puckster
2010-09-27, 00:22
Please excuse any break in protocol here as I am first time poster.
Picked up something recently which began with re-directed searches and escalated to svchost.exe failures.
Then system became inoperative.
Many scans with S&D, Zone Alarm AV (primary running resident), Malwarebytes, AdAware, Kaspersky, et all found various Trojans, malware, etc which have been quarentined or removed.
Most seemed attached to ZA so uninstalled.
Performance has improved greatly but web searches still being re-directed and occasionally having svchost failures.
As per your FAQ, have attached Attach.zip and here is DDS report:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Patrik at 13:24:16.50 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2171 [GMT -7:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrik\My Documents\utilities\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uInternet Settings,ProxyServer = http=
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0346.1\npwinext.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0346.1\npwinext.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\docume~1\patrik\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\patrik\my documents\utilities\virus removal tool\setup_9.0.0.722_26.09.2010_20-28\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201139400953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239459829234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 95344272;95344272 Boot Guard Driver;c:\windows\system32\drivers\95344272.sys [2010-9-26 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-25 64288]
R1 95344271;95344271;c:\windows\system32\drivers\95344271.sys [2010-9-26 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-25 165584]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-1-9 7040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 setup_9.0.0.722_26.09.2010_20-28drv;setup_9.0.0.722_26.09.2010_20-28drv;c:\windows\system32\drivers\9534427.sys [2010-9-26 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\patrik\locals~1\temp\alsysio.sys --> c:\docume~1\patrik\locals~1\temp\ALSysIO.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-16 12672]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-1-9 17792]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 utewmtg5;AVZ Kernel Driver;c:\windows\system32\drivers\utewmtg5.sys [2010-9-26 7168]
=============== Created Last 30 ================
2010-09-26 19:34:28 37392 ----a-w- c:\windows\system32\drivers\95344272.sys
2010-09-26 19:34:28 315408 ----a-w- c:\windows\system32\drivers\9534427.sys
2010-09-26 19:34:28 128016 ----a-w- c:\windows\system32\drivers\95344271.sys
2010-09-26 18:44:46 7168 ----a-w- c:\windows\system32\drivers\utewmtg5.sys
2010-09-25 21:51:44 0 d-----w- c:\windows\Internet Logs
2010-09-25 15:13:40 38848 ----a-w- c:\windows\avastSS.scr
2010-09-25 15:13:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-25 15:09:19 0 d-----w- c:\docume~1\patrik\applic~1\SUPERAntiSpyware.com
2010-09-25 15:09:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-25 15:09:06 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-24 03:07:40 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-19 17:44:25 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-19 16:44:29 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-19 16:44:28 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-19 16:44:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-19 16:44:23 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-19 16:44:09 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-19 16:44:09 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-09-19 16:44:06 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-19 16:44:05 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-19 16:44:03 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-19 16:44:02 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-09-19 16:44:00 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-19 16:42:55 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-09-19 16:42:49 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-09-19 16:42:42 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-09-19 16:42:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-09-19 16:42:19 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-09-19 16:42:12 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-09-19 16:42:11 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-19 16:42:10 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-19 16:42:03 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-09-19 16:42:02 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-09-19 16:42:00 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-09-19 16:40:58 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-09-19 16:39:57 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-09-19 16:38:59 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-09-19 16:37:59 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2010-09-19 16:36:59 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-09-19 16:35:57 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-09-19 16:34:58 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-09-19 16:33:59 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-09-19 16:32:59 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-09-19 16:31:58 91136 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-09-19 16:30:58 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-09-19 16:29:59 31232 ----a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-09-19 16:28:59 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2010-09-19 16:27:59 26698 ----a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2010-09-19 16:26:59 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-09-19 16:25:59 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2010-09-18 23:54:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-16 23:47:20 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cb55f980596130.mof
==================== Find3M ====================
2010-09-26 20:14:07 15295 ----a-w- c:\program files\startuplist.txt
2010-09-26 20:12:29 8880 ----a-w- c:\program files\hijackthis.log
2010-09-25 00:42:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-10 17:53:28 25600 ----a-r- c:\program files\LeakTest.exe
2010-05-31 16:07:35 20656301 ----a-w- c:\program files\BotHunter.Windows.1.5.0.482C10BB2692.EXE
2010-05-31 02:59:29 388608 ----a-w- c:\program files\HijackThis.exe
2008-01-20 23:18:40 2460 ------w- c:\program files\SuperDAT.log
2008-01-20 20:08:51 7467056 ------w- c:\program files\spybotsd15.exe
2008-10-29 22:38:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat
============= FINISH: 13:25:36.53 ===============
Again, hopefully I have provided the correct info and in correct format.
Thank you for any assistance you can provided.
Puckster
Picked up something recently which began with re-directed searches and escalated to svchost.exe failures.
Then system became inoperative.
Many scans with S&D, Zone Alarm AV (primary running resident), Malwarebytes, AdAware, Kaspersky, et all found various Trojans, malware, etc which have been quarentined or removed.
Most seemed attached to ZA so uninstalled.
Performance has improved greatly but web searches still being re-directed and occasionally having svchost failures.
As per your FAQ, have attached Attach.zip and here is DDS report:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Patrik at 13:24:16.50 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2171 [GMT -7:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft IntelliPoint\IPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrik\My Documents\utilities\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uInternet Settings,ProxyServer = http=
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0346.1\npwinext.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0346.1\npwinext.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\docume~1\patrik\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\patrik\my documents\utilities\virus removal tool\setup_9.0.0.722_26.09.2010_20-28\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201139400953
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239459829234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 95344272;95344272 Boot Guard Driver;c:\windows\system32\drivers\95344272.sys [2010-9-26 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-25 64288]
R1 95344271;95344271;c:\windows\system32\drivers\95344271.sys [2010-9-26 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-25 165584]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-1-9 7040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 setup_9.0.0.722_26.09.2010_20-28drv;setup_9.0.0.722_26.09.2010_20-28drv;c:\windows\system32\drivers\9534427.sys [2010-9-26 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-25 40384]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\patrik\locals~1\temp\alsysio.sys --> c:\docume~1\patrik\locals~1\temp\ALSysIO.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-16 12672]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-1-9 17792]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 utewmtg5;AVZ Kernel Driver;c:\windows\system32\drivers\utewmtg5.sys [2010-9-26 7168]
=============== Created Last 30 ================
2010-09-26 19:34:28 37392 ----a-w- c:\windows\system32\drivers\95344272.sys
2010-09-26 19:34:28 315408 ----a-w- c:\windows\system32\drivers\9534427.sys
2010-09-26 19:34:28 128016 ----a-w- c:\windows\system32\drivers\95344271.sys
2010-09-26 18:44:46 7168 ----a-w- c:\windows\system32\drivers\utewmtg5.sys
2010-09-25 21:51:44 0 d-----w- c:\windows\Internet Logs
2010-09-25 15:13:40 38848 ----a-w- c:\windows\avastSS.scr
2010-09-25 15:13:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-25 15:09:19 0 d-----w- c:\docume~1\patrik\applic~1\SUPERAntiSpyware.com
2010-09-25 15:09:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-25 15:09:06 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-24 03:07:40 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-19 17:44:25 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-19 16:44:29 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-19 16:44:28 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-19 16:44:26 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-19 16:44:23 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-19 16:44:09 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-09-19 16:44:09 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-09-19 16:44:06 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-09-19 16:44:05 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-09-19 16:44:03 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-09-19 16:44:02 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-09-19 16:44:00 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-09-19 16:42:55 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-09-19 16:42:49 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-09-19 16:42:42 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-09-19 16:42:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-09-19 16:42:19 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-09-19 16:42:12 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-09-19 16:42:11 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-19 16:42:10 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-19 16:42:03 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-09-19 16:42:02 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-09-19 16:42:00 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-09-19 16:40:58 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-09-19 16:39:57 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-09-19 16:38:59 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-09-19 16:37:59 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2010-09-19 16:36:59 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-09-19 16:35:57 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-09-19 16:34:58 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-09-19 16:33:59 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-09-19 16:32:59 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-09-19 16:31:58 91136 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-09-19 16:30:58 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-09-19 16:29:59 31232 ----a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-09-19 16:28:59 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2010-09-19 16:27:59 26698 ----a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2010-09-19 16:26:59 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
2010-09-19 16:25:59 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2010-09-18 23:54:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-16 23:47:20 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cb55f980596130.mof
==================== Find3M ====================
2010-09-26 20:14:07 15295 ----a-w- c:\program files\startuplist.txt
2010-09-26 20:12:29 8880 ----a-w- c:\program files\hijackthis.log
2010-09-25 00:42:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-12 08:55:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\dllcache\schannel.dll
2010-06-10 17:53:28 25600 ----a-r- c:\program files\LeakTest.exe
2010-05-31 16:07:35 20656301 ----a-w- c:\program files\BotHunter.Windows.1.5.0.482C10BB2692.EXE
2010-05-31 02:59:29 388608 ----a-w- c:\program files\HijackThis.exe
2008-01-20 23:18:40 2460 ------w- c:\program files\SuperDAT.log
2008-01-20 20:08:51 7467056 ------w- c:\program files\spybotsd15.exe
2008-10-29 22:38:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat
============= FINISH: 13:25:36.53 ===============
Again, hopefully I have provided the correct info and in correct format.
Thank you for any assistance you can provided.
Puckster