Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojandownloader:win32/zlob


  • This topic is locked This topic is locked
16 replies to this topic

#1 richard1336

richard1336

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 22 November 2008 - 02:22 PM

trojandownloader:win32/zlob
hi, i have recently been experiencing sudden extreme lagging, unresponsive clicks, and sudden error messages.
i have Norton internet security, spy ware detector, max registry cleaner, mrt (malicious removal tool) from Microsoft, and windows defender.
i ran all these programs, and only windows defender actually picked up this Trojan called trojandownloader:win32/zlob, and it quarantined it, but cant remove it.
I don't know what to do, and it would be really nice to have my computer back again =[.
please help me, anything you recommend ill try, i"m very desperate.
thanks in advance, thunder1336.

here is my hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:02 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Browser Fix\HiJackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKUS\S-1-5-21-854245398-1958367476-1417001333-1011\..\Run: [Aim6] (User 'Parents')
O4 - HKUS\S-1-5-21-854245398-1958367476-1417001333-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Amanda')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9018 bytes

BC AdBot (Login to Remove)

 


#2 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 25 November 2008 - 10:15 AM

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Absence of symptoms does not mean that everything is clear.
NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe
MRU Master of Malware Removal University

Member of UNITE and ASAP

#3 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 25 November 2008 - 12:19 PM

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender
Note: Once your log is clean you can re-enable Windows Defender Real Time Protection.


Remove HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.....;/www.yahoo.com
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.
OTListIt
  • Please download OTListIt and save it to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop
  • Double click on OTListIt.exe to run it. OK any warning about running OTListIt.
  • Place a checkmark in the Scan All Users checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  • Click on Run Scan.

    NOTE: Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file OTListIt.txt will open in Notepad (if not, it can be found on your Desktop).
  • In Notepad, click Edit > Select all then Edit > Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log.
  • Submit your reply and close the Notepad window with OTList.txt
  • Also OTListIt's Extras.txt log file will be minimised in the Taskbar (and located on your Desktop) - click on this and maximise the window
  • In Notepad, click Edit > Select all then Edit > Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log
Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • OTListIt.txt Log
  • OTListIt's Extras.txt log

MRU Master of Malware Removal University

Member of UNITE and ASAP

#4 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 25 November 2008 - 04:39 PM

OTListIt logfile created on: 11/25/2008 4:37:12 PM - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Rich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.29 Mb Total Physical Memory | 91.46 Mb Available Physical Memory | 36.98% Memory free
606.29 Mb Paging File | 458.42 Mb Available in Paging File | 75.61% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.97 Gb Free Space | 84.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-7FC9B47D1
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/15 18:45:00 | 07,676,528 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/11/25 16:31:37 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/04/10 16:27:11 | 00,366,712 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Stopped])
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Stopped])
[2007/08/22 03:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/25 16:01:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
[2008/09/05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Stopped])
[2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Stopped])
[2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Stopped])
[2008/02/05 17:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/11/21 23:19:42 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services ==========

[2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
[2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
[2007/08/08 19:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Stopped])
[2008/11/20 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
[2008/11/20 04:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/03/09 20:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2003/03/09 20:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2003/03/09 20:31:02 | 00,021,456 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/08/20 15:26:00 | 00,737,874 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2004/08/03 17:41:36 | 00,606,684 | ---- | M] (LT) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped])
[2008/02/05 17:18:12 | 00,689,176 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2008/02/05 17:20:08 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Stopped])
[2008/02/05 21:20:40 | 00,628,760 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS [On_Demand | Stopped])
[2008/02/05 21:21:25 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2008/11/20 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081125.004\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
[2008/11/20 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081125.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
[2008/02/05 21:17:26 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter [On_Demand | Stopped])
[2008/02/05 21:17:37 | 02,570,520 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2008/11/17 15:11:06 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/11/17 15:11:08 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/11/17 15:11:04 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2008/08/06 17:38:42 | 00,011,264 | ---- | M] (Max Secure Software) -- C:\Program Files\SpywareDetector\SDAntiRtKt.sys -- (SDAntiRtKt [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/09/05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Stopped])
[2008/01/31 20:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Stopped])
[2008/01/31 20:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/01/31 20:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Stopped])
[2008/06/13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Stopped])
[2008/11/25 13:20:16 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2008/06/13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Stopped])
[2008/06/13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Stopped])
[2008/10/03 15:34:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20081121.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/06/13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/06/13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Stopped])
[2008/06/13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2008/06/13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Stopped])
[2008/11/22 18:16:52 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Stopped])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
HKU\S-1-5-21-854245398-1958367476-1417001333-1015\S-1-5-21-854245398-1958367476-1417001333-1015\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (288678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 9947 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO (Max Secure Software)
O4 - HKLM..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (Max Secure Software www.maxpcsecure.com)
O4 - HKLM..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO (Max Secure Software Pvt. Ltd.)
O4 - HKLM..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO (Max Secure Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1958367476-1417001333-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key does not exist or could not be opened. File not found
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - bwfile-8876480 - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
SDNotify: "DllName" = C:\Program Files\SpywareDetector\SDNotify.dll -- C:\Program Files\SpywareDetector\SDNotify.dll (Max Secure Software)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,C:\WINDOWS\system32\geBuvvwU,
>File not found --

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/02 15:51:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/25 16:32:00 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTListIt.exe
[2008/11/25 12:01:18 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/25 11:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/25 11:59:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/25 11:59:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/25 11:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/11/25 11:53:13 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/25 11:52:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/25 11:48:28 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/23 17:35:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\SUPERAntiSpyware.com
[2008/11/23 17:11:41 | 00,000,000 | -HSD | C] -- C:\found.003
[2008/11/23 16:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Apple Computer
[2008/11/23 14:47:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\My Documents\LimeWire
[2008/11/23 14:43:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\LimeWire
[2008/11/23 14:43:14 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to LimeWire.lnk
[2008/11/23 14:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\acccore
[2008/11/23 14:37:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Local Settings\Application Data\AOL OCP
[2008/11/23 14:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Local Settings\Application Data\AOL
[2008/11/23 13:54:56 | 00,026,861 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color5-2.jpg
[2008/11/23 13:54:48 | 00,009,275 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color8.jpg
[2008/11/23 13:54:45 | 00,008,703 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color6.jpg
[2008/11/23 13:54:43 | 00,008,577 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color56.jpg
[2008/11/23 13:54:41 | 00,008,561 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color45.jpg
[2008/11/23 13:54:38 | 00,009,609 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color29.jpg
[2008/11/23 13:53:06 | 00,008,245 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\Color25.jpg
[2008/11/23 12:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Desktop\Richie
[2008/11/23 12:02:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Desktop\SmitfraudFix
[2008/11/23 11:44:44 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/11/23 11:44:44 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/11/23 11:44:44 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/11/23 11:33:42 | 01,581,247 | ---- | C] () -- C:\Documents and Settings\Rich\Desktop\SmitfraudFix.exe
[2008/11/23 11:05:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Sun
[2008/11/23 10:51:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Macromedia
[2008/11/23 10:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Adobe
[2008/11/23 10:49:45 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\IconCache.db
[2008/11/23 10:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Symantec
[2008/11/23 10:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Mozilla
[2008/11/23 10:32:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Local Settings\Application Data\Mozilla
[2008/11/23 10:31:42 | 00,064,368 | ---- | C] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/23 10:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Local Settings\Application Data\Apple Computer
[2008/11/23 10:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Application Data\Identities
[2008/11/23 10:29:39 | 00,000,075 | -HS- | C] () -- C:\Documents and Settings\Rich\My Documents\desktop.ini
[2008/11/23 10:27:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rich\Application Data\desktop.ini
[2008/11/23 10:27:20 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Rich\Start Menu\Programs\Startup\desktop.ini
[2008/11/23 10:27:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Rich\Application Data\Microsoft
[2008/11/23 10:27:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rich\Local Settings\Application Data\Microsoft
[2008/11/23 10:27:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rich\My Documents\My Music
[2008/11/23 10:27:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Rich\My Documents\My Pictures
[2008/11/22 22:11:31 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/22 22:11:31 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/22 22:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/22 19:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/11/22 19:42:10 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/11/22 19:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/11/22 18:19:07 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/22 17:58:00 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/11/22 17:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/22 16:41:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/11/22 16:16:37 | 00,003,002 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/22 16:14:06 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/11/22 16:14:06 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/11/22 16:14:06 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/11/22 16:14:06 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/11/22 16:14:06 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/11/22 16:14:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/11/22 13:15:50 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2008/11/21 23:33:45 | 00,000,624 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Richie.job
[2008/11/21 23:26:09 | 00,002,007 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/11/21 23:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2008/11/21 23:19:50 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2008/11/21 23:17:06 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/11/21 23:17:05 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/11/21 23:17:05 | 00,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/11/21 23:17:05 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/11/21 23:16:31 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/11/21 23:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/11/21 23:07:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/11/21 23:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/11/21 20:28:37 | 00,000,123 | ---- | C] () -- C:\WINDOWS\System\SysSD.dll
[2008/11/21 20:26:11 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2008/11/21 20:26:10 | 00,012,752 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.exe
[2008/11/21 20:26:10 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2008/11/21 20:25:46 | 01,024,000 | ---- | C] (Max Secure Software) -- C:\WINDOWS\System32\CheckDll.dll
[2008/11/21 20:25:43 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareDetector
[2008/11/21 20:03:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\MaxSecureBackup
[2008/11/21 20:03:00 | 00,000,123 | ---- | C] () -- C:\WINDOWS\System\SYSRegC.dll
[2008/11/21 20:00:47 | 00,143,360 | ---- | C] (MaxSecure Software) -- C:\WINDOWS\System32\GetHardDiskNo.dll
[2008/11/21 20:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\Max Registry Cleaner
[2008/11/21 19:01:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/11/21 18:40:27 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/11/21 18:36:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2008/11/21 17:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/20 19:39:42 | 00,000,408 | ---- | C] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2008/11/20 19:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2008/11/20 19:38:08 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2008/11/15 22:31:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/11/15 21:54:54 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2008/11/15 19:17:39 | 00,002,473 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2008/11/15 19:17:39 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2008/11/15 19:17:39 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2008/11/15 19:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2008/11/15 19:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2008/11/15 19:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2008/11/11 17:17:10 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/11 17:16:54 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/04 23:33:26 | 00,000,000 | ---D | C] -- C:\TestZip


========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/25 16:34:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/25 16:31:37 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rich\Desktop\OTListIt.exe
[2008/11/25 15:54:10 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SYSRegC.dll
[2008/11/25 15:36:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/11/25 15:34:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/25 13:20:16 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/11/25 13:20:16 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/11/25 13:20:16 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/11/25 13:20:15 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/11/25 12:01:18 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/25 11:53:15 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/25 11:48:29 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/24 20:00:00 | 00,000,624 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Richie.job
[2008/11/23 19:23:58 | 00,003,002 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/23 19:22:44 | 00,288,678 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/23 18:47:26 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\IconCache.db
[2008/11/23 14:43:14 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Shortcut to LimeWire.lnk
[2008/11/23 13:54:56 | 00,026,861 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color5-2.jpg
[2008/11/23 13:54:48 | 00,009,275 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color8.jpg
[2008/11/23 13:54:45 | 00,008,703 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color6.jpg
[2008/11/23 13:54:43 | 00,008,577 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color56.jpg
[2008/11/23 13:54:41 | 00,008,561 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color45.jpg
[2008/11/23 13:54:38 | 00,009,609 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color29.jpg
[2008/11/23 13:53:09 | 00,008,245 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\Color25.jpg
[2008/11/23 11:35:45 | 01,581,247 | ---- | M] () -- C:\Documents and Settings\Rich\Desktop\SmitfraudFix.exe
[2008/11/23 10:31:42 | 00,064,368 | ---- | M] () -- C:\Documents and Settings\Rich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/23 10:30:39 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\Rich\My Documents\desktop.ini
[2008/11/22 22:11:31 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/22 22:11:31 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/22 19:42:10 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/11/22 18:16:52 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/22 14:33:55 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll
[2008/11/21 23:26:10 | 00,002,007 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/11/21 20:27:27 | 00,000,110 | ---- | M] () -- C:\WINDOWS\System32\SDEarlyDelete.ini
[2008/11/21 19:00:09 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2008/11/21 18:34:50 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/21 00:21:37 | 00,000,389 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/20 19:39:46 | 00,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2008/11/15 22:33:20 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/15 22:33:19 | 00,468,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/15 22:33:19 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/15 19:32:50 | 00,288,746 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081116-060340.backup
[2008/11/15 19:22:20 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2008/11/15 19:17:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2008/11/15 19:17:39 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2008/11/12 18:36:58 | 01,024,000 | ---- | M] (Max Secure Software) -- C:\WINDOWS\System32\CheckDll.dll
[2008/11/12 17:14:04 | 00,012,752 | ---- | M] () -- C:\WINDOWS\System32\SDEarlyDelete.exe
[2008/11/12 15:16:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 14:45:30 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >



OTListIt Extras logfile created on: 11/25/2008 4:37:12 PM - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Rich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.29 Mb Total Physical Memory | 91.46 Mb Available Physical Memory | 36.98% Memory free
606.29 Mb Paging File | 458.42 Mb Available in Paging File | 75.61% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.97 Gb Free Space | 84.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-7FC9B47D1
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/07/28 21:56:09 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
File not found -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/03/25 15:21:28 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/09/18 13:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/05/10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/07/28 21:56:09 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
File not found -- C:\Program Files\SwiftKit\SwiftKit.exe:*:Enabled:SwiftKit
File not found -- C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet
File not found -- C:\Program Files\XoftSpySE\XoftSpy.exe:*:Enabled:XoftSpySE
[2008/11/19 09:37:48 | 02,643,312 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe:*:Enabled:Anti-Spyware
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{29C7744D-B76F-4FE7-8A06-ECD38840116B}" = SymNet
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"a-squared Free_is1" = a-squared Free 3.0
"FileASSASSIN" = FileASSASSIN
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"LimeWire" = LimeWire 4.18.8
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Max Registry Cleaner_is1" = Max Registry Cleaner
"Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareDetector_is1" = Spyware Detector
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"Unlocker" = Unlocker 1.8.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/23/2008 6:04:29 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
quicktime.qts, version 7.50.61.0, fault address 0x00034fd7.

Error - 11/23/2008 6:04:41 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module
quicktime.qts, version 7.50.61.0, fault address 0x00034fd7.

Error - 11/24/2008 4:45:21 PM | Computer Name = OWNER-7FC9B47D1 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Amanda\Local Settings\Application
Data\Apple\Apple Software Update\iTunes.msi is not permitted due to an error in
software restriction policy processing. The object cannot be trusted.

Error - 11/24/2008 5:42:30 PM | Computer Name = OWNER-7FC9B47D1 | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 11/24/2008 5:55:45 PM | Computer Name = OWNER-7FC9B47D1 | Source = MsiInstaller | ID = 1013
Description = Product: iTunes -- The installation of QuickTime did not complete
successfully. iTunes requires QuickTime.

Error - 11/24/2008 6:21:51 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application applemobiledevicehelper.exe, version 7.8.420.0,
faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000372e3.

Error - 11/24/2008 6:21:51 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application applemobiledevicehelper.exe, version 7.8.420.0,
faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0006478e.

Error - 11/24/2008 6:21:51 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application applemobiledevicehelper.exe, version 7.8.420.0,
faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0006478e.

Error - 11/24/2008 6:22:05 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Error | ID = 1000
Description = Faulting application applemobiledevicehelper.exe, version 7.8.420.0,
faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/25/2008 12:35:47 PM | Computer Name = OWNER-7FC9B47D1 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.6.2.9, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/24/2008 4:25:18 PM | Computer Name = OWNER-7FC9B47D1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/24/2008 4:25:21 PM | Computer Name = OWNER-7FC9B47D1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/24/2008 4:35:22 PM | Computer Name = OWNER-7FC9B47D1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 11/24/2008 8:12:15 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 11/25/2008 4:12:05 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/25/2008 4:12:06 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/25/2008 4:37:37 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/25/2008 4:37:37 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/25/2008 5:35:28 PM | Computer Name = OWNER-7FC9B47D1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/25/2008 5:36:26 PM | Computer Name = OWNER-7FC9B47D1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SASDIFSV SASKUTIL SPBBCDrv SRTSPX SYMTDI


< End of report >


i ran it in safe mode because its faster, idk if thats a problem or not

#5 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 28 November 2008 - 05:36 PM

Hello!

i ran it in safe mode because its faster, idk if thats a problem or not


It should have been run in normal mode. I will ask if any tools should be run in safe mode.


Do you know what this file is: C:\TestZip


P2P Warning!

LimeWire 4.18.8

I understand that downloading music and other files may be important to you; however, the P2P programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., copyrighted material, pirated software, and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

An often unanticipated and unintended consequence of using p2p programs is that you may be leaving your computer open to access by others without either your knowledge or consent. I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. This is how you can uninstall it/them:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    LimeWire 4.18.8
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

If you wish to keep them, you MUST NOT use them until your computer is clean.



Remove programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    J2SE Runtime Environment 5.0 Update 12
    Java™ 6 Update 5
    Java™ 6 Update 6
    Java™ 6 Update 7
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Posted Image
  • Backup your registry to the default location
Note: To restore your registry, go to the folder and start ERDNT.exe


OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
:files
C:\WINDOWS\system32\geBuvvwU
C:\WINDOWS\System32\tmp.reg
C:\found.003
:commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3
Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.
Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving

MRU Master of Malware Removal University

Member of UNITE and ASAP

#6 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 28 November 2008 - 08:34 PM

idk y i would have to remove javascript from my computer, but if u say so..
also, i choose to keep limewire, because i know that my spyware isnt from it.
also, idk what that testzip is

Edited by richard1336, 28 November 2008 - 08:50 PM.


#7 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 29 November 2008 - 10:16 AM

idk y i would have to remove javascript from my computer, but if u say so..
also, i choose to keep limewire, because i know that my spyware isnt from it.


Those Java entries we are removing are outdated and they are a security risk. You still have Java installed. This way we will only remove the outdated ones.

It is your choice if you want to keep using Limewire. DO NOT use it while we are cleaning your machine.

Please continue with the other fixes.
MRU Master of Malware Removal University

Member of UNITE and ASAP

#8 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 November 2008 - 08:13 PM

hi bio-hazard, i ran the online scanner and these are the results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 29, 2008 01:36:09
Records in database: 1424698
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 56136
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:30:52


File name / Threat name / Threats count
C:\Documents and Settings\Rich\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Rich\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

Also, i tried to run that OTMover, and it doesnt work for me. I start it up, put in the files to be moved as stated, and it just sits there for a very long time. I left it overnight one time also, about 12 hours, and it didnt work.


Here's my fresh HijackThis2 Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:43, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Browser Fix\HiJackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7317 bytes


Also, my computer is still very slow. It takes around 3-5 minutes to start-up.. and the first opening of a program takes around 6 minutes too.
Idk what to do, especially since i used a registry cleaner already, in hopes to clean it up...


Also, my system time is set to military time for some odd reason. For example, it's 20:45, instead of 8:45 P.M.
This has never happened before, and i was wondering if you knew how to change it back.
Thanks

Edited by richard1336, 30 November 2008 - 08:18 PM.


#9 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 03 December 2008 - 02:43 PM

Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.



Optional Fix

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  • Click Start
  • Click Control Panel
  • Double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Viewpoint component, click Remove.


    How to prevent it from being recreated every time you run the AOL software:
  • Open AOL
  • Go to Help on the toolbar
  • Select About AOL
  • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log

MRU Master of Malware Removal University

Member of UNITE and ASAP

#10 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 December 2008 - 07:46 PM

hi, i ran that combofix and got rid of viewpoint like you said.
my time is still set to military time.

here is my new hijakthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:50, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Browser Fix\HiJackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7220 bytes

I also looked for the log file of that combofix, and only found this...

ComboFix 08-12-02.02 - Parents 2008-12-03 17:47:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.33 [GMT -5:00]
Running from: C:\Documents and Settings\Parents\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Parents\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

It's at c:/combofix.txt just like you said, but i dont know if it's what you want.

My computer is considerably faster, but is still kind of slow at times.
Start up is much faster, same with regular program running.
Also, my system time is still set to military time; can you help me change it back to normal?
Thanks alot though, for what you did so far, you've saved my computer already

Edited by richard1336, 03 December 2008 - 08:03 PM.


#11 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 December 2008 - 09:46 PM

wtf.
it was just running really fast, now it has slower start up yet again, and very slow program starts...
idk what keeps happening to it.

#12 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 05 December 2008 - 03:09 AM

Hello!

Could you please rerun the ComboFix and post the log for me to see. Also please post a new Hijackthis log aswell.
MRU Master of Malware Removal University

Member of UNITE and ASAP

#13 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 05 December 2008 - 02:06 PM

ok, idk why it didnt have a log

#14 richard1336

richard1336
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 05 December 2008 - 05:58 PM

ComboFix 08-12-05.01 - Rich 2008-12-05 14:56:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.64 [GMT -5:00]
Running from: c:\documents and settings\Rich\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wuauclt.exe
.
---- Previous Run -------
.
c:\windows\BMffcc9df3.txt
c:\windows\BMffcc9df3.xml
c:\windows\system32\wuauclt.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-02 09:23 . 2008-12-02 09:23 <DIR> d-------- c:\documents and settings\Parents\Application Data\Symantec
2008-11-28 23:23 . 2008-11-28 23:23 <DIR> d-------- c:\program files\BillP Studios
2008-11-28 23:23 . 2008-11-28 23:23 <DIR> d-------- c:\documents and settings\Rich\Application Data\WinPatrol
2008-11-28 22:07 . 2008-11-28 22:07 <DIR> d-------- C:\_OTMoveIt
2008-11-28 22:01 . 2008-11-28 22:03 <DIR> d-------- c:\program files\ERUNT
2008-11-28 17:09 . 2008-11-28 23:03 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-25 16:05 . 2008-11-25 16:01 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-25 11:59 . 2008-11-25 12:00 <DIR> d-------- c:\program files\iTunes
2008-11-25 11:59 . 2008-11-25 11:59 <DIR> d-------- c:\program files\iPod
2008-11-25 11:59 . 2008-11-25 12:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 11:55 . 2008-11-25 11:55 <DIR> d-------- c:\program files\Bonjour
2008-11-25 11:52 . 2008-11-25 11:54 <DIR> d-------- c:\program files\QuickTime
2008-11-23 17:35 . 2008-11-23 17:35 <DIR> d-------- c:\documents and settings\Rich\Application Data\SUPERAntiSpyware.com
2008-11-23 17:18 . 2008-11-23 17:18 <DIR> d-------- c:\documents and settings\Amanda\Application Data\Symantec
2008-11-23 17:11 . 2008-11-23 17:11 <DIR> d--hs---- C:\found.003
2008-11-23 16:32 . 2008-11-23 16:32 <DIR> d-------- c:\documents and settings\Rich\Application Data\Apple Computer
2008-11-23 14:43 . 2008-11-28 20:16 <DIR> d-------- c:\documents and settings\Rich\Application Data\LimeWire
2008-11-23 14:38 . 2008-11-23 14:38 <DIR> d-------- c:\documents and settings\Rich\Application Data\acccore
2008-11-23 11:44 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-23 11:44 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-23 11:44 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-23 11:05 . 2008-11-27 15:57 31 --a------ c:\documents and settings\Rich\jagex_runescape_preferences.dat
2008-11-23 10:39 . 2008-11-23 10:39 <DIR> d-------- c:\documents and settings\Rich\Application Data\Symantec
2008-11-23 10:27 . 2008-11-23 11:05 <DIR> d-------- c:\documents and settings\Rich
2008-11-22 19:43 . 2008-11-22 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-22 19:41 . 2008-11-22 19:42 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-22 18:19 . 2008-11-22 18:16 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-22 17:58 . 2008-12-03 20:34 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-22 17:00 . 2008-12-03 21:36 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-22 16:41 . 2008-11-22 16:44 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-22 16:16 . 2008-11-23 19:23 3,002 --a------ c:\windows\system32\tmp.reg
2008-11-22 16:14 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 16:14 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 16:14 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 13:15 . 2008-11-22 22:36 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-22 09:32 . 2008-11-22 09:32 <DIR> d-------- c:\documents and settings\Mom\Application Data\Symantec
2008-11-21 23:22 . 2008-11-21 23:22 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-21 23:19 . 2008-11-21 23:24 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-21 23:17 . 2008-11-25 13:20 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-21 23:17 . 2008-11-25 13:20 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-21 23:17 . 2008-11-25 13:20 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-21 23:17 . 2008-11-25 13:20 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-21 23:16 . 2008-11-25 13:20 <DIR> d-------- c:\program files\Symantec
2008-11-21 23:16 . 2008-11-25 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-21 23:07 . 2008-12-05 15:04 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-21 23:01 . 2008-11-21 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-21 20:28 . 2008-12-05 14:33 123 --a------ c:\windows\system\SysSD.dll
2008-11-21 20:26 . 2008-11-12 17:14 12,752 --a------ c:\windows\system32\SDEarlyDelete.exe
2008-11-21 20:26 . 2008-11-21 20:27 110 --a------ c:\windows\system32\SDEarlyDelete.ini
2008-11-21 20:26 . 2005-02-06 09:02 104 --a------ c:\windows\system32\ProxySettings.ini
2008-11-21 20:25 . 2008-11-24 16:13 <DIR> d-------- c:\program files\SpywareDetector
2008-11-21 20:25 . 2008-11-12 18:36 1,024,000 --a------ c:\windows\system32\CheckDll.dll
2008-11-21 20:03 . 2008-11-21 20:03 <DIR> d-------- c:\windows\MaxSecureBackup
2008-11-21 20:03 . 2008-12-03 19:56 123 --a------ c:\windows\system\SYSRegC.dll
2008-11-21 20:00 . 2008-11-21 20:40 <DIR> d-------- c:\program files\Max Registry Cleaner
2008-11-21 20:00 . 2007-05-24 16:57 143,360 --a------ c:\windows\system32\GetHardDiskNo.dll
2008-11-21 19:01 . 2008-11-21 19:01 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-21 17:49 . 2008-12-03 21:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-20 19:39 . 2008-11-20 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-11-20 19:38 . 2008-11-20 19:38 <DIR> d-------- c:\program files\ParetoLogic
2008-11-15 22:31 . 2008-11-22 18:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 21:54 . 2008-11-21 20:25 <DIR> d-------- c:\program files\XoftSpySE
2008-11-15 19:17 . 2008-11-15 19:17 0 --ah----- c:\windows\SwSys2.bmp
2008-11-15 19:17 . 2008-11-15 19:17 0 --ah----- c:\windows\SwSys1.bmp
2008-11-11 17:17 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:16 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-29 02:58 --------- d-----w c:\program files\Java
2008-11-25 16:59 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 16:47 --------- d-----w c:\program files\Apple Software Update
2008-11-24 23:45 --------- d-----w c:\documents and settings\Amanda\Application Data\LimeWire
2008-11-24 22:20 --------- d-----w c:\program files\LimeWire
2008-11-23 17:57 --------- d-----w c:\program files\SwiftKit
2008-11-23 03:49 --------- d-----w c:\program files\Common Files\Intuit
2008-11-22 16:11 30 ----a-w c:\documents and settings\Mom\jagex_runescape_preferences.dat
2008-11-22 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 19:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-06 03:35 24 ----a-w c:\documents and settings\Parents\jagex_runescape_preferences.dat
2008-07-21 16:34 0 ----a-w c:\documents and settings\Amanda\jagex_runescape_preferences.dat
2008-08-24 18:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2008-11-12 1148368]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-10-14 17:02 462848 c:\program files\SpywareDetector\SDNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-02-13 12:02 564496 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-02-13 12:06 2196240 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
--a------ 2008-11-12 17:13 1926608 c:\program files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\ParetoLogic\\Anti-Spyware\\Pareto_AS.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-25 149352]
R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [2008-11-21 1193424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-23 99376]
R3 SDActMon;SDActMon;\??\c:\program files\SpywareDetector\SDActMon.sys [2008-11-21 20352]
S1 acpii;acpii;c:\windows\system32\drivers\acpii.sys []
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 SDAntiRtKt;SDAntiRtKt;\??\c:\program files\SpywareDetector\SDAntiRtKt.sys [2008-11-21 11264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d054daae-0fea-11dd-b4dc-000c6ef1c97d}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-22 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-12-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1207404645.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2008-11-25 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Richie.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]

2008-11-21 c:\windows\Tasks\Pareto UNS.job
- c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FireFox -: Profile - c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\c12iljpj.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 17:41:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\SpywareDetector\SDNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-05 17:49:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 22:49:36

Pre-Run: 67,928,104,960 bytes free
Post-Run: 67,926,716,416 bytes free

231 --- E O F --- 2008-11-12 20:25:41


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:21, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Browser Fix\HiJackThis2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-854245398-1958367476-1417001333-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Amanda')
O4 - HKUS\S-1-5-21-854245398-1958367476-1417001333-1012\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Amanda')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7742 bytes

#15 Bio-Hazard

Bio-Hazard

  • Members
  • 258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornwall, UK
  • Local time:08:39 AM

Posted 09 December 2008 - 03:48 AM

Flash Disinfector
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Run CFScript
  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:
File::
c:\windows\system32\tmp.reg

Folder::
f:\resycled

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d054daae-0fea-11dd-b4dc-000c6ef1c97d}]

Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.

Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
[/quote]
MRU Master of Malware Removal University

Member of UNITE and ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users