View Full Version : IE Hijacked
Hello.
I have a laptop that is infected with FakeAlert trojan on it. IE also won't open. It briefly opens, then immediately closes even in safe mode.
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:30 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\regsvr32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\system32\winsystems.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Pat\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9657 bytes
Thanks!
Hi ginus
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post:
- mbam log
- rsit logs (taken after mbam run)
Hi Shaba. Thanks for the reply!
mbam log:
Malwarebytes' Anti-Malware 1.33
Database version: 1691
Windows 5.1.2600 Service Pack 3
1/25/2009 12:12:10 PM
mbam-log-2009-01-25 (12-12-10).txt
Scan type: Full Scan (C:\|)
Objects scanned: 88799
Time elapsed: 32 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b014b81-4e12-46f9-806f-55867af8fd3c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\winsystems.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
rsit log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Pat at 2009-01-25 12:12:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 103 GB (90%) free of 114 GB
Total RAM: 894 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:12 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Pat\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pat.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Pat\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9387 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-16 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-12-24 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-08 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-12-24 2554944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-04-23 303104]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-24 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\DOCUME~1\Pat\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-28 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-01-25 12:12:48 ----D---- C:\rsit
2009-01-13 20:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
======List of files/folders modified in the last 1 months======
2009-01-25 12:13:12 ----D---- C:\WINDOWS\Temp
2009-01-25 12:12:54 ----D---- C:\WINDOWS\Prefetch
2009-01-25 12:12:10 ----D---- C:\WINDOWS\system32
2009-01-25 11:37:27 ----D---- C:\WINDOWS
2009-01-25 11:36:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-25 11:36:18 ----D---- C:\MDT
2009-01-25 11:35:51 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-01-21 21:40:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-21 21:20:45 ----HD---- C:\WINDOWS\inf
2009-01-21 21:20:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 21:10:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-21 20:03:01 ----HD---- C:\$AVG8.VAULT$
2009-01-21 19:42:33 ----RD---- C:\Program Files
2009-01-21 19:04:57 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 19:04:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-21 16:48:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-19 17:44:35 ----D---- C:\Documents and Settings\Pat\Application Data\Google
2009-01-19 14:46:22 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-19 14:39:34 ----SD---- C:\WINDOWS\Tasks
2009-01-18 21:34:45 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-18 21:34:40 ----D---- C:\Program Files\Internet Explorer
2009-01-13 20:50:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-16 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-16 76040]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-04-23 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 168432]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 152984]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).
Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
:commands
[EmptyTemp]
[reboot]
Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run rsit.
Post:
- a fresh rsit log
- otmoveit3 log
I had to reboot, so I could not copy what was in the Results window.
MoveIt log:
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Pat\LOCALS~1\Temp\Perflib_Perfdata_8a0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Pat\LOCALS~1\Temp\Perflib_Perfdata_ea4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF373.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF4AA4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF6A2B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_520.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_125409
Files moved on Reboot...
File C:\DOCUME~1\Pat\LOCALS~1\Temp\Perflib_Perfdata_8a0.dat not found!
File C:\DOCUME~1\Pat\LOCALS~1\Temp\Perflib_Perfdata_ea4.dat not found!
File C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF373.tmp not found!
C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF4AA4.tmp moved successfully.
C:\DOCUME~1\Pat\LOCALS~1\Temp\~DF6A2B.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_520.dat not found!
rsit log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Pat at 2009-01-25 13:01:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 103 GB (90%) free of 114 GB
Total RAM: 894 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:16 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Pat\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pat.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Pat\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9514 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-16 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-12-24 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-08 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-12-24 2554944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-27 851968]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-04-23 303104]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-24 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\DOCUME~1\Pat\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-28 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-01-25 12:54:09 ----D---- C:\_OTMoveIt
2009-01-25 12:12:48 ----D---- C:\rsit
2009-01-13 20:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
======List of files/folders modified in the last 1 months======
2009-01-25 13:01:16 ----D---- C:\WINDOWS\Temp
2009-01-25 13:00:28 ----D---- C:\WINDOWS
2009-01-25 12:59:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-25 12:59:09 ----D---- C:\MDT
2009-01-25 12:58:39 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-01-25 12:57:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 12:54:09 ----SD---- C:\WINDOWS\Tasks
2009-01-25 12:53:58 ----D---- C:\WINDOWS\Prefetch
2009-01-25 12:12:10 ----D---- C:\WINDOWS\system32
2009-01-25 11:48:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-21 21:20:45 ----HD---- C:\WINDOWS\inf
2009-01-21 21:20:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 21:10:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-21 20:03:01 ----HD---- C:\$AVG8.VAULT$
2009-01-21 19:42:33 ----RD---- C:\Program Files
2009-01-21 19:04:57 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 19:04:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-19 17:44:35 ----D---- C:\Documents and Settings\Pat\Application Data\Google
2009-01-19 14:46:22 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-18 21:34:45 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-18 21:34:40 ----D---- C:\Program Files\Internet Explorer
2009-01-13 20:50:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-16 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-16 76040]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-04-23 12672]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-23 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-23 209152]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-04-23 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-04-27 202912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-23 730112]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-08 168432]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 152984]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
I can not open internet explorer. I've been using a usb drive to move files and posting from a different computer. Do you want me to try installing a different browser by downloading from a different computer or do you think that won't even work?
Then we will check this next:
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site 1 (http://hype.free.googlepages.com/gmer.zip)
alternate download site 2 (http://www.castlecops.com/downloads-file-546.html)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
I don't see where I can click on 'Settings'. Do you want me to run the scan as is?
I found Setting. It's on another tab. I'm going through your steps now. Sorry.
Glad that you sorted out it :)
Here is the gmer log file:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-25 13:49:51
Windows 5.1.2600 Service Pack 3
---- Kernel code sections - GMER 1.0.14 ----
PAGE ntkrnlpa.exe!ZwSetSystemInformation + 4 8060F3CA 1 Byte [ 6E ]
---- Devices - GMER 1.0.14 ----
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmhxt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSnrsr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
---- EOF - GMER 1.0.14 ----
That will change plans some:
Please print out and follow these instructions: "How to use SDFix (http://www.bleepingcomputer.com/forums/topic131299.html)". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
Disconnect from the Internet and temporarily disable your anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html), script blocking and any real time protection programs before performing a scan.
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
Please copy and paste the contents of Report.txt in your next reply.
Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
ok. that's done.
log file:
SDFix: Version 1.240
Run by Pat on Sun 01/25/2009 at 02:10 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 14:16:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 24 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 1 Dec 2008 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\BIT1.tmp"
Tue 29 Jan 2008 8 A..H. --- "C:\Documents and Settings\Pat\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 29 Jan 2008 8 A..H. --- "C:\Documents and Settings\Pat\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 29 Jan 2008 8 A..H. --- "C:\Documents and Settings\Pat\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 29 Jan 2008 8 A..H. --- "C:\Documents and Settings\Pat\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Tue 25 Dec 2007 8 A..H. --- "C:\Documents and Settings\Tom\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 25 Dec 2007 8 A..H. --- "C:\Documents and Settings\Tom\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 25 Dec 2007 8 A..H. --- "C:\Documents and Settings\Tom\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 25 Dec 2007 8 A..H. --- "C:\Documents and Settings\Tom\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT11.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT13.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT15.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT17.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT19.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT1B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT1D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT1F.tmp"
Wed 12 Nov 2008 10,752 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT2.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT21.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT23.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT25.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT27.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT29.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT2B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT2D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT2F.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT3.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT31.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT33.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT35.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT37.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT39.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT3B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT3D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT3F.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT41.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT43.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT45.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT47.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT49.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT4B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT4D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT4F.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT5.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT51.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT53.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT55.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT57.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT59.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT5B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT5D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT5F.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT61.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT63.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT7.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BIT9.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BITB.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BITD.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5230344222802393249\BITF.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT10.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT12.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT14.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT16.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT18.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT1A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT1C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT1E.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT20.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT22.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT24.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT26.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT28.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT2A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT2C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT2E.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT30.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT32.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT34.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT36.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT38.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT3A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT3C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT3E.tmp"
Wed 12 Nov 2008 15,020 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT4.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT40.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT42.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT44.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT46.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT48.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT4A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT4C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT4E.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT50.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT52.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT54.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT56.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT58.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT5A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT5C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT5E.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT6.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT60.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT62.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT64.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT65.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BIT8.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BITA.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BITC.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~pilotandy~albumid~5178540753309094737\BITE.tmp"
Wed 12 Nov 2008 14,781 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT66.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT67.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT68.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT69.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6A.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6B.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6C.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6D.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6E.tmp"
Wed 12 Nov 2008 0 A..H. --- "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Google Desktop\54b1263677f4\Slideshow\picasaweb.google.com~data~feed~base~user~jdelveau~albumid~5248467277191642385\BIT6F.tmp"
Finished!
That looks better :)
Please rerun gmer and post back a fresh gmer log.
fresh gmer log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-25 14:36:22
Windows 5.1.2600 Service Pack 3
---- Kernel code sections - GMER 1.0.14 ----
? C:\DOCUME~1\Pat\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 003BB467
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 003BB27A
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 003B6CA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003B7881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 003B962B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 003B804D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003B7A66
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 003B8EA6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 003BAB0E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 003BAB3E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 003BB681
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 003BA868
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 003B95BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 003B870D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 003B7E61
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 003B83A9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 003BB9AD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 003B90A5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 003B94B7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 003B9BFA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 003B98EA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 003B9BA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 003BA1E4
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 003B9CF2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 003B7C75
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 003B8662
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 003BABE9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 003B99AC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 003B956E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 003B92E2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 003B96BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 003BB68D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 003B9881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 003BB812
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 003BB7E0
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 003BB935
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 003BB991
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 003BB87E
---- Devices - GMER 1.0.14 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\USBSTOR \Device\0000007e F78C1218
Device \Driver\USBSTOR \Device\0000007f F78C1218
---- EOF - GMER 1.0.14 ----
That is fine now :)
Please now install firefox and let me know if you can run online scan with it.
Doing the online Kapersky scan I get the message "Starting Java applet has failed! Please go online to use this program."
I'm doing this using Firefox and have Java version 6 update 11. I googled the error and see others with the same issue, but no resolution. I will keep looking.
You can try this with IE, if it doesn't work, we will try something else.
Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
Ie still won't open. :)
I installed ie tab in firefox and am trying that.
Kapersky still wouldn't work, but I'm running eset now.
Here is the log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3798 (20090125)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=632d499e352da749a394ee7b987d96a4
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-25 09:12:59
# local_time=2009-01-25 04:12:59 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=183451
# found=0
# scan_time=2098
I was finally able to run Kapersky and it found no threats. IE still won't stay open though.
Sorry for delay.
Scan log looks fine.
As for IE issue, you can try installing IE8 beta.
Some other issues left?
Hi Shaba.
I think I'm good. using Firefox is working. I'll try the IE beta.
Thanks so much for your help!
You can close this now.
ginus
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Next we remove all used tools.
You can delete rsit and c:\rsit folder.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
I will follow these steps. Thanks again!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.