[RESOLVED] Intermittent freezing

**Dreams** · November 13th, 2010, 05:30 PM

I'm running Windows XP Pro SP3 on my home computer. I'm having a problem with it "freezing" randomly for about a minute or so. It can be in the middle of anything I'm doing, and everything will lock up. If I wait, it unfreezes just fine. It also lags at times instead of freezing, but I think this might be a problem with running processes or too many things at startup. :|

I scanned with Avira, which found one virus: TR/Dldr.Agent.177990 Trojan, and quarantined it.

Malwarebytes found nothing; I can post the log here.

I could not run GMER because both links (in the sticky thread) told me "page not found."

I have the MBR Check log.

And that DDS thing - when I tried to download it, Avira said it was a virus and removed it. Suggestions? Can I still post a HJT log?

Help is much appreciated!

**Dreams** · November 13th, 2010, 05:31 PM

Malwarebytes Log

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

11/13/2010 3:52:36 PM
mbam-log-2010-11-13 (15-52-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 276811
Time elapsed: 1 hour(s), 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Dreams** · November 13th, 2010, 05:32 PM

MBR Check Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B0D000 \WINDOWS\system32\KDCOM.DLL
0xF7A1D000 \WINDOWS\system32\BOOTVID.dll
0xF75BE000 ACPI.sys
0xF7B0F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AD000 pci.sys
0xF760D000 isapnp.sys
0xF7BD5000 pciide.sys
0xF788D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF761D000 MountMgr.sys
0xF758E000 ftdisk.sys
0xF7B11000 dmload.sys
0xF7568000 dmio.sys
0xF7895000 PartMgr.sys
0xF762D000 VolSnap.sys
0xF7550000 atapi.sys
0xF763D000 disk.sys
0xF764D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7530000 fltMgr.sys
0xF751E000 sr.sys
0xF789D000 PxHelp20.sys
0xF7507000 KSecDD.sys
0xF747A000 Ntfs.sys
0xF744D000 NDIS.sys
0xF7433000 Mup.sys
0xF775D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF729B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7287000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7266000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF791D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7242000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7925000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7202000 \SystemRoot\system32\drivers\smwdm.sys
0xF71DE000 \SystemRoot\system32\drivers\portcls.sys
0xF776D000 \SystemRoot\system32\drivers\drmk.sys
0xF71BB000 \SystemRoot\system32\drivers\ks.sys
0xF7108000 \SystemRoot\system32\drivers\senfilt.sys
0xF70F4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF777D000

**Dreams** · November 13th, 2010, 05:32 PM

HJT Log

[HJT log removed -Broni]

**Broni** · November 13th, 2010, 08:41 PM

Try GMER from my site, HERE

As for DDS, Avira should give you an option to add it to exceptions.
If not, disable Avira temporarily and download DDS then.

MBRCheck log is incomplete.
Redo.

**Broni** · November 13th, 2010, 08:42 PM

Also...

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

**Dreams** · November 14th, 2010, 08:28 PM

Okay!

Now we're on a roll here.

The problem with downloading DDS, was that the initial time I tried it, Avira detected Crypt.XPACK.Gen Trojan - I don't know if that was a false positive because of the file type, or what happened... the second time I downloaded it, Avira didn't do anything. (I know, you told me to disable Avira, but the fact that it came up as a trojan the first time was a little scary.)

Logs will follow this post.

Something happened when I booted up the computer today that I've never seen before. It said:

"One of your disks needs to be checked for consistency. CHKDSK is verifying files / indexes / security descriptions..." and it deleted two index entries. One said "Upd-2010-11-01-20-17-04.log in index $I30 of file 102873." There was another log file it deleted in the same location, but I was too slow to write it down. Can you tell me what any of that means?

**Dreams** · November 14th, 2010, 08:29 PM

GMER Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 19:07:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAVS-00N7B0 rev.01.00A01
Running: gmer.exe; Driver: C:\DOCUME~1\SASSYD~1.002\LOCALS~1\Temp\uwtdypod.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xA9FB9B94]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xA9FB9586]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xA9FB95DA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xA9FB9640]
SSDT F7D3883E ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xA9FB972E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xA9FB97BA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xA9FB984A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xA9FB9980]
SSDT F7D38843 ZwDeleteKey
SSDT F7D3884D ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xA9FB99D4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xA9FB9A3A]
SSDT F7D38852 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xA9FB9A8C]
SSDT F7D38820 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xA9FB9AE4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xA9FB9B3C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xA9FB9BFA]
SSDT F7D3885C ZwReplaceKey
SSDT F7D38857 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xA9FB9CB6]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xA9FB9D74]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xA9FB9D08]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xA9FB9DDE]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xA9FB9E30]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xA9FB9E90]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xA9FB9EF4]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF718CF80]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- EOF - GMER 1.0.15 ----

**Dreams** · November 14th, 2010, 08:29 PM

MBR Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7B0D000 \WINDOWS\system32\KDCOM.DLL
0xF7A1D000 \WINDOWS\system32\BOOTVID.dll
0xF75BE000 ACPI.sys
0xF7B0F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AD000 pci.sys
0xF760D000 isapnp.sys
0xF7BD5000 pciide.sys
0xF788D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF761D000 MountMgr.sys
0xF758E000 ftdisk.sys
0xF7B11000 dmload.sys
0xF7568000 dmio.sys
0xF7895000 PartMgr.sys
0xF762D000 VolSnap.sys
0xF7550000 atapi.sys
0xF763D000 disk.sys
0xF764D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7530000 fltMgr.sys
0xF751E000 sr.sys
0xF789D000 PxHelp20.sys
0xF7507000 KSecDD.sys
0xF747A000 Ntfs.sys
0xF744D000 NDIS.sys
0xF7433000 Mup.sys
0xF776D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF729B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7287000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7266000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF792D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7242000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7935000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7202000 \SystemRoot\system32\drivers\smwdm.sys
0xF71DE000 \SystemRoot\system32\drivers\portcls.sys
0xF777D000 \SystemRoot\system32\drivers\drmk.sys
0xF71BB000 \SystemRoot\system32\drivers\ks.sys
0xF7108000 \SystemRoot\system32\drivers\senfilt.sys
0xF70F4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF778D000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AC9000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF779D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77AD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77BD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77CD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7BE1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AD1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF70DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77FD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF793D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF70CC000 \SystemRoot\system32\DRIVERS\psched.sys
0xF780D000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7945000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF794D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF709C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF781D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7955000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF795D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF705C000 \SystemRoot\system32\DRIVERS\pctfw.sys
0xF7B37000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6FFE000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AF1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF783D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF785D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B39000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B3B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D2C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B3D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF797D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7985000 \SystemRoot\System32\drivers\vga.sys
0xF7B3F000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B41000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF798D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7995000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73E2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA6C5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA66C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA646000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xAA620000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA5D0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF766D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA5AE000 \SystemRoot\System32\drivers\afd.sys
0xF767D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF799D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA589000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF79A5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA55E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA4EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF768D000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7AB5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF769D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79AD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAA4CB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B45000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7090000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF708C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF76BD000 \SystemRoot\system32\drivers\usbaudio.sys
0xF76CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7084000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xAA48B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B49000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA70C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79CD000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C58000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA336000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAA35B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA101000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B9F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA9FB0000 \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
0xA9F58000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9D3B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9E70000 \SystemRoot\system32\drivers\sysaudio.sys
0xA99D5000 \??\C:\WINDOWS\system32\drivers\pctplfw.sys
0xA96EC000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9479000 \??\C:\DOCUME~1\SASSYD~1.002\LOCALS~1\Temp\uwtdypod.sys
0xA944E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
692 C:\WINDOWS\system32\smss.exe
748 csrss.exe
772 C:\WINDOWS\system32\winlogon.exe
816 C:\WINDOWS\system32\services.exe
828 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1080 svchost.exe
1156 C:\WINDOWS\system32\svchost.exe
1224 svchost.exe
1312 svchost.exe
1376 C:\WINDOWS\system32\spoolsv.exe
1412 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1460 svchost.exe
1524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1576 C:\Program Files\Bonjour\mDNSResponder.exe
1584 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1640 C:\Program Files\Java\jre6\bin\jqs.exe
1676 C:\Program Files\PC Tools Firewall Plus\FWService.exe
336 C:\WINDOWS\explorer.exe
956 C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
1176 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1196 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1252 C:\WINDOWS\system32\hkcmd.exe
1264 C:\WINDOWS\system32\igfxpers.exe
1404 C:\Program Files\iTunes\iTunesHelper.exe
1984 C:\WINDOWS\system32\ctfmon.exe
2220 C:\Program Files\Microsoft Office\Office\OSA.EXE
2792 C:\Program Files\iPod\bin\iPodService.exe
2808 alg.exe
3092 C:\WINDOWS\system32\wscntfy.exe
3372 C:\WINDOWS\system32\svchost.exe
3296 C:\Documents and Settings\Sassy D.ZIKLAG.002\Dreams\sprogs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAVS-00N7B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**Dreams** · November 14th, 2010, 08:30 PM

DDS.txt

DDS (Ver_10-11-10.01) - NTFSx86
Run by Sassy D at 19:20:33.73 on Sun 11/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sassy D.ZIKLAG.002\Dreams\sprogs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sassyd~1.002\applic~1\mozilla\firefox\profiles\pqoat39i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-5 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-28 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-5 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-5 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-28 60936]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-2-28 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-2-28 146800]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-2-28 95640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 19:22:35.26 ===============

**Dreams** · November 14th, 2010, 08:31 PM

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2010 3:42:11 PM
System Uptime: 11/14/2010 5:00:03 PM (2 hours ago)

Motherboard: Dell Inc. | | 0RJ290
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 286.481 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 4/19/2010 8:50:02 PM - Software Distribution Service 3.0
RP47: 4/29/2010 2:29:08 PM - Software Distribution Service 3.0
RP48: 4/30/2010 4:53:29 PM - Installed HP Precisionscan Pro 3.1
RP49: 4/30/2010 5:00:07 PM - Removed HP Precisionscan Pro 3.1
RP50: 5/2/2010 7:14:58 PM - Installed HP Precisionscan Pro 3.1
RP51: 5/4/2010 10:14:06 PM - Installed StuffIt Expander 2010.
RP52: 5/20/2010 12:04:50 AM - Software Distribution Service 3.0
RP53: 5/26/2010 12:42:14 AM - Software Distribution Service 3.0
RP54: 6/8/2010 11:48:14 PM - Software Distribution Service 3.0
RP55: 6/20/2010 12:02:59 AM - Removed iTunes
RP56: 6/20/2010 12:05:38 AM - Removed Apple Software Update
RP57: 6/20/2010 12:06:05 AM - Removed Apple Mobile Device Support
RP58: 6/20/2010 12:06:52 AM - Removed Apple Application Support
RP59: 6/20/2010 12:07:57 AM - Removed StuffIt Expander 2010.
RP60: 6/20/2010 12:18:29 AM - Installed iTunes
RP61: 6/20/2010 12:20:39 AM - Configured iTunes
RP62: 6/20/2010 12:26:08 AM - Installed iTunes
RP63: 6/20/2010 1:04:03 PM - Installed Windows Installer Clean Up
RP64: 6/20/2010 1:12:09 PM - Installed iTunes
RP65: 6/20/2010 1:14:15 PM - Configured iTunes
RP66: 6/20/2010 1:38:00 PM - Installed iPod for Windows 2006-03-23
RP67: 6/20/2010 1:59:44 PM - Removed Bonjour
RP68: 6/20/2010 2:00:06 PM - Configured iPod for Windows 2006-03-23
RP69: 6/20/2010 2:19:19 PM - Installed iPod for Windows 2006-03-23
RP70: 6/20/2010 9:41:40 PM - Installed Tunebite
RP71: 6/20/2010 9:47:28 PM - Removed Tunebite
RP72: 7/24/2010 1:01:47 AM - Software Distribution Service 3.0
RP73: 7/1/2010 7:08:45 PM - Installed iTunes
RP74: 7/3/2010 12:13:58 AM - Removed Apple Mobile Device Support
RP75: 7/3/2010 12:14:39 AM - Removed Apple Software Update
RP76: 7/3/2010 12:15:09 AM - Removed Apple Application Support
RP77: 7/3/2010 12:15:48 AM - Removed Bonjour
RP78: 7/3/2010 12:16:39 AM - Removed iTunes
RP79: 7/3/2010 12:19:02 AM - Configured iPod for Windows 2006-03-23
RP80: 7/3/2010 12:19:41 AM - Removed QuickTime
RP81: 7/3/2010 12:35:23 AM - Installed iTunes
RP82: 7/3/2010 1:26:31 PM - Installed iTunes
RP83: 7/14/2010 12:33:52 AM - Software Distribution Service 3.0
RP84: 8/4/2010 12:26:01 AM - Software Distribution Service 3.0
RP85: 8/12/2010 6:45:31 PM - Software Distribution Service 3.0
RP86: 9/14/2010 11:53:41 PM - Software Distribution Service 3.0
RP87: 9/16/2010 1:00:04 AM - Software Distribution Service 3.0
RP88: 9/17/2010 8:10:52 PM - Installed Java(TM) 6 Update 21
RP89: 9/29/2010 1:14:26 AM - Software Distribution Service 3.0
RP90: 10/7/2010 1:59:34 AM - Software Distribution Service 3.0
RP91: 10/8/2010 11:35:31 PM - Software Distribution Service 3.0
RP92: 10/13/2010 11:11:25 PM - Restore Operation
RP93: 10/13/2010 11:28:48 PM - Installed Adobe Premiere Pro 1.5
RP94: 10/13/2010 11:30:40 PM - Installed Windows Media Format 9 Series Runtime Setup
RP95: 10/13/2010 11:35:18 PM - Installed Adobe Premiere Pro 1.5
RP96: 10/13/2010 11:41:30 PM - Installed Adobe Premiere Pro 1.5
RP97: 10/13/2010 11:42:13 PM - Installed Windows Media Format 9 Series Runtime Setup
RP98: 10/13/2010 11:54:48 PM - Installed Adobe Premiere Pro 1.5
RP99: 10/13/2010 11:56:01 PM - Installed Windows Media Format 9 Series Runtime Setup
RP100: 10/14/2010 8:56:35 PM - Software Distribution Service 3.0
RP101: 11/10/2010 11:58:05 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0.1
Adobe Photoshop 6.0
Adobe Premiere Pro 1.5
Adobe Reader 8
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Any Video Converter 3.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
BOWEP setup
Broadcom Gigabit Integrated Controller
DScaler 5 Mpeg Decoders
DVD Flick 1.3.0.7
ffdshow [rev 3124] [2009-11-03]
FileZilla Client 3.3.2
Gabest MPEG Splitter (remove only)
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Precisionscan Pro 3.1
IconArt
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 19
LimeWire 5.2.13
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 97, Standard Edition
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.11)
MSN
OpenSource AVI Splitter (remove only)
OpenSource Flash Video Splitter (remove only)
PC Tools Firewall Plus 5.0
PixiePack Codec Pack
Prism Video File Converter
QuickTime
RealMedia (remove only)
Russian Phonetic YaZHert - WinRus.com
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.2
SoundMAX
SUPERAntiSpyware Free Edition
Ulead GIF Animator 4.0 Full Version
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
USB Video Device
Verizon Online DSL
Warriors Screensaver
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Xilisoft iPod Video Converter

==== Event Viewer Messages From Past Week ========

11/8/2010 7:35:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
11/8/2010 7:35:17 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2010 5:43:03 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/14/2010 5:10:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/13/2010 1:30:34 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

==== End Of File ===========================

**Broni** · November 14th, 2010, 08:53 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Dreams** · November 15th, 2010, 09:25 PM

I couldn't get Combofix to work under any circumstances - normal, safe mode, with rkill, with rkill in safe mode. Every time, it told me that I had "CA Anti-Virus" installed and it wouldn't be safe to run it unless I uninstalled it. I don't know what that program is, and I don't have it installed. The only anti-virus program I've used on here is Avira, which was disabled when I tried to run it.

**Broni** · November 15th, 2010, 09:34 PM

Probably, it was installed in the past.
Try to run couple of CA uninstallers:
http://homeofficekb.ca.com/CIDocumen...rk=0&KDId=3153
http://homeofficekb.ca.com/CIDocumen...4C806F3CE0ADAE
Try BOTH of them.

**Dreams** · November 16th, 2010, 11:39 PM

Okay, that did the trick.

Combofix log:

ComboFix 10-11-12.01 - Sassy D 11/16/2010 22:29:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -5:00]
Running from: c:\documents and settings\Sassy D.ZIKLAG.002\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 02:41 . 2010-11-17 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CA-SupportBridge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 01:06 . 2010-03-05 18:32 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-04 01:06 . 2010-02-28 21:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 16:23 . 2008-08-21 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-08-21 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-08-21 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-08-21 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2008-08-21 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2008-08-21 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2008-08-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2008-08-21 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2008-08-21 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2008-08-21 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2008-08-21 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2008-08-21 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-28 22:09 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-08-21 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-08-21 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-08-21 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-08-21 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-08-21 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-15 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-15 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-5 51984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-08-01 21:10 675840 ----a-w- c:\windows\vsnp2uvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]
2008-08-15 19:05 253952 ----a-w- c:\windows\tsnp2uvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2/28/2010 4:09 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/5/2010 1:32 PM 135336]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2/28/2010 4:09 PM 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2/28/2010 4:08 PM 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\prismSevenDays.job
- c:\program files\NCH Software\Prism\prism.exe [2010-10-14 04:12]

2010-10-14 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-10-14 04:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Sassy D.ZIKLAG.002\Application Data\Mozilla\Firefox\Profiles\pqoat39i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-16 22:36:48
ComboFix-quarantined-files.txt 2010-11-17 03:36

Pre-Run: 307,482,583,040 bytes free
Post-Run: 308,079,366,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 562281C5507BB7E1A2C67EBE7D9D8F40

Thread: [RESOLVED] Intermittent freezing

Thread Tools

Search Thread

Display

[RESOLVED] Intermittent freezing

Thread Information

Users Browsing this Thread

Posting Permissions