|
-
June 5th, 2009, 08:35 PM
#1
DNS Not Resolving
Hello everyone. I started a thread over in the Internet Related Issues section. Here is that thread:
http://discussions.virtualdr.com/sho...d.php?t=239282
After trying a number of suggestions from Broni, he recommended I post over here in the HJT section.
But here is the gist of the problem:
I've got a computer here that will not load web pages. If I go into a command prompt, and ping www.google.com, I get nothing. Actually, I get "Ping request could not find host www.google.com. Please check the name and try again." But if I ping 72.14.205.99 (one of Google's IP Addresses), I get 4 Packets Received.
Same with the web browser. I type in www.google.com, and I get The webpage cannot be found. I type 72.14.205.99, and Google comes up.
Dell Dimension 4550
Windows XP Home SP2
512 MB RAM
Pentium 4 2.53 GHz
IE7 (7.0.5730.11)
Right now, I'm running SUPERAntiSpyware, and the rest will be coming soon. For now, here is the SUPERAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/05/2009 at 07:17 PM
Application Version : 4.26.1004
Core Rules Database Version : 3925
Trace Rules Database Version: 1869
Scan type : Complete Scan
Total Scan Time : 02:42:02
Memory items scanned : 217
Memory threats detected : 0
Registry items scanned : 5413
Registry threats detected : 62
File items scanned : 84003
File threats detected : 19
Adware.IncrediFind
HKLM\Software\Classes\CLSID\{0199DF25-9820-4bd5-9FEE-5A765AB4371E}
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\InprocServer32
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\InprocServer32#ThreadingModel
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\ProgID
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\Programmable
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\TypeLib
HKCR\CLSID\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}\VersionIndependentProgID
HKCR\BHO.IncrediFindBHO.1
HKCR\BHO.IncrediFindBHO
HKCR\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0199DF25-9820-4bd5-9FEE-5A765AB4371E}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0199DF25-9820-4BD5-9FEE-5A765AB4371E}
Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32
HKCR\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLST.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094}
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc
Ride Marketing Group Adware
HKLM\Software\Classes\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}#AppID
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}\InprocServer32
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}\InprocServer32#ThreadingModel
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}\ProgID
HKCR\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E}\VersionIndependentProgID
HKCR\x1ff.Xbrowse.1
HKCR\x1ff.Xbrowse.1\CLSID
HKCR\x1ff.Xbrowse
HKCR\x1ff.Xbrowse\CLSID
HKCR\x1ff.Xbrowse\CurVer
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\X1FF\X1FF.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7EF827-47CC-48EB-B570-C367F1E1277E}
Adware.Qoologic/QoolAid
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E248641-0E24-4DDB-9A1F-705087832AD6}
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E248641-0E24-4DDB-9A1F-705087832AD6}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E248641-0E24-4DDB-9A1F-705087832AD6}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}#MenuText
Adware.Search-Exe
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{002F4E27-B273-4FA5-ADFC-1FB9ED210B37}
Adware.WebNexus
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\intexp
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205672.DLL
Browser Hijacker.Begin2Search
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\In3rd
Adware.IEPlugin
HKCR\Remove
Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\SOFTWARE\FunWebProducts
Spyware.E2G
C:\Program Files\E2G
Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-2714637481-1908703217-3403894537-1006\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
Adware.Tracking Cookie
C:\Documents and Settings\ipod\Cookies\[email protected][1].txt
C:\Documents and Settings\ipod\Cookies\ipod@collective-media[2].txt
C:\Documents and Settings\ipod\Cookies\[email protected][1].txt
C:\Documents and Settings\ipod\Cookies\ipod@googleadservices[1].txt
C:\Documents and Settings\ipod\Cookies\ipod@imrworldwide[2].txt
Adware.ClearSearch
C:\PROGRAM FILES\LYCOS\IEAGENT\CSIE.DLL
C:\PROGRAM FILES\LYCOS\IEAGENT\CSSSINST.DLL
Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205653.EXE
Adware.Spyware Labs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205669.DLL
Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205659.EXE
DMLSC.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205660.EXE
Adware.2ndThought-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205661.EXE
Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2124\A0205664.EXE
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 09:23 PM
#2
Here is the Malwarebyte's log:
Malwarebytes' Anti-Malware 1.37
Database version: 2202
Windows 5.1.2600 Service Pack 2
6/5/2009 8:20:18 PM
mbam-log-2009-06-05 (20-20-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 172208
Time elapsed: 44 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 09:52 PM
#3
Hello again. I can see, we DO have some crap here.
-
June 5th, 2009, 10:18 PM
#4
Hey Broni. That's fantastic. Just what I wanted to hear. 
I'm now running GMER. Almost done, and then I'll post that and the HJT log.
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 10:32 PM
#5
We'll see what we can do 
-
June 5th, 2009, 11:05 PM
#6
Here is the GMER log:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-05 22:02:03
Windows 5.1.2600 Service Pack 2
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2160] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat F2C8AD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Control\Session Manager@PendingFileRenameOperations ? ?:?????9??????????????????????{B51D9F26-E172-49fe-BB5F-1EC3BB1BB7B1}??????? ,??:??????????????USB.Astra5400.Scanner????????:??????????????Microsoft????????:???????????????????:???:?g?:??? ???:??????????????7-1-2001????? ???:??????????n???5.1.2600.0?l????UMAX Astra 5400??:??UMAX #0160?????????9???????:???6?5???:??usb\vid_1606&pid_0160????????:???????e??usbscan?????? ??:??????????????UMAX Astra 5400??????????:???:???:???O?P?9?????????????????s?????6?9?7?4?7?8?8?6?5?:?:?:?:??? ?????????????:?????:??????????H???N???????????????????????????????????????????? ???????:???????????:????????????????#???????H??:??????????????USB\Vid_1606&Pid_0160\5&539666a&0&2??????????:??????????????\\?\USB#Vid_1606&Pid_0160#5&539666a&0&2#{6bdd1fc6-810f-11d0-bec7-08002be2092f}??????? ?????????????:?????:??????????H???N???????????????????????????????????????????? ???????:???????????:????????????????#????????:#?????H??:??????????????USB\Vid_1606&Pid_0160\5&539666a&0&2??????????:??????????????\\?\USB#Vid_1606&Pid_0160#5&539666a&0&2#{a5
Reg HKLM\SOFTWARE\Classes\GetURL.CPlugin@ GetURL.CPlugin
Reg HKLM\SOFTWARE\Classes\GetURL.CPlugin\Clsid
Reg HKLM\SOFTWARE\Classes\GetURL.CPlugin\Clsid@ {19185FCC-75B5-11D5-89D3-000086120FE4}
Reg HKLM\SOFTWARE\Classes\Registry.CPlugin@ Registry.CPlugin
Reg HKLM\SOFTWARE\Classes\Registry.CPlugin\Clsid
Reg HKLM\SOFTWARE\Classes\Registry.CPlugin\Clsid@ {1CCED66A-75B5-11D5-89D3-000086120FE4}
---- EOF - GMER 1.0.15 ----
I hope I posted this correctly.
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 11:05 PM
#7
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:33 PM, on 6/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Langel's Computer\Desktop\Fix Programs\z1fce2rw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users\Application Data\RDSA\rdsa.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Installer Service (Installer) - Unknown owner - C:\WINDOWS\System32\winst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9268 bytes
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 11:13 PM
#8
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
-
June 5th, 2009, 11:26 PM
#9
I'm getting the error
"This machine does not have the 'Microsoft Windows recovery console' installed.
Without it, ComboFix shall not attempt the fixing of some serious infections.
Click 'Yes' to have ComboFix download/install it.
NOTE: this requires an active internet connection
I'm disconnected from the internet (pulled the plug), and with the DNS error, I doubt it will work anyway. Should I just click No, and try to continue?
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 11:28 PM
#10
Skip the Console installation.
-
June 5th, 2009, 11:43 PM
#11
ComboFix Log:
ComboFix 09-06-05.07 - Langel's Computer 06/05/2009 22:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.224 [GMT -5:00]
Running from: c:\documents and settings\Langel's Computer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Langel's Computer\Favorites\Download programs.url
c:\documents and settings\Langel's Computer\Favorites\Games.url
c:\documents and settings\Langel's Computer\Favorites\Translator.url
c:\documents and settings\Langel's Computer\Favorites\Videos.url
c:\documents and settings\Langel's Computer\Start Menu\Programs\Download programs.url
c:\documents and settings\Langel's Computer\Start Menu\Programs\Games.url
c:\documents and settings\Langel's Computer\Start Menu\Programs\Translator.url
c:\documents and settings\Langel's Computer\Start Menu\Programs\Videos.url
c:\program files\Common Files\SLMSS
c:\program files\Common Files\SLMSS\acp1.dat
c:\windows\bundles
c:\windows\IE4 Error Log.txt
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005534_.tmp.dll
c:\windows\system32\_005535_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005543_.tmp.dll
c:\windows\system32\_005544_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005548_.tmp.dll
c:\windows\system32\_005551_.tmp.dll
c:\windows\system32\_005552_.tmp.dll
c:\windows\system32\_005554_.tmp.dll
c:\windows\system32\_005555_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005558_.tmp.dll
c:\windows\system32\_005561_.tmp.dll
c:\windows\system32\_005562_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005567_.tmp.dll
c:\windows\system32\_005569_.tmp.dll
c:\windows\system32\_005572_.tmp.dll
c:\windows\system32\_005574_.tmp.dll
c:\windows\system32\_005575_.tmp.dll
c:\windows\system32\_005576_.tmp.dll
c:\windows\system32\_005577_.tmp.dll
c:\windows\system32\_005578_.tmp.dll
c:\windows\system32\_005581_.tmp.dll
c:\windows\system32\_005582_.tmp.dll
c:\windows\system32\_005583_.tmp.dll
c:\windows\system32\_005584_.tmp.dll
c:\windows\system32\_005585_.tmp.dll
c:\windows\system32\_005590_.tmp.dll
c:\windows\system32\_005592_.tmp.dll
c:\windows\system32\_005593_.tmp.dll
c:\windows\system32\instsrv.exe
c:\windows\TEMP\0\Installer.exe
c:\windows\TEMP\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\FileModifiedDate.dll
c:\windows\TEMP\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\PhotoSharing.dll
c:\windows\TEMP\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wiaaut.dll
c:\windows\TEMP\0\Private\Runtime\ProgFiles\FotomatDeviceConnect.exe
c:\windows\TEMP\0\Private\Runtime\ProgFiles\FotomatShellExt.dll
c:\windows\TEMP\0\Private\Runtime\ProgFiles\IEViewBar.dll
c:\windows\TEMP\0\Private\Runtime\ProgFiles\SWFView.dll
c:\windows\TEMP\0\Private\Runtime\ProgFiles\VETScriptInterpreter.dll
c:\windows\TEMP\0\Private\Runtime\ProgFiles\ViewBar.dll
c:\windows\TEMP\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
c:\windows\TEMP\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
c:\windows\TEMP\0\Private\Vendor\ProgFiles\Uninstaller.exe
c:\windows\TEMP\0\Private\Vendor\ProgFiles\ViewBarBHO.dll
c:\windows\TEMP\0\Private\Vendor\ProgFiles\ViewBarSystemInfo.dll
c:\windows\TEMP\vmgr14b1.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr15f7.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr198d.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr1b31.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr1e0a.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr1f41.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr20ce.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr20fd.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr22e7.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr25cc.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2652.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2830.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2ae8.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2c80.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2d3c.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2d40.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr2d92.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3110.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3210.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr34b.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3559.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr355f.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3623.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr399.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3acc.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr3ea4.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr43c5.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr461c.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr4965.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr4caf.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr4dd7.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr4e33.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5063.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr508b.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5371.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5445.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5494.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5898.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5a32.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5bd2.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5d9c.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5f40.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5f9e.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr5fd8.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr6076.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr60fd.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr6226.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr6a6d.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr6e9e.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr6f8a.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7004.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7005.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7064.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr70ea.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr731.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr733e.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7a80.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7b00.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7c2.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7ef3.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7f4.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr7f5a.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgr9de.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgrce9.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgrd48.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgrd9d.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgrdfa.tmp\UpdateInfo.dll
c:\windows\TEMP\vmgrf29.tmp\UpdateInfo.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISEXENG
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.
2009-06-05 21:16 . 2009-06-06 00:31 117760 ----a-w- c:\documents and settings\Langel's Computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\SUPERAntiSpyware.com
2009-06-05 21:14 . 2009-06-05 21:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 05:47 . 2004-08-04 04:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-06-05 05:47 . 2004-08-04 04:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-06-05 04:38 . 2009-06-06 03:31 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-05 04:25 . 2009-06-05 04:25 -------- d-----w- C:\ERDNT
2009-06-05 02:57 . 2009-06-05 03:53 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-05 02:48 . 2009-06-05 02:48 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-05 02:48 . 2009-06-05 02:48 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 02:48 . 2009-06-05 02:48 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-05 02:48 . 2009-06-05 02:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-05 02:48 . 2009-06-05 02:48 -------- d-----w- c:\program files\AVG
2009-06-05 02:48 . 2009-06-05 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-05 02:42 . 2009-06-05 02:42 -------- d-----w- c:\program files\Trend Micro
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\Malwarebytes
2009-06-05 01:27 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 01:27 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-18 08:00 . 2009-05-18 08:00 -------- d-----w- c:\program files\MSXML 6.0
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\scripting
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\l2schemas
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\en
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\bits
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 02:59 . 2004-11-17 02:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\x1ff
2009-06-05 02:58 . 2004-11-17 02:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\RDSA
2009-06-05 02:57 . 2004-07-07 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\IEService
2009-06-01 21:14 . 2007-03-16 22:30 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\U3
2009-05-30 19:17 . 2003-06-14 20:05 -------- d-----w- c:\program files\Diablo II
2009-05-30 19:17 . 2008-03-31 00:57 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-26 21:18 . 2004-12-27 20:44 -------- d-----w- c:\program files\Network Associates
2009-05-26 21:18 . 2004-12-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-05-14 964608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 225280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-05 1234712]
c:\documents and settings\Langel's Computer\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-14 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^xqqg.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\xqqg.exe
backup=c:\windows\pss\xqqg.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/4/2009 9:48 PM 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/4/2009 9:48 PM 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:42 PM 24652]
S2 Installer;Installer Service;c:\windows\System32\winst.exe --> c:\windows\System32\winst.exe [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [1/29/2006 8:21 PM 91830]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\42da3b90-3396-45b1-939a-f7424bf2ae82]
c:\windows\system32\bqqraam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\42da3b90-3396-45b1-939a-f7424bf2ae82]
c:\windows\system32\bqqraam.exe
.
Contents of the 'Scheduled Tasks' folder
2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
2009-06-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-07 14:04]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 22:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??X???x???P???X???????????P???P???? ?w? ?w)??p????????(???{????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-06-06 22:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 03:42
Pre-Run: 31,710,908,416 bytes free
Post-Run: 31,912,960,000 bytes free
301 --- E O F --- 2009-06-05 21:04
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 5th, 2009, 11:44 PM
#12
2nd HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:36 PM, on 6/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Installer Service (Installer) - Unknown owner - C:\WINDOWS\System32\winst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8943 bytes
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 6th, 2009, 12:06 AM
#13
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
c:\windows\System32\winst.exe
c:\windows\system32\bqqraam.exe
c:\windows\Tasks\Symantec NetDetect.job
Folder::
c:\program files\Symantec
Driver::
Installer
"Installer Service"
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^xqqg.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\42da3b90-3396-45b1-939a-f7424bf2ae82]
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.
-
June 6th, 2009, 12:29 AM
#14
2nd Combofix Log:
ComboFix 09-06-05.07 - Langel's Computer 06/05/2009 23:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.239 [GMT -5:00]
Running from: c:\documents and settings\Langel's Computer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Langel's Computer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\bqqraam.exe"
"c:\windows\System32\winst.exe"
"c:\windows\Tasks\Symantec NetDetect.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LuAll.cnt
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALL.HLP
c:\program files\Symantec\LiveUpdate\LuComServer.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\windows\Tasks\Symantec NetDetect.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_INSTALLER
-------\Service_Installer
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.
2009-06-05 21:16 . 2009-06-06 00:31 117760 ----a-w- c:\documents and settings\Langel's Computer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 21:15 . 2009-06-05 21:15 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\SUPERAntiSpyware.com
2009-06-05 21:14 . 2009-06-05 21:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 05:47 . 2004-08-04 04:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-06-05 05:47 . 2004-08-04 04:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-06-05 04:38 . 2009-06-06 04:16 -------- d-----w- c:\windows\system32\CatRoot2
2009-06-05 04:25 . 2009-06-05 04:25 -------- d-----w- C:\ERDNT
2009-06-05 02:57 . 2009-06-05 03:53 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-05 02:48 . 2009-06-05 02:48 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-05 02:48 . 2009-06-05 02:48 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 02:48 . 2009-06-05 02:48 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-05 02:48 . 2009-06-05 02:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-05 02:48 . 2009-06-05 02:48 -------- d-----w- c:\program files\AVG
2009-06-05 02:48 . 2009-06-05 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-05 02:42 . 2009-06-05 02:42 -------- d-----w- c:\program files\Trend Micro
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\Malwarebytes
2009-06-05 01:27 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 01:27 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 01:27 . 2009-06-05 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-18 08:00 . 2009-05-18 08:00 -------- d-----w- c:\program files\MSXML 6.0
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\scripting
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\l2schemas
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\en
2009-05-16 20:22 . 2009-05-16 20:22 -------- d-----w- c:\windows\system32\bits
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 02:59 . 2004-11-17 02:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\x1ff
2009-06-05 02:58 . 2004-11-17 02:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\RDSA
2009-06-05 02:57 . 2004-07-07 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\IEService
2009-06-01 21:14 . 2007-03-16 22:30 -------- d-----w- c:\documents and settings\Langel's Computer\Application Data\U3
2009-05-30 19:17 . 2003-06-14 20:05 -------- d-----w- c:\program files\Diablo II
2009-05-30 19:17 . 2008-03-31 00:57 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-26 21:18 . 2004-12-27 20:44 -------- d-----w- c:\program files\Network Associates
2009-05-26 21:18 . 2004-12-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ares"="c:\program files\Ares\Ares.exe" [2007-05-14 964608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 225280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-30 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-05 1234712]
c:\documents and settings\Langel's Computer\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-14 344064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/4/2009 9:48 PM 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/4/2009 9:48 PM 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:42 PM 24652]
S3 P0630VID;Creative WebCam Live!;c:\windows\SYSTEM32\DRIVERS\P0630Vid.sys [1/29/2006 8:21 PM 91830]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\42da3b90-3396-45b1-939a-f7424bf2ae82]
c:\windows\system32\bqqraam.exe
.
Contents of the 'Scheduled Tasks' folder
2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 23:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??X???x???P???X???????????P???P???? ?w? ?w)??p????????(???{????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-06-06 23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 04:26
ComboFix2.txt 2009-06-06 03:42
Pre-Run: 31,935,778,816 bytes free
Post-Run: 31,905,591,296 bytes free
192 --- E O F --- 2009-06-05 21:04
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
-
June 6th, 2009, 12:30 AM
#15
3rd HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:52 PM, on 6/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8834 bytes
Windows XP Home SP3
AMD Athlon 64 3200+
Dual Channel 1GB DDR PC3200 RAM
ATI Radeon 9800 Pro 128MB
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
