Blade, hello again
I’ve followed all your instructions, logs below. I’m going to mention a couple of things, in case they are useful to know, but sorry if they’re not of use:
About Bit Torrent and DNA, I wasn’t using them before the infection was first detected. They hadn’t been used since last April, when a friend of mine installed them on my computer.
Something seems strange about my Flash player. I first noticed it several weeks ago, when I last updated it. No matter what I do, I can't seem to get rid of the old player and get a new one.
When I go to test Flash player at that same link you gave, it says it is the latest version, 10.0.45.2. However, when I go to C:\Windows\system32\Macromed\Flash, and hover over the player, it says it’s an older version, “File version: 10.0.22.87,” and shows an old date on it.
So today, I uninstalled and installed a fresh version of Flash player, per your instructions.
It made me install Get(+)plus and Adobe Download Manager, again.
Now, after reinstalling Flash player, it still says I have the latest version, 10.0.45.2, at the test link you gave. But when I go to the folder and hover over the player, it still says older version, File version: 10.0.22.87, created in June 2009.
The only browser I’m running on this computer is IE.
Thank you for helping me!
ComboFix 10-04-11.01 - Owner 04/11/2010 21:13:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.198 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\plugins\npbtdna.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.
2010-04-12 03:12 . 2010-04-12 03:19 -------- d-----w- c:\documents and settings\All Users.WINXPHM\Application Data\NOS
2010-04-12 03:12 . 2010-04-12 03:12 -------- d-----w- c:\program files\NOS
2010-04-06 21:56 . 2010-04-06 21:56 -------- d-----w- c:\program files\TrendMicro
2010-04-06 21:40 . 2010-04-06 21:40 -------- d-----w- c:\program files\ERUNT
2010-04-06 05:11 . 2010-04-11 09:14 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-04-06 01:42 . 2010-04-06 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-06 01:41 . 2010-04-06 01:41 -------- d-----w- c:\documents and settings\All Users.WINXPHM\Application Data\Malwarebytes
2010-04-06 01:41 . 2010-04-11 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 21:05 . 2010-04-05 21:05 -------- d-----w- c:\documents and settings\All Users.WINXPHM\Application Data\SUPERAntiSpyware.com
2010-04-05 21:05 . 2010-04-05 21:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-05 21:05 . 2010-04-05 21:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-05 20:59 . 2010-04-05 20:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-05 20:50 . 2010-04-05 20:50 2388895 ----a-w- C:\MGtools.exe
2010-04-05 19:59 . 2010-04-05 20:00 -------- d-----w- c:\program files\CCleaner
2010-04-05 11:42 . 2010-04-05 11:42 -------- d-----w- c:\program files\Common Files\Java
2010-03-25 12:22 . 2010-04-05 12:21 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 14:52 . 2010-04-05 21:07 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-06 21:56 . 2010-04-06 21:56 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-05 21:07 . 2010-04-05 21:07 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-05 20:29 . 2009-04-06 20:05 -------- d-----w- c:\documents and settings\All Users.WINXPHM\Application Data\Spybot - Search & Destroy
2010-04-05 11:31 . 2010-04-05 11:31 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5da2969d-n\msvcp71.dll
2010-04-05 11:31 . 2010-04-05 11:31 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5da2969d-n\jmc.dll
2010-04-05 11:31 . 2010-04-05 11:31 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5da2969d-n\msvcr71.dll
2010-04-05 11:31 . 2010-04-05 11:31 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6751b1b7-n\decora-sse.dll
2010-04-05 11:31 . 2010-04-05 11:31 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6751b1b7-n\decora-d3d.dll
2010-04-05 11:29 . 2009-04-20 20:44 411368 ----a-w- c:\winxphm\system32\deploytk.dll
2010-03-11 12:38 . 2009-04-06 01:55 832512 ------w- c:\winxphm\system32\wininet.dll
2010-03-11 12:38 . 2009-08-13 05:02 78336 ----a-w- c:\winxphm\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-06 01:54 17408 ----a-w- c:\winxphm\system32\corpol.dll
2010-03-02 18:02 . 2009-04-09 05:08 7442880 ----a-w- c:\winxphm\Internet Logs\tvDebug.Zip
2010-02-23 22:26 . 2010-02-23 22:26 161296 ----a-w- c:\winxphm\system32\drivers\tmcomm.sys
2007-02-23 05:08 . 2008-10-31 19:51 925696 ----a-w- c:\program files\GSpot.exe
2007-02-20 00:28 . 2008-10-31 19:51 117974 -c--a-r- c:\program files\GSpot27.dat
2007-01-17 07:37 . 2008-10-31 19:51 3615 -c--a-r- c:\program files\license.txt
2007-01-17 07:37 . 2008-10-31 19:51 10684 -c--a-r- c:\program files\ExportFormat.txt
2005-12-26 05:24 . 2005-12-26 05:24 895488 ----a-w- c:\program files\iview397.exe
2005-12-26 04:36 . 2005-12-26 14:12 900277 ----a-w- c:\program files\HYDEIST music room.EXE
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_16.52.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-12 04:08 . 2010-04-12 04:08 16384 c:\winxphm\Temp\Perflib_Perfdata_1a0.dat
- 2010-03-09 05:10 . 2010-03-09 05:10 84507 c:\winxphm\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-04-12 03:15 . 2010-04-12 03:15 84507 c:\winxphm\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 23040 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 23040 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 61440 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 61440 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 27136 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 27136 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 11264 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 11264 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 86016 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 86016 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 12288 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 12288 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 4096 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 4096 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 409600 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 409600 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 286720 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 286720 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 249856 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 249856 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 794624 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 794624 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 135168 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 135168 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-08 23:08 . 2010-04-11 15:12 593920 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-08 23:08 . 2010-04-11 17:10 593920 c:\winxphm\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winxphm\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\winxphm\System32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"IMJPMIG8.1"="c:\winxphm\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\winxphm\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\winxphm\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\winxphm\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 08:10 11952 ----a-w- c:\winxphm\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winxphm\system32\drivers\avgldx86.sys [4/10/2009 2:33 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winxphm\system32\drivers\avgtdix.sys [4/10/2009 2:33 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/10/2009 2:33 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/10/2009 2:33 AM 297752]
R3 P0630VID;Creative WebCam Live!;c:\winxphm\system32\drivers\P0630Vid.sys [12/20/2009 12:59 PM 91841]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.safer-networking.org/en/index.html
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 21:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winxphm\system32\WININET.dll
.
Completion time: 2010-04-11 21:31:21
ComboFix-quarantined-files.txt 2010-04-12 04:31
ComboFix2.txt 2010-04-11 16:58
Pre-Run: 14,705,389,568 bytes free
Post-Run: 14,677,856,256 bytes free
- - End Of File - - FA5BCDC1B772475EAF3D0F850ABC5104
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 12, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 12, 2010 02:21:53
Records in database: 3936778
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 130236
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:02:19
File name / Threat / Threats count
C:\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.bvop 1
Selected area has been scanned.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 7:25:53.42 on Mon 04/12/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.200 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINXPHM\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXPHM\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXPHM\system32\spoolsv.exe
C:\WINXPHM\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXPHM\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINXPHM\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINXPHM\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINXPHM\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINXPHM\system32\wscntfy.exe
C:\WINXPHM\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.safer-networking.org/en/index.html
mStart Page = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [IgfxTray] c:\winxphm\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winxphm\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IMJPMIG8.1] "c:\winxphm\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\winxphm\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\winxphm\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winxphm\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www.collarme.com/chat
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238990141514
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winxphm\system32\drivers\avgldx86.sys [2009-4-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\winxphm\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winxphm\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\winxphm\system32\vsdatant.sys [2009-4-6 353672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 297752]
R3 P0630VID;Creative WebCam Live!;c:\winxphm\system32\drivers\P0630Vid.sys [2009-12-20 91841]
S2 vsmon;TrueVector Internet Monitor;c:\winxphm\system32\zonelabs\vsmon.exe -service --> c:\winxphm\system32\zonelabs\vsmon.exe -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
=============== Created Last 30 ================
2010-04-11 16:27:53 0 d-sha-r- C:\cmdcons
2010-04-11 16:25:46 98816 ----a-w- c:\winxphm\sed.exe
2010-04-11 16:25:46 77312 ----a-w- c:\winxphm\MBR.exe
2010-04-11 16:25:46 261632 ----a-w- c:\winxphm\PEV.exe
2010-04-11 16:25:46 161792 ----a-w- c:\winxphm\SWREG.exe
2010-04-06 21:56:34 0 d-----w- c:\program files\TrendMicro
2010-04-06 01:42:16 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-06 01:41:52 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-04-06 01:41:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 21:05:58 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-04-05 21:05:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-05 21:05:35 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-04-05 20:59:40 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-05 20:50:42 2388895 ----a-w- C:\MGtools.exe
2010-04-05 20:24:18 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-04-05 19:59:53 0 d-----w- c:\program files\CCleaner
2010-04-05 12:34:40 0 d-----w- c:\winxphm\pss
2010-04-05 11:30:22 73728 ----a-w- c:\winxphm\system32\javacpl.cpl
2010-04-03 10:52:54 0 ----a-w- c:\winxphm\00xjvpiu0b1azkr19b978mu8.ini
==================== Find3M ====================
2010-04-05 11:29:59 411368 ----a-w- c:\winxphm\system32\deploytk.dll
2010-03-11 12:38:54 832512 ------w- c:\winxphm\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\winxphm\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\winxphm\system32\corpol.dll
2010-02-23 22:26:53 161296 ----a-w- c:\winxphm\system32\drivers\tmcomm.sys
2007-02-23 05:08:08 925696 ----a-w- c:\program files\GSpot.exe
2007-02-20 00:28:02 117974 -c--a-r- c:\program files\GSpot27.dat
2007-01-17 07:37:50 3615 -c--a-r- c:\program files\license.txt
2007-01-17 07:37:50 10684 -c--a-r- c:\program files\ExportFormat.txt
2005-12-26 05:24:22 895488 ----a-w- c:\program files\iview397.exe
2005-12-26 04:36:09 900277 ----a-w- c:\program files\HYDEIST music room.EXE
============= FINISH: 7:27:03.28 ===============
Attach log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/5/2009 7:20:48 PM
System Uptime: 4/12/2010 7:23:33 AM (0 hours ago)
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.20GHz | Microprocessor | 2192/400mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 74 GiB total, 13.544 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP373: 3/3/2010 7:06:58 AM - System Checkpoint
RP374: 3/4/2010 7:45:01 AM - System Checkpoint
RP375: 3/5/2010 8:37:03 AM - System Checkpoint
RP376: 3/6/2010 8:43:34 AM - System Checkpoint
RP377: 3/7/2010 9:43:34 AM - System Checkpoint
RP378: 3/8/2010 10:55:34 AM - System Checkpoint
RP379: 3/9/2010 5:55:28 AM - Avg8 Update
RP380: 3/10/2010 6:17:00 AM - System Checkpoint
RP381: 3/11/2010 12:00:24 AM - Software Distribution Service 3.0
RP382: 3/12/2010 12:44:33 AM - System Checkpoint
RP383: 3/13/2010 3:20:34 AM - System Checkpoint
RP384: 3/14/2010 6:32:51 AM - System Checkpoint
RP385: 3/15/2010 7:40:37 AM - System Checkpoint
RP386: 3/16/2010 10:47:41 AM - System Checkpoint
RP387: 3/17/2010 11:47:28 AM - System Checkpoint
RP388: 3/18/2010 1:26:56 PM - System Checkpoint
RP389: 3/18/2010 11:41:47 PM - Avg8 Update
RP390: 3/18/2010 11:44:08 PM - Avg8 Update
RP391: 3/20/2010 12:40:47 AM - System Checkpoint
RP392: 3/21/2010 1:53:14 AM - System Checkpoint
RP393: 3/22/2010 3:54:36 AM - System Checkpoint
RP394: 3/23/2010 6:31:41 AM - System Checkpoint
RP395: 3/24/2010 7:57:22 AM - System Checkpoint
RP396: 3/25/2010 8:28:49 AM - System Checkpoint
RP397: 3/26/2010 10:53:55 AM - System Checkpoint
RP398: 3/27/2010 11:28:51 AM - System Checkpoint
RP399: 3/28/2010 12:28:52 PM - System Checkpoint
RP400: 3/29/2010 1:28:50 PM - System Checkpoint
RP401: 3/30/2010 2:24:31 PM - System Checkpoint
RP402: 3/30/2010 11:55:20 PM - Software Distribution Service 3.0
RP403: 4/1/2010 1:13:32 AM - System Checkpoint
RP404: 4/2/2010 1:47:32 AM - System Checkpoint
RP405: 4/3/2010 4:13:55 AM - System Checkpoint
RP406: 4/4/2010 4:42:08 AM - System Checkpoint
RP407: 4/5/2010 4:12:31 AM - Removed Java(TM) 6 Update 13
RP408: 4/5/2010 4:29:47 AM - Installed Java(TM) 6 Update 19
RP409: 4/5/2010 2:05:33 PM - Installed SUPERAntiSpyware Free Edition
RP410: 4/6/2010 2:56:32 PM - Installed HiJackThis
RP411: 4/7/2010 3:27:25 PM - System Checkpoint
RP412: 4/8/2010 4:27:19 PM - System Checkpoint
RP413: 4/9/2010 5:27:19 PM - System Checkpoint
RP414: 4/10/2010 6:27:24 PM - System Checkpoint
==== Installed Programs ======================
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Advanced Video FX Utility
AVG 8.5
BCM V.92 56K Modem
CCleaner
Creative Photo Manager
Creative WebCam Center
Creative WebCam Live! Driver (1.02.03.0606)
Creative WebCam Live! User's Guide (English)
ERUNT 1.1j
Foxit Reader
Get Yahoo! Messenger
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 19
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SightSpeed (remove only)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VLC media player 1.0.5
WebCam Live! Product Registration
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall
ZoneAlarm
==== Event Viewer Messages From Past Week ========
4/5/2010 4:14:57 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
==== End Of File ===========================