Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

MalwareBytes Anti-Malware Download

> Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


DO NOT RUN ComboFix unless requested to.


Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V  < 1 2  
Closed TopicStart new topic
> Google Search Results Redirected, Unknown Cause, cannot boot safemode.
schrauber
post Dec 19 2009, 04:56 PM
Post #16


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,486
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hi,


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable at mondays and thursdays!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
Shizoku
post Dec 19 2009, 06:23 PM
Post #17


New Member
*

Group: Members
Posts: 11
Joined: 30-November 09
Member No.: 409,710
I can't get passed 25% on the scan. It keeps getting stuck. No threats up to that point.

Edit: I think the crashing might be overheating... It was really hot in my room because of the heater tonight and I crashed like 4 or 5 times in an hour while playing a game (usually only crashes 1 or 2 times in a day, if even).

This post has been edited by Shizoku: Dec 20 2009, 03:47 AM
Go to the top of the page
 
+Quote Post
schrauber
post Dec 20 2009, 04:23 AM
Post #18


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,486
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Please try it again and do not make anything else with the system while the scan is running.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable at mondays and thursdays!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
Shizoku
post Dec 20 2009, 05:15 PM
Post #19


New Member
*

Group: Members
Posts: 11
Joined: 30-November 09
Member No.: 409,710
I finally got it to work in IE instead of Firefox.

C:\Qoobox\Quarantine\C\WINDOWS\system32\1000.exe.vir Win32/TrojanDownloader.FakeAlert.ZY trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\998.exe.vir Win32/TrojanDownloader.FakeAlert.ZY trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\KuzSmall.exe.vir Win32/TrojanDownloader.Small.OHD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuzSniper.exe.vir a variant of Win32/Kryptik.MT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\_twex_.exe.zip Win32/Spy.Zbot.GN trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF virus deleted - quarantined
C:\WINDOWS\system32\ahegeyop.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\aligirew.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ehokasel.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\eluhiyut.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\erabizuv.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\erehazak.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\ibobeliz.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\iketehih.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\upugeron.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
Go to the top of the page
 
+Quote Post
schrauber
post Dec 22 2009, 12:13 PM
Post #20


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,486
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hi,

How is your system running? Please post back with a fresh RSIT logfile, and set the time to scan up to 3 month please.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable at mondays and thursdays!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
Shizoku
post Dec 23 2009, 01:02 AM
Post #21


New Member
*

Group: Members
Posts: 11
Joined: 30-November 09
Member No.: 409,710
Hi Tom,

The system looks pretty good. My only problem is blue screen while playing online game. Usually PC gets noisy at the time. It gives me many different messages. Last one says BAD_POOL_CALLER, but I lost the stop number. Other than that (which happens 1 or 2 times a day) my system have no problems.

New Log with 3 months:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-23 00:59:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 80 GB (34%) free of 234 GB
Total RAM: 1918 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:38 AM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Apache\Apache 2.2\bin\httpd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Apache\Apache 2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Documents and Settings\Owner.SHIZOKU\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\Owner.exe

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.SHIZOKU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.SHIZOKU\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ctcive.ap.org/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache\Apache 2.2\bin\httpd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Webroot Spy Sweeper ?E?F?u???[?g ?X?p?C ?X?E?B?[?p?[ ?G?“?W?“ (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8401 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3880739418-187157816-220240927-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3880739418-187157816-220240927-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-26 90112]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-12 98304]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Owner.SHIZOKU\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-12-23 00:59:30 ----D---- C:\Program Files\trend micro
2009-12-19 17:01:51 ----D---- C:\Program Files\ESET
2009-12-19 15:11:29 ----D---- C:\Program Files\FFXI Calculator
2009-12-18 22:32:57 ----SHD---- C:\RECYCLER
2009-12-18 22:25:04 ----D---- C:\rsit
2009-12-17 17:30:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-17 14:46:45 ----A---- C:\ComboFix.txt
2009-12-09 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-06 17:41:17 ----D---- C:\Program Files\Windows Journal Viewer
2009-12-03 03:00:44 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-12-03 03:00:38 ----D---- C:\Config.Msi
2009-12-02 18:49:39 ----A---- C:\WINDOWS\MAXLINK.INI
2009-12-02 18:49:27 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-12-02 18:49:00 ----D---- C:\Program Files\ScanSoft
2009-12-02 18:47:54 ----D---- C:\Program Files\ArcSoft
2009-12-02 18:47:54 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-12-02 18:39:04 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-12-02 18:38:57 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-12-02 18:38:53 ----A---- C:\WINDOWS\system32\cnco160.dll
2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCL160.DLL
2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCI160.DLL
2009-12-02 18:38:52 ----A---- C:\WINDOWS\system32\CNCC160.DLL
2009-12-02 18:38:48 ----HD---- C:\Program Files\CanonBJ
2009-12-02 09:53:47 ----A---- C:\WINDOWS\imsins.BAK
2009-11-29 21:32:20 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-29 21:32:07 ----A---- C:\rapport.txt
2009-11-29 08:17:45 ----D---- C:\Program Files\MSSOAP
2009-11-29 08:17:12 ----D---- C:\Program Files\Webroot
2009-11-29 08:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2009-11-29 08:17:12 ----A---- C:\WINDOWS\WRSetup.dll
2009-11-29 06:59:48 ----A---- C:\Boot.bak
2009-11-29 06:59:34 ----RASHD---- C:\cmdcons
2009-11-29 06:54:59 ----A---- C:\WINDOWS\MBR.exe
2009-11-29 03:16:52 ----D---- C:\Program Files\Mozilla Firefox
2009-11-28 22:33:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-11-28 22:13:01 ----N---- C:\WINDOWS\system32\IJRMF.exe
2009-11-26 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 03:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-12 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-06 12:00:28 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2009-11-06 12:00:20 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2009-11-04 14:02:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-04 14:02:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-04 14:02:28 ----A---- C:\WINDOWS\system32\java.exe
2009-11-01 06:02:30 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-01 06:02:30 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-01 06:02:30 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-31 15:17:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-31 15:16:54 ----D---- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2009-10-31 15:16:50 ----D---- C:\Program Files\Windows Live
2009-10-31 15:16:49 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2009-10-14 04:12:47 ----D---- C:\WINDOWS\ie8updates
2009-10-14 02:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 02:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 02:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 02:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 02:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 02:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 02:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 02:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 02:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-14 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-07 18:51:32 ----D---- C:\Netgear
2009-10-06 00:37:29 ----D---- C:\Program Files\Veoh Networks
2009-09-27 18:52:46 ----D---- C:\Program Files\NVIDIA Corporation
2009-09-27 18:52:41 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-09-27 18:51:46 ----D---- C:\NVIDIA
2009-09-27 10:12:44 ----HDC---- C:\WINDOWS\ie8
2009-09-27 10:10:19 ----D---- C:\1f3f82d61fbf581b2f99b42074f75565

======List of files/folders modified in the last 3 months======

2009-12-23 00:59:30 ----RD---- C:\Program Files
2009-12-22 23:31:11 ----D---- C:\Program Files\Trillian
2009-12-22 16:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-22 12:17:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-22 03:01:10 ----SHD---- C:\WINDOWS\Installer
2009-12-22 03:01:09 ----D---- C:\WINDOWS\system32
2009-12-22 03:01:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-22 03:01:04 ----D---- C:\WINDOWS\Temp
2009-12-21 21:55:53 ----D---- C:\WINDOWS
2009-12-21 21:55:53 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2009-12-21 21:55:45 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\WTablet
2009-12-21 21:55:44 ----D---- C:\WINDOWS\Registration
2009-12-21 03:01:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-20 03:02:19 ----D---- C:\WINDOWS\Minidump
2009-12-19 17:08:08 ----D---- C:\Program Files\Common Files
2009-12-19 15:42:44 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\uTorrent
2009-12-18 22:35:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-18 22:35:24 ----D---- C:\WINDOWS\system32\drivers
2009-12-18 22:14:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-17 20:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2009-12-17 14:46:48 ----D---- C:\Qoobox
2009-12-17 14:37:54 ----A---- C:\WINDOWS\system.ini
2009-12-17 14:26:29 ----D---- C:\WINDOWS\AppPatch
2009-12-17 14:20:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-17 12:43:03 ----D---- C:\Program Files\KParser
2009-12-17 12:17:03 ----D---- C:\WINDOWS\Help
2009-12-17 12:16:00 ----HD---- C:\WINDOWS\inf
2009-12-17 12:15:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-16 13:19:38 ----SHD---- C:\System Volume Information
2009-12-16 13:19:38 ----D---- C:\WINDOWS\system32\Restore
2009-12-09 22:54:07 ----A---- C:\WINDOWS\PEV.exe
2009-12-09 03:26:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:04:44 ----D---- C:\Program Files\Internet Explorer
2009-12-09 03:04:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 03:00:22 ----D---- C:\WINDOWS\Debug
2009-12-08 17:22:21 ----D---- C:\Program Files\Fraps
2009-12-02 18:58:55 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Canon
2009-12-02 18:49:36 ----D---- C:\WINDOWS\WinSxS
2009-12-02 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-12-02 18:47:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-02 18:47:28 ----D---- C:\Program Files\Canon
2009-12-02 18:38:56 ----D---- C:\WINDOWS\twain_32
2009-12-02 18:03:27 ----D---- C:\Program Files\msn
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-29 10:09:43 ----D---- C:\MGtools
2009-11-29 07:14:39 ----D---- C:\WINDOWS\ERDNT
2009-11-29 06:59:49 ----RASH---- C:\boot.ini
2009-11-29 03:38:45 ----D---- C:\WINDOWS\Prefetch
2009-11-29 03:15:40 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Mozilla
2009-11-28 22:33:02 ----SD---- C:\WINDOWS\Tasks
2009-11-28 22:07:13 ----D---- C:\Program Files\Firefox
2009-11-04 14:02:24 ----D---- C:\Program Files\Java
2009-10-29 02:45:38 ----N---- C:\WINDOWS\system32\wininet.dll
2009-10-29 02:45:37 ----N---- C:\WINDOWS\system32\occache.dll
2009-10-29 02:45:37 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 02:45:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 02:45:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 02:45:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 02:45:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 02:45:34 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-10-29 02:45:34 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 02:45:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 02:45:32 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 09:40:47 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-14 04:15:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 04:15:46 ----D---- C:\WINDOWS\Media
2009-10-14 02:20:07 ----RSD---- C:\WINDOWS\assembly
2009-10-14 02:17:35 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 08:38:19 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 08:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-10 18:38:36 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Macromedia
2009-09-24 22:09:45 ----D---- C:\Documents and Settings\Owner.SHIZOKU\Application Data\Audacity

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-10-19 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-10-19 9464]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-10 12160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-12 8552]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-26 3644800]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 catchme;catchme; \??\C:\KittyFix\catchme.sys []
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Apache2.2;Apache2.2; C:\Program Files\Apache\Apache 2.2\bin\httpd.exe [2007-09-05 24635]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-05-12 172032]
R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2009-03-26 2789672]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
S2 WebrootSpySweeperService;Webroot Spy Sweeper ウェブルート スパイ スウィーパー エンジン; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-09-22 68096]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-05-17 98672]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-05-16 228208]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
schrauber
post Dec 23 2009, 10:57 AM
Post #22


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,486
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hi,


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.




  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.







Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean smile.gif



Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.



Follow this list and your potential for being infected again will reduce dramatically.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable at mondays and thursdays!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
schrauber
post Dec 28 2009, 07:42 AM
Post #23


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,486
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable at mondays and thursdays!

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »
 

2 Pages V  < 1 2
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 29th July 2010 - 09:23 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.