 11:02 18704 ----a-w- c:\windows\system32\drivers\se2Cnd5.sys
2009-09-27 11:00 . 2006-05-01 11:02 90800 ----a-w- c:\windows\system32\drivers\se2Cunic.sys
2009-09-27 11:00 . 2006-05-01 11:05 6240 ----a-w- c:\windows\system32\drivers\SE2Ccmnt.sys
2009-09-27 11:00 . 2006-05-01 11:05 6240 ----a-w- c:\windows\system32\drivers\SE2Ccm.sys
2009-09-27 11:00 . 2006-05-01 11:03 9360 ----a-w- c:\windows\system32\drivers\SE2Cmdfl.sys
2009-09-27 11:00 . 2006-05-01 11:03 61600 ----a-w- c:\windows\system32\drivers\SE2Cbus.sys
2009-09-27 11:00 . 2006-05-01 11:02 4128 ----a-w- c:\windows\system32\drivers\se2Ccr.sys
2009-09-23 06:46 . 2009-09-23 06:46 -------- d-----w- c:\programdata\LightScribe
2009-09-20 20:38 . 2009-09-20 21:12 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2009-09-20 20:23 . 2009-09-20 20:23 -------- d-----w- c:\users\laura and me\AppData\Local\Sony Ericsson
2009-09-20 20:23 . 2009-09-20 20:23 -------- d-----w- c:\programdata\BVRP Software
2009-09-20 20:19 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-09-20 20:18 . 2009-09-20 20:38 -------- d-----w- c:\programdata\Sony Ericsson
2009-09-19 20:22 . 2009-09-19 20:22 -------- d-----w- c:\users\laura and me\AppData\Local\WinZip
2009-09-19 20:20 . 2009-09-19 20:21 -------- d-----w- c:\programdata\WinZip
2009-09-18 10:31 . 2009-09-18 10:35 -------- d-----w- c:\windows\system32\ca-ES
2009-09-18 10:31 . 2009-09-18 10:35 -------- d-----w- c:\windows\system32\eu-ES
2009-09-18 10:31 . 2009-09-18 10:35 -------- d-----w- c:\windows\system32\vi-VN
2009-09-18 07:27 . 2009-09-18 07:27 -------- d-----w- c:\windows\system32\EventProviders
2009-09-17 20:50 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-17 20:50 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-17 20:50 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-17 20:50 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-09-17 20:50 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-09-17 20:50 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-09-17 20:50 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2009-09-17 20:48 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-09-17 20:47 . 2009-04-11 06:28 563712 ----a-w- c:\windows\system32\oleaut32.dll
2009-09-17 20:46 . 2009-04-11 06:28 60416 ----a-w- c:\windows\system32\msscntrs.dll
2009-09-17 20:45 . 2009-04-11 06:28 61440 ----a-w- c:\windows\system32\wscsvc.dll
2009-09-17 20:44 . 2009-04-11 06:28 37888 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-09-17 20:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-17 20:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-17 20:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-17 20:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-17 20:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-17 20:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-17 20:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-17 20:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-17 20:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-17 20:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-17 20:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-09 18:58 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 18:58 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 18:58 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 18:58 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 18:58 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 18:58 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 18:58 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 18:58 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 18:58 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 18:58 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 18:58 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 18:57 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 18:57 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 18:57 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 18:57 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 18:57 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 18:57 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 18:57 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 18:57 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 18:57 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 18:57 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 18:57 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-08 13:24 . 2009-09-08 13:25 -------- d-----w- c:\users\laura and me\NTI-Shadow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-03 07:05 . 2009-08-07 20:07 -------- d-----w- c:\program files\Steam
2009-10-01 19:57 . 2009-07-18 07:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-20 20:45 . 2009-09-20 20:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_010 07.Wdf
2009-09-20 20:40 . 2009-09-20 20:40 4 ----a-w- c:\programdata\031f3005.tmp
2009-09-20 20:18 . 2008-02-12 10:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 10:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-18 10:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-18 10:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-18 10:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-18 10:36 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-18 10:35 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-06 07:39 . 2009-08-07 20:08 -------- d-----w- c:\program files\Common Files\Steam
2009-09-01 16:49 . 2008-02-12 10:51 -------- d-----w- c:\programdata\Microsoft Help
2009-08-29 22:27 . 2009-08-08 09:01 -------- d-----w- c:\users\laura and me\AppData\Roaming\Sports Interactive
2009-08-29 22:15 . 2009-08-07 20:23 -------- d-----w- c:\programdata\Media Center Programs
2009-08-29 10:46 . 2009-07-23 20:25 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-02 09:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 09:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-23 08:22 . 2009-07-23 12:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 08:22 . 2009-07-23 12:40 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 08:22 . 2009-07-23 12:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 10:06 . 2009-08-12 08:52 -------- d-----w- c:\users\laura and me\AppData\Roaming\uTorrent
2009-08-08 08:47 . 2009-08-08 08:47 -------- d-----w- c:\programdata\Sports Interactive
2009-08-07 20:08 . 2009-08-07 20:07 -------- d--h--w- c:\program files\Zero G Registry
2009-08-07 20:07 . 2009-08-07 20:07 -------- d-----w- c:\program files\Sports Interactive
2009-07-30 17:07 . 2009-07-30 17:07 680 ----a-w- c:\users\laura and me\AppData\Local\d3d9caps.dat
2009-07-25 04:23 . 2009-07-23 20:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 12:40 . 2009-07-23 12:40 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-21 21:52 . 2009-07-28 19:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 19:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 19:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 19:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 17:21 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 17:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 17:21 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 17:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 17:21 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe " [2008-01-21 49664]
"Google Update"="c:\users\laura and me\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-23 133104]
"Steam"="c:\program files\Steam\Steam.exe" [2009-09-02 1217784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp. exe" [2006-11-05 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-12 535336]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,ef,97,05,4d,38,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{303C35EA-FE3A-4182-9CB1-E76A89395D8B}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{D62F1B25-6B9F-43FA-9883-8463910E6D65}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B958C8AF-5CBB-453A-B071-4842464111D1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{47BBA404-497D-4348-BB01-3AB8A304D101}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{82E36CCC-AAB3-426A-BBB9-3A3031C284F0}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{28364148-9170-4378-A1C9-962FB7D48DDF}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled: eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enab led:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enab led:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled: eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabl ed:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled: eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enab led:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enab led:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled: eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabl ed:eDStbmngr

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/07/2009 13:40 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23/07/2009 13:40 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11:42 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/07/2009 13:39 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/07/2009 13:39 297752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11:42 7408]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [20/09/2009 21:19 27632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [23/07/2007 00:00 180736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [06/04/2009 09:13 13224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-685867523-3107031544-2776910091-1003Core.job
- c:\users\laura and me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 11:34]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-685867523-3107031544-2776910091-1003UA.job
- c:\users\laura and me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 11:34]

2009-10-03 c:\windows\Tasks\User_Feed_Synchronization-{8AC72F54-78A9-45D7-8F5D-E090412C6F80}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 08:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-03 8:38
ComboFix-quarantined-files.txt 2009-10-03 07:38

Pre-Run: 13,380,235,264 bytes free
Post-Run: 13,322,805,248 bytes free

297 --- E O F --- 2009-10-02 18:56

combo fix doesnt save on my machine it runs a bios system prompt and then produces this log.

cheers

**evilfantasy** · #6 3rd Oct 2009, 09:04

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:services

:reg
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:files

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Save the OTM log to post later.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log