Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.vundo problem


  • This topic is locked This topic is locked
17 replies to this topic

#1 gunkadin

gunkadin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 03 December 2008 - 11:43 AM

The last couple of days I've had serious problems with my PC, starting with very slow internet and then going to constant pop ups from spysweeper saying things like this " IEXPLORE.EXE is attempting to install zowotida.dll on your computer" when I hit block another spysweeper pop up comes up saying another .exe is trying trying to install the same .dll, then another and so on. Malwarebytes shows a trojan.vundo but doesn't seem to remove it, after rebooting problem still exists. Super antispyware finds Adware.Vundo Variant.BHO. The problem seems to be in the \system32 file. I am running Windows XP Version 2002 service pack 2
Thanks for your help guys!

Malwarebytes log

Malwarebytes' Anti-Malware 1.28
Database version: 1233
Windows 5.1.2600 Service Pack 2

12/3/2008 10:17:22 AM
mbam-log-2008-12-03 (10-17-14).txt

Scan type: Quick Scan
Objects scanned: 54313
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jowotizu.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c458b5f-5387-428f-b667-85070ceebbc0} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c458b5f-5387-428f-b667-85070ceebbc0} (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84f65727 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\joyasanafo (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jowotizu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uzitowoj.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\robudiki.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ikidubor.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zilivihi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ihiviliz.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\difiwazi.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\fefiweta.dll (Trojan.Agent) -> No action taken.




RSIT ino
info.txt logfile of random's system information tool 1.04 2008-12-03 09:03:29

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Registry Optimizer-->"C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
AMF CD and DVD Label Maker-->C:\Program Files\AMF Software\CD and DVD Label Maker\Uninstall.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Channel Master-->"C:\Program Files\SharpC\Channel Master\uninstall.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
KeyProwler Pro Version-->MsiExec.exe /I{A6297093-E4C1-40F8-AEB6-104DD3BD4EAF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memorial Folder Program-->MsiExec.exe /X{222754BC-48A1-42CD-BFDF-3020D127DBEF}
Memory Keepsake Programs-->MsiExec.exe /X{05A213F6-C93B-4540-A73D-5344BEB9B2E0}
MFP Frame Designer-->MsiExec.exe /X{61D06CFC-9BA2-4BF7-A851-6DA521BBC6DE}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Omni-Bot 0.7 STABLE-->C:\Program Files\Omni-Bot\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picture Frame Urn Designer v1-->"C:\Program Files\BMP_Pic_Frame_Urn\unins000.exe"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic CinePlayer-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD Studio-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Super Collapse! 3-->C:\PROGRA~1\YAHOO!~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\SUPERC~1\INSTALL.LOG
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro Antivirus-->MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB919803-->"C:\WINDOWS\$NtUninstallKB919803$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log

======Security center information======

FW: (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------


RSIT LOG

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-03 09:03:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 182 GB (60%) free of 301 GB
Total RAM: 1918 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:27 AM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0c458b5f-5387-428f-b667-85070ceebbc0} - C:\WINDOWS\system32\difiwazi.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe] "C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\CritProc.exe" /R
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [joyasanafo] Rundll32.exe "C:\WINDOWS\system32\fefiweta.dll",s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [84f65727] rundll32.exe "C:\WINDOWS\system32\jowotizu.dll",b
O4 - HKLM\..\Run: [CPM87c564bb] Rundll32.exe "c:\windows\system32\zowotida.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AROReminder] "C:\Program Files\Advanced Registry Optimizer\aro.exe" -rem
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [joyasanafo] Rundll32.exe "C:\WINDOWS\system32\fefiweta.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [joyasanafo] Rundll32.exe "C:\WINDOWS\system32\fefiweta.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188667974718
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - AppInit_DLLs: c:\windows\system32\patadosu.dll C:\WINDOWS\system32\hujufutu.dll c:\windows\system32\zowotida.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - [SASInprocServer32] (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - [SASInprocServer32] (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8680 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c458b5f-5387-428f-b667-85070ceebbc0}]
C:\WINDOWS\system32\difiwazi.dll [2008-09-02 63540]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-08-27 139264]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"pccguide.exe"=C:\Program Files\Trend Micro\Antivirus\pccguide.exe [2004-02-17 950337]
"PCClient.exe"=C:\Program Files\Trend Micro\Antivirus\PCClient.exe [2004-02-17 634949]
"TM Outbreak Agent"=C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe [2004-02-17 290816]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-25 122939]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe"=C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\CritProc.exe /R []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-24 185896]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"joyasanafo"=C:\WINDOWS\system32\fefiweta.dll [2008-09-02 63540]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 4865600]
"84f65727"=C:\WINDOWS\system32\jowotizu.dll [2008-12-03 85557]
"CPM87c564bb"=c:\windows\system32\zowotida.dll [2008-12-03 94773]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\aro.exe [2007-07-23 2084480]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-08-21 2173888]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200691120138_mcappins.exe [2005-07-01 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200691120137_mcinfo.exe [2005-07-01 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-24 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2008-10-28 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\patadosu.dll C:\WINDOWS\system32\hujufutu.dll c:\windows\system32\zowotida.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-03-01 233024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - [SASInprocServer32] []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - [SASInprocServer32] []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\hujufutu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:NMSAccessU"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1138900111\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1138900111\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Disabled:ET"
"E:\Wolfenstein - Enemy Territory\ETDED.exe"="E:\Wolfenstein - Enemy Territory\ETDED.exe:*:Disabled:ETDED"
"C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe:*:Disabled:ETDED"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Explorer"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dc25a7-aa59-11dc-9053-0040ca962873}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c9b1211-a5ab-11da-bc95-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d068e5c1-940c-11da-8f89-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2008-12-03 09:03:15 ----D---- C:\rsit
2008-12-03 07:53:36 ----SH---- C:\WINDOWS\system32\uzitowoj.ini
2008-12-02 09:30:57 ----D---- C:\Program Files\Citrix
2008-12-02 04:04:58 ----SH---- C:\WINDOWS\system32\ihiviliz.ini
2008-12-02 03:04:55 ----SH---- C:\WINDOWS\system32\ikidubor.ini
2008-12-01 18:55:13 ----A---- C:\WINDOWS\vxvbma.txt
2008-12-01 14:38:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37:49 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-01 14:37:49 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-30 15:04:17 ----SH---- C:\WINDOWS\system32\avelimak.ini
2008-11-20 16:33:46 ----D---- C:\Program Files\MagicISO
2008-11-17 16:02:01 ----D---- C:\Program Files\AMF Software
2008-11-17 14:43:28 ----D---- C:\CloneDVDTemp
2008-11-17 13:09:37 ----D---- C:\Documents and Settings\Owner\Application Data\DVD Flick
2008-11-17 13:07:04 ----D---- C:\Documents and Settings\Owner\Application Data\ImgBurn
2008-11-17 13:06:30 ----D---- C:\Program Files\ImgBurn
2008-11-17 13:05:43 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2008-11-17 13:05:39 ----D---- C:\Program Files\DVD Flick
2008-11-17 10:35:26 ----D---- C:\Program Files\uTorrent
2008-11-17 10:35:24 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-11-17 10:31:37 ----D---- C:\ConverterOutput
2008-11-17 10:29:59 ----A---- C:\Cucu_Video_log.txt
2008-11-17 10:26:32 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-11-17 10:26:32 ----A---- C:\WINDOWS\system32\libmplayer.dll
2008-11-17 10:26:32 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2008-11-17 10:26:32 ----A---- C:\WINDOWS\system32\libavcodec.dll
2008-11-17 10:26:29 ----D---- C:\Program Files\Cucusoft
2008-11-17 09:39:24 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-11-17 09:32:51 ----D---- C:\Program Files\SlySoft
2008-11-17 09:31:24 ----D---- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-11-17 09:31:18 ----ASH---- C:\WINDOWS\S0E070C4E.tmp
2008-11-17 09:26:48 ----D---- C:\Program Files\Elaborate Bytes
2008-11-15 10:33:08 ----D---- C:\Documents and Settings\Owner\Application Data\Publish Providers
2008-11-15 10:32:50 ----D---- C:\Documents and Settings\Owner\Application Data\Sony
2008-11-15 10:29:59 ----D---- C:\Program Files\Vstplugins
2008-11-15 10:29:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-15 10:29:38 ----D---- C:\Program Files\Sony
2008-11-15 10:26:49 ----D---- C:\Program Files\Sony Setup

======List of files/folders modified in the last 1 months======

2008-12-03 09:03:27 ----D---- C:\Program Files\Trend Micro
2008-12-03 09:03:20 ----D---- C:\WINDOWS\Temp
2008-12-03 09:02:20 ----D---- C:\WINDOWS\Prefetch
2008-12-03 08:52:12 ----D---- C:\WINDOWS\system32
2008-12-03 08:45:43 ----D---- C:\MFP
2008-12-03 08:37:48 ----AD---- C:\WINDOWS
2008-12-03 08:06:18 ----D---- C:\Videos
2008-12-03 07:53:31 ----ASH---- C:\WINDOWS\system32\zowotida.dll
2008-12-03 07:53:31 ----ASH---- C:\WINDOWS\system32\jowotizu.dll
2008-12-02 09:30:57 ----RD---- C:\Program Files
2008-12-02 09:14:30 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2008-12-02 09:13:26 ----D---- C:\WINDOWS\Registration
2008-12-02 09:13:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 08:26:39 ----D---- C:\Program Files\Memory Keepsake Programs
2008-12-02 04:04:57 ----ASH---- C:\WINDOWS\system32\zilivihi.dll
2008-12-02 04:04:57 ----ASH---- C:\WINDOWS\system32\nibiweju.dll
2008-12-02 03:04:47 ----N---- C:\WINDOWS\system32\robudiki.dll
2008-12-02 03:04:47 ----ASH---- C:\WINDOWS\system32\vowowono.dll
2008-12-01 23:06:18 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-01 19:36:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 19:26:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 18:55:13 ----D---- C:\WINDOWS\system32\drivers
2008-12-01 15:04:44 ----A---- C:\WINDOWS\system32\patadosu23.dll
2008-12-01 14:38:04 ----SHD---- C:\WINDOWS\Installer
2008-12-01 14:38:04 ----HD---- C:\Config.Msi
2008-12-01 14:37:25 ----D---- C:\Program Files\Common Files
2008-11-30 18:32:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-30 15:04:16 ----ASH---- C:\WINDOWS\system32\yefanopa.dll
2008-11-30 03:04:10 ----ASH---- C:\WINDOWS\system32\lotibuye.dll
2008-11-29 15:04:02 ----ASH---- C:\WINDOWS\system32\nijopido.dll
2008-11-29 03:03:33 ----ASH---- C:\WINDOWS\system32\tuwasobu.dll
2008-11-28 15:03:27 ----ASH---- C:\WINDOWS\system32\selusifi.dll
2008-11-28 03:03:20 ----ASH---- C:\WINDOWS\system32\tenapobu.dll
2008-11-27 15:03:13 ----ASH---- C:\WINDOWS\system32\sugujuhe.dll
2008-11-27 03:03:07 ----ASH---- C:\WINDOWS\system32\pirabumo.dll
2008-11-26 15:03:05 ----ASH---- C:\WINDOWS\system32\fubirave.dll
2008-11-24 13:04:49 ----D---- C:\WINDOWS\system
2008-11-19 17:06:28 ----D---- C:\WINDOWS\Minidump
2008-11-19 17:06:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-17 17:25:42 ----A---- C:\WINDOWS\leadsrvr.ini
2008-11-17 14:34:19 ----D---- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-11-15 10:27:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-15 10:27:19 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2004-02-17 14976]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-25 25691]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-25 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-25 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-25 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-25 85978]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-25 14235]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-25 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-25 98650]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-25 100603]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-09-07 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-09-07 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-09-07 1195448]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-14 99648]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2005-12-14 160256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-03-01 21056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-10 42496]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2006-01-10 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2006-01-10 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-28 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 71360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-24 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-02-02 172032]
R2 Tmntsrv;Trend NT Realtime Service; C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe [2004-02-17 241737]
R2 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Antivirus\tmproxy.exe [2004-02-17 204873]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-01 3379264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 05 December 2008 - 01:55 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Post me these logs in your next reply..

1. SDFix
2. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 09 December 2008 - 09:21 AM

Sorry it has taken me a bit to get back, the PC being worked on is my work PC and I wasn't able to do anything over the weekend. I have nothing to post yet because the SDfix is still running, its been almost 24 hours since I started it, is this normal?? The screen says " Checking running processes and services" and the cursor is blinking below that. I know scans can take awhile but is it normal for this program to take so long or have I done something wrong?

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 09 December 2008 - 09:54 AM

Close SDFix and proceed with ComboFix step.. If ComboFix refuse to run, rename it to CombosUBs and run it again.. Post the log in your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 09 December 2008 - 01:44 PM

here is the combofix log



ComboFix 08-12-07.04 - Owner 2008-12-09 12:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1467 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\maintenance\CombosUBs.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ajigosim.ini
c:\windows\system32\avelimak.ini
c:\windows\system32\bajibuli.dll
c:\windows\system32\buwihafo.dll
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\dejufedu.dll
c:\windows\system32\dufizige.dll
c:\windows\system32\ebovovil.ini
c:\windows\system32\eyemanig.ini
c:\windows\system32\fihijazo.dll
c:\windows\system32\fubirave.dll
c:\windows\system32\gesulodu.dll
c:\windows\system32\ginameye.dll
c:\windows\system32\gurabimi.dll
c:\windows\system32\hajulofi.dll
c:\windows\system32\ifolujah.ini
c:\windows\system32\imibarug.ini
c:\windows\system32\iyefitov.ini
c:\windows\system32\kirenalo.dll
c:\windows\system32\livovobe.dll
c:\windows\system32\lotibuye.dll
c:\windows\system32\misogija.dll
c:\windows\system32\nibiweju.dll
c:\windows\system32\nidenefe.dll
c:\windows\system32\nijopido.dll
c:\windows\system32\owidipip.ini
c:\windows\system32\pipidiwo.dll
c:\windows\system32\pirabumo.dll
c:\windows\system32\ranuvozo.dll
c:\windows\system32\rigiwoti.dll
c:\windows\system32\segukiho.dll
c:\windows\system32\selusifi.dll
c:\windows\system32\sipikuze.dll
c:\windows\system32\sugujuhe.dll
c:\windows\system32\tenapobu.dll
c:\windows\system32\tuwasobu.dll
c:\windows\system32\urazedoz.ini
c:\windows\system32\votifeyi.dll
c:\windows\system32\vowowono.dll
c:\windows\system32\wusosogo.dll
c:\windows\system32\yefanopa.dll
c:\windows\system32\yehifuni.dll
c:\windows\system32\yerofata.dll
c:\windows\system32\zodezaru.dll
c:\windows\system32\zopimiwo.dll
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-09 12:04 . 2008-12-09 12:27 <DIR> d-------- C:\ComboFix
2008-12-09 04:10 . 2008-12-09 04:10 2,098 ---hs---- c:\windows\system32\sadezaji.exe
2008-12-08 09:38 . 2008-12-08 09:38 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-08 09:28 . 2008-12-08 09:28 <DIR> d-------- c:\windows\ERUNT
2008-12-08 09:27 . 2008-12-08 13:40 <DIR> d-------- C:\SDFix
2008-12-07 20:39 . 2008-12-07 20:39 2,098 ---hs---- c:\windows\system32\turisumi.dll
2008-12-07 20:39 . 2008-12-07 20:39 2,098 ---hs---- c:\windows\system32\lonulozo.dll
2008-12-04 11:27 . 2008-12-04 13:30 <DIR> d-------- c:\program files\exPressit S.E. 2.2
2008-12-03 13:21 . 2004-08-10 13:00 4,639 --a--c--- c:\windows\system32\dllcache\mplayer2.exe
2008-12-03 13:02 . 2008-12-03 13:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\SuperAdBlocker.com
2008-12-03 12:37 . 2008-12-03 12:37 <DIR> d-------- C:\VundoFix Backups
2008-12-03 12:22 . 2008-12-03 13:19 <DIR> d-------- c:\program files\SuperAdBlocker.com
2008-12-03 09:03 . 2008-12-03 09:03 <DIR> d-------- C:\rsit
2008-12-03 08:45 . 2008-12-03 08:54 <DIR> d-------- c:\documents and settings\Owner\.SunDownloadManager
2008-12-02 09:30 . 2008-12-04 16:00 <DIR> d-------- c:\program files\Citrix
2008-12-02 09:30 . 2008-12-02 09:30 60,744 --a------ c:\documents and settings\Owner\g2mdlhlpx.exe
2008-12-01 18:55 . 2008-12-01 18:55 61,440 --a------ c:\windows\system32\drivers\gpcqzzs.sys
2008-12-01 14:38 . 2008-12-01 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37 . 2008-12-03 10:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-01 14:37 . 2008-12-03 12:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 14:37 . 2008-12-01 14:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-24 13:04 . 2008-12-04 11:20 5,000 --a------ c:\windows\system\COM64.DLL
2008-11-20 16:33 . 2008-12-01 19:06 <DIR> d-------- c:\program files\MagicISO
2008-11-17 16:02 . 2008-11-17 16:20 <DIR> d-------- c:\program files\AMF Software
2008-11-17 14:43 . 2008-11-17 14:43 <DIR> d-------- C:\CloneDVDTemp
2008-11-17 13:09 . 2008-12-01 12:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\DVD Flick
2008-11-17 13:07 . 2008-11-17 13:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImgBurn
2008-11-17 13:06 . 2008-11-17 13:06 <DIR> d-------- c:\program files\ImgBurn
2008-11-17 13:05 . 2008-11-17 13:05 <DIR> d-------- c:\program files\DVD Flick
2008-11-17 13:05 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-11-17 13:05 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-11-17 13:05 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-11-17 13:05 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-11-17 10:35 . 2008-11-17 10:35 <DIR> d-------- c:\program files\uTorrent
2008-11-17 10:35 . 2008-12-08 08:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent
2008-11-17 10:31 . 2008-11-17 12:35 <DIR> d-------- C:\ConverterOutput
2008-11-17 10:26 . 2008-11-17 10:26 <DIR> d-------- c:\program files\Cucusoft
2008-11-17 10:26 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2008-11-17 10:26 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2008-11-17 10:26 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2008-11-17 10:26 . 2003-03-30 20:08 372,736 --a------ c:\windows\system32\xvid.ax
2008-11-17 10:26 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2008-11-17 10:26 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2008-11-17 10:26 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2008-11-17 09:39 . 2008-11-17 09:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SlySoft
2008-11-17 09:32 . 2008-11-17 09:32 <DIR> d-------- c:\program files\SlySoft
2008-11-17 09:31 . 2008-11-17 09:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Elaborate Bytes
2008-11-17 09:31 . 2008-11-17 09:31 24 --ahs---- c:\windows\S0E070C4E.tmp
2008-11-17 09:26 . 2008-11-17 09:26 <DIR> d-------- c:\program files\Elaborate Bytes
2008-11-15 10:33 . 2008-11-15 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2008-11-15 10:32 . 2008-11-15 11:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Vstplugins
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-15 10:26 . 2008-11-15 10:26 <DIR> d-------- c:\program files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-05 22:38 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-03 15:03 --------- d-----w c:\program files\Trend Micro
2008-12-02 14:26 --------- d-----w c:\program files\Memory Keepsake Programs
2008-11-19 23:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 20:34 --------- d-----w c:\documents and settings\Owner\Application Data\CyberLink
2008-10-24 15:02 --------- d-----w c:\program files\Common Files\xing shared
2008-10-24 15:00 --------- d-----w c:\program files\Common Files\Real
2008-10-20 20:00 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-10-15 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-13 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\SysMon
2008-10-09 16:37 --------- d-----w c:\program files\Omni-Bot
2008-08-12 20:49 982 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-09-06 01:38 93,696 --sha-w c:\windows\system32\fupilito.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-07-23 2084480]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-08-21 2173888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"SuperAdBlocker"="c:\program files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 1564672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185896]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-06-06 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 18:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-24 08:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CDBurnerXP\\NMSAccessU.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Trend Micro\\Antivirus\\PCClient.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 32256]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-03-05 205328]
R2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Antivirus\Tmntsrv.exe" [2004-02-17 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2004-03-05 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2004-02-17 204873]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S1 SABDIFSV;SABDIFSV;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-06 38528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dc25a7-aa59-11dc-9053-0040ca962873}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c9b1211-a5ab-11da-bc95-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d068e5c1-940c-11da-8f89-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []
.
- - - - ORPHANS REMOVED - - - -

BHO-{0c458b5f-5387-428f-b667-85070ceebbc0} - c:\windows\system32\yehifuni.dll
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKLM-Run-c:\program files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe - c:\program files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\CritProc.exe
MSConfigStartUp-Cleanup - c:\docume~1\Owner\LOCALS~1\Temp\200691120138_mcappins.exe
MSConfigStartUp-msci - c:\docume~1\Owner\LOCALS~1\Temp\200691120137_mcinfo.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
uInternet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lm5oave.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 12:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WRLogonNTF.dll
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-12-09 12:37:52 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-09 18:37:45

Pre-Run: 182,902,067,200 bytes free
Post-Run: 183,595,188,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

317

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 10 December 2008 - 12:06 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
gpcqzzs

File::
c:\windows\system32\sadezaji.exe
c:\windows\system32\turisumi.dll
c:\windows\system32\lonulozo.dll
c:\windows\system32\drivers\gpcqzzs.sys
c:\windows\system32\fupilito.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dc25a7-aa59-11dc-9053-0040ca962873}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c9b1211-a5ab-11da-bc95-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d068e5c1-940c-11da-8f89-806d6172696f}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 10 December 2008 - 09:24 AM

combofix log


ComboFix 08-12-07.04 - Owner 2008-12-10 8:06:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1473 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\maintenance\CombosUBs.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\windows\system32\drivers\gpcqzzs.sys
c:\windows\system32\fupilito.dll
c:\windows\system32\lonulozo.dll
c:\windows\system32\sadezaji.exe
c:\windows\system32\turisumi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\windows\system32\drivers\gpcqzzs.sys
c:\windows\system32\fupilito.dll
c:\windows\system32\lonulozo.dll
c:\windows\system32\sadezaji.exe
c:\windows\system32\turisumi.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 12:04 . 2008-12-09 12:27 <DIR> d-------- C:\ComboFix
2008-12-08 09:38 . 2008-12-08 09:38 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-08 09:28 . 2008-12-08 09:28 <DIR> d-------- c:\windows\ERUNT
2008-12-08 09:27 . 2008-12-08 13:40 <DIR> d-------- C:\SDFix
2008-12-04 11:27 . 2008-12-04 13:30 <DIR> d-------- c:\program files\exPressit S.E. 2.2
2008-12-03 13:21 . 2004-08-10 13:00 4,639 --a--c--- c:\windows\system32\dllcache\mplayer2.exe
2008-12-03 13:02 . 2008-12-03 13:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\SuperAdBlocker.com
2008-12-03 12:37 . 2008-12-03 12:37 <DIR> d-------- C:\VundoFix Backups
2008-12-03 12:22 . 2008-12-03 13:19 <DIR> d-------- c:\program files\SuperAdBlocker.com
2008-12-03 09:03 . 2008-12-03 09:03 <DIR> d-------- C:\rsit
2008-12-03 08:45 . 2008-12-03 08:54 <DIR> d-------- c:\documents and settings\Owner\.SunDownloadManager
2008-12-02 09:30 . 2008-12-04 16:00 <DIR> d-------- c:\program files\Citrix
2008-12-02 09:30 . 2008-12-02 09:30 60,744 --a------ c:\documents and settings\Owner\g2mdlhlpx.exe
2008-12-01 14:38 . 2008-12-01 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37 . 2008-12-03 10:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-01 14:37 . 2008-12-03 12:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 14:37 . 2008-12-01 14:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-24 13:04 . 2008-12-04 11:20 5,000 --a------ c:\windows\system\COM64.DLL
2008-11-20 16:33 . 2008-12-01 19:06 <DIR> d-------- c:\program files\MagicISO
2008-11-17 16:02 . 2008-11-17 16:20 <DIR> d-------- c:\program files\AMF Software
2008-11-17 14:43 . 2008-11-17 14:43 <DIR> d-------- C:\CloneDVDTemp
2008-11-17 13:09 . 2008-12-01 12:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\DVD Flick
2008-11-17 13:07 . 2008-11-17 13:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImgBurn
2008-11-17 13:06 . 2008-11-17 13:06 <DIR> d-------- c:\program files\ImgBurn
2008-11-17 13:05 . 2008-11-17 13:05 <DIR> d-------- c:\program files\DVD Flick
2008-11-17 13:05 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-11-17 13:05 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-11-17 13:05 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-11-17 13:05 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-11-17 10:35 . 2008-11-17 10:35 <DIR> d-------- c:\program files\uTorrent
2008-11-17 10:35 . 2008-12-08 08:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent
2008-11-17 10:31 . 2008-11-17 12:35 <DIR> d-------- C:\ConverterOutput
2008-11-17 10:26 . 2008-11-17 10:26 <DIR> d-------- c:\program files\Cucusoft
2008-11-17 10:26 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2008-11-17 10:26 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2008-11-17 10:26 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2008-11-17 10:26 . 2003-03-30 20:08 372,736 --a------ c:\windows\system32\xvid.ax
2008-11-17 10:26 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2008-11-17 10:26 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2008-11-17 10:26 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2008-11-17 09:39 . 2008-11-17 09:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SlySoft
2008-11-17 09:32 . 2008-11-17 09:32 <DIR> d-------- c:\program files\SlySoft
2008-11-17 09:31 . 2008-11-17 09:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Elaborate Bytes
2008-11-17 09:31 . 2008-11-17 09:31 24 --ahs---- c:\windows\S0E070C4E.tmp
2008-11-17 09:26 . 2008-11-17 09:26 <DIR> d-------- c:\program files\Elaborate Bytes
2008-11-15 10:33 . 2008-11-15 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2008-11-15 10:32 . 2008-11-15 11:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Vstplugins
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-15 10:26 . 2008-11-15 10:26 <DIR> d-------- c:\program files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 22:16 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-03 15:03 --------- d-----w c:\program files\Trend Micro
2008-12-02 14:26 --------- d-----w c:\program files\Memory Keepsake Programs
2008-11-19 23:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 20:34 --------- d-----w c:\documents and settings\Owner\Application Data\CyberLink
2008-10-24 15:02 --------- d-----w c:\program files\Common Files\xing shared
2008-10-24 15:00 --------- d-----w c:\program files\Common Files\Real
2008-10-20 20:00 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-10-15 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-13 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\SysMon
2008-08-12 20:49 982 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_12.37.11.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 22:37:52 201,440 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2008-12-09 22:15:48 201,440 ----a-w c:\windows\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-07-23 2084480]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-08-21 2173888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"SuperAdBlocker"="c:\program files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 1564672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185896]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 18:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-24 08:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CDBurnerXP\\NMSAccessU.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Trend Micro\\Antivirus\\PCClient.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 32256]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-03-05 205328]
R2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Antivirus\Tmntsrv.exe" [2004-02-17 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2004-03-05 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2004-02-17 204873]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S1 SABDIFSV;SABDIFSV;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-06 38528]
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
uInternet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lm5oave.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:10:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-12-10 8:15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 14:15:19
ComboFix2.txt 2008-12-09 18:37:53

Pre-Run: 183,563,816,960 bytes free
Post-Run: 183,573,360,640 bytes free

256





hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:48 AM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AROReminder] "C:\Program Files\Advanced Registry Optimizer\aro.exe" -rem
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188667974718
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Super Ad Blocker (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7851 bytes

Edited by gunkadin, 10 December 2008 - 09:28 AM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 10 December 2008 - 01:27 PM

Looks good.. Lets do some scans..



Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me, how is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 11 December 2008 - 10:17 AM

My computer is definetly running a lot better, not having the constant pop ups of .dll files trying to be installled, I did notice that both of these scans showed infection, anyway, logs poosted below. Thank you so much for all the help you have been giving me!



MBAM log

Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 2

12/11/2008 7:56:37 AM
mbam-log-2008-12-11 (07-56-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118384
Time elapsed: 31 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\fubirave.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ginameye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gurabimi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hajulofi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\livovobe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\misogija.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pipidiwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pirabumo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sugujuhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tenapobu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\votifeyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wusosogo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zodezaru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP796\A0048473.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP797\A0049564.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056777.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056779.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056784.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056791.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056792.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056804.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056808.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP806\A0056799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\febawoyi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.



Eset log

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3683 (20081211)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fb92c1ec5c12f04ca4e2f18f151310de
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-11 03:07:40
# local_time=2008-12-11 09:07:40 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=427314
# found=3
# scan_time=3060
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-282616fd-5a235975.class Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Owner\My Documents\Downloads\Twilight.DVDRIP.HDviD.2008.English\HDviDcodec.exe Win32/Adware.CiDHelp application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\nibiweju.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 11 December 2008 - 11:13 PM

Run ComboFix again and post me its fresh log for my final review :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 12 December 2008 - 09:15 AM

here is the combofix log.... thanks again!


ComboFix 08-12-11.05 - Owner 2008-12-12 7:59:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1453 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\maintenance\CombosUBs.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-11 08:14 . 2008-12-11 09:07 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-12-09 12:04 . 2008-12-09 12:27 <DIR> d-------- C:\ComboFix
2008-12-08 09:38 . 2008-12-08 09:38 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-08 09:28 . 2008-12-08 09:28 <DIR> d-------- c:\windows\ERUNT
2008-12-08 09:27 . 2008-12-08 13:40 <DIR> d-------- C:\SDFix
2008-12-04 11:27 . 2008-12-11 17:03 <DIR> d-------- c:\program files\exPressit S.E. 2.2
2008-12-03 13:21 . 2004-08-10 13:00 4,639 --a--c--- c:\windows\system32\dllcache\mplayer2.exe
2008-12-03 13:02 . 2008-12-03 13:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\SuperAdBlocker.com
2008-12-03 12:37 . 2008-12-03 12:37 <DIR> d-------- C:\VundoFix Backups
2008-12-03 12:22 . 2008-12-03 13:19 <DIR> d-------- c:\program files\SuperAdBlocker.com
2008-12-03 09:03 . 2008-12-03 09:03 <DIR> d-------- C:\rsit
2008-12-03 08:45 . 2008-12-03 08:54 <DIR> d-------- c:\documents and settings\Owner\.SunDownloadManager
2008-12-02 09:30 . 2008-12-04 16:00 <DIR> d-------- c:\program files\Citrix
2008-12-02 09:30 . 2008-12-02 09:30 60,744 --a------ c:\documents and settings\Owner\g2mdlhlpx.exe
2008-12-01 14:38 . 2008-12-01 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37 . 2008-12-03 10:20 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-01 14:37 . 2008-12-03 12:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 14:37 . 2008-12-01 14:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-24 13:04 . 2008-12-11 15:15 5,000 --a------ c:\windows\system\COM64.DLL
2008-11-20 16:33 . 2008-12-01 19:06 <DIR> d-------- c:\program files\MagicISO
2008-11-17 16:02 . 2008-11-17 16:20 <DIR> d-------- c:\program files\AMF Software
2008-11-17 14:43 . 2008-11-17 14:43 <DIR> d-------- C:\CloneDVDTemp
2008-11-17 13:09 . 2008-12-01 12:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\DVD Flick
2008-11-17 13:07 . 2008-11-17 13:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\ImgBurn
2008-11-17 13:06 . 2008-11-17 13:06 <DIR> d-------- c:\program files\ImgBurn
2008-11-17 13:05 . 2008-11-17 13:05 <DIR> d-------- c:\program files\DVD Flick
2008-11-17 13:05 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-11-17 13:05 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-11-17 13:05 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-11-17 13:05 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-11-17 10:35 . 2008-11-17 10:35 <DIR> d-------- c:\program files\uTorrent
2008-11-17 10:35 . 2008-12-08 08:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\uTorrent
2008-11-17 10:31 . 2008-11-17 12:35 <DIR> d-------- C:\ConverterOutput
2008-11-17 10:26 . 2008-11-17 10:26 <DIR> d-------- c:\program files\Cucusoft
2008-11-17 10:26 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2008-11-17 10:26 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2008-11-17 10:26 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2008-11-17 10:26 . 2003-03-30 20:08 372,736 --a------ c:\windows\system32\xvid.ax
2008-11-17 10:26 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2008-11-17 10:26 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2008-11-17 10:26 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2008-11-17 09:39 . 2008-11-17 09:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SlySoft
2008-11-17 09:32 . 2008-11-17 09:32 <DIR> d-------- c:\program files\SlySoft
2008-11-17 09:31 . 2008-11-17 09:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Elaborate Bytes
2008-11-17 09:31 . 2008-11-17 09:31 24 --ahs---- c:\windows\S0E070C4E.tmp
2008-11-17 09:26 . 2008-11-17 09:26 <DIR> d-------- c:\program files\Elaborate Bytes
2008-11-15 10:33 . 2008-11-15 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2008-11-15 10:32 . 2008-11-15 11:11 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Vstplugins
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\program files\Sony
2008-11-15 10:29 . 2008-11-15 10:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-15 10:26 . 2008-11-15 10:26 <DIR> d-------- c:\program files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-11 20:04 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-11 20:03 201,440 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-10 22:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 15:03 --------- d-----w c:\program files\Trend Micro
2008-12-03 13:53 85,557 ------w c:\windows\system32\jowotizu.dll
2008-12-02 14:26 --------- d-----w c:\program files\Memory Keepsake Programs
2008-11-19 23:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 20:34 --------- d-----w c:\documents and settings\Owner\Application Data\CyberLink
2008-10-24 15:02 --------- d-----w c:\program files\Common Files\xing shared
2008-10-24 15:00 --------- d-----w c:\program files\Common Files\Real
2008-10-24 14:58 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-24 14:58 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-20 20:00 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-10-15 16:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-13 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\SysMon
2008-08-12 20:49 982 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_12.37.11.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 21:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2007-08-03 00:11:28 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-03 00:11:14 241,664 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 19:17:40 19,456 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 17:10:34 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 17:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2007-07-23 2084480]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-08-21 2173888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]
"SuperAdBlocker"="c:\program files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 1564672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185896]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-08-26 18:14 36975 c:\program files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-24 08:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CDBurnerXP\\NMSAccessU.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\Program Files\\Trend Micro\\Antivirus\\PCClient.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 32256]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-03-05 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2004-03-05 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2004-02-17 204873]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S1 SABDIFSV;SABDIFSV;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 5632]
S2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Antivirus\Tmntsrv.exe" [2004-02-17 241737]
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 19:55]

2008-12-01 c:\windows\Tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5072
uInternet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 08:02:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2008-12-12 8:03:41
ComboFix-quarantined-files.txt 2008-12-12 14:02:58
ComboFix2.txt 2008-12-10 14:15:30
ComboFix3.txt 2008-12-09 18:37:53

Pre-Run: 183,343,005,696 bytes free
Post-Run: 183,376,326,656 bytes free

228

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 12 December 2008 - 09:42 AM

Not quite clean yet.. But a little bit more.. First we need to scan a file that I don't know its status...



Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system\COM64.DLL
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



Then, please find this file and delete it manually..


c:\windows\system32\jowotizu.dll



Post me VirScan result and tell me, whether you successfully delete the above file :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 15 December 2008 - 09:22 AM

Yes, I was able to manually delete the file, and here is the report you requested

Thanks! Mike






VirSCAN.org Scanned Report :
Scanned time : 2008/12/15 22:16:24 (CST)
Scanner results: All Scanners reported not find malware!
File Name : COM64.DLL
File Size : 5000 byte
File Type : data
MD5 : 5c0d17d6005a8e1e574d56c7fdecc6ff
SHA1 : f9e516f93404c09ab9d04341da4f660deb65c777
Online report : http://virscan.org/report/f2eaedff4b0819d1...f66a938e98.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081215200646 2008-12-15 5.73 -
AhnLab V3 2008.12.15.03 2008.12.15 2008-12-15 1.15 -
AntiVir 7.9.0.45 7.1.0.234 2008-12-15 1.63 -
Antiy 2.0.18 20081215.1838801 2008-12-15 0.13 -
Arcavir 1.0.5 200812131407 2008-12-13 1.20 -
Authentium 5.1.1 200812141733 2008-12-14 1.17 -
AVAST! 3.0.1 081215-1 2008-12-15 0.00 -
AVG 7.5.52.442 270.9.18/1849 2008-12-15 1.86 -
BitDefender 7.81008.2352088 7.22544 2008-12-15 2.31 -
CA (VET) 9.0.0.143 31.6.6261 2008-12-15 2.30 -
ClamAV 0.94.1 8760 2008-12-15 0.00 -
Comodo 3.0 754 2008-12-14 1.06 -
CP Secure 1.1.0.715 2008.12.15 2008-12-15 7.24 -
Dr.Web 4.44.0.9170 2008.12.15 2008-12-15 3.84 -
ewido 4.0.0.2 2008.12.15 2008-12-15 5.57 -
F-Prot 4.4.4.56 20081214 2008-12-14 1.16 -
F-Secure 5.51.6100 2008.12.15.05 2008-12-15 0.98 -
Fortinet 2.81-3.117 9.813 2008-12-13 0.64 -
GData 19.1925/19.147 20081215 2008-12-15 10.52 -
ViRobot 20081215 2008.12.15 2008-12-15 3.54 -
Ikarus T3.1.01.45 2008.12.15.72011 2008-12-15 3.73 -
JiangMin 11.0.706 2008.12.15 2008-12-15 3.21 -
Kaspersky 5.5.10 2008.12.15 2008-12-15 0.07 -
KingSoft 2008.9.8.18 2008.12.15.20 2008-12-15 5.79 -
McAfee 5.3.00 5464 2008-12-14 2.78 -
Microsoft 1.4205 2008.12.15 2008-12-15 8.82 -
mks_vir 2.01 2008.12.15 2008-12-15 2.62 -
Norman 5.93.01 5.93.00 2008-12-12 5.98 -
Panda 9.05.01 2008.12.14 2008-12-14 4.47 -
Trend Micro 8.700-1004 5.710.04 2008-12-15 0.03 -
Quick Heal 10.00 2008.12.15 2008-12-15 1.85 -
Rising 20.0 21.08.02.00 2008-12-15 1.09 -
Sophos 2.81.2 4.36 2008-12-15 1.99 -
Sunbelt 4754 4754 2008-12-10 3.77 -
Symantec 1.3.0.24 20081214.003 2008-12-14 0.06 -
nProtect 12-15-2008.03 2773539 12-15-2008 10.42 -
The Hacker 6.3.1.2 v00188 2008-12-14 0.49 -
VBA32 3.12.8.10 20081214.0937 2008-12-14 1.42 -
VirusBuster 4.5.11.10 10.95.7/730442 2008-12-14 0.96 -

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 15 December 2008 - 09:59 PM

Looks good.. Lets do an online scan to see what we might miss...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Run RSIT again.. Post me these logs in your next reply..

1. ESET Online
2. A fresh RSIT log.txt
3. Tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 gunkadin

gunkadin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 December 2008 - 10:42 AM

My computer has been running pretty good, here are the logs you asked for
Thanks, Mike :thumbsup:



ESET log

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3698 (20081217)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fb92c1ec5c12f04ca4e2f18f151310de
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-17 03:13:52
# local_time=2008-12-17 09:13:52 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=426689
# found=5
# scan_time=3060
C:\Qoobox\Quarantine\C\WINDOWS\system32\lotibuye.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\nijopido.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\selusifi.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuwasobu.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\yefanopa.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000






RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-17 09:32:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 139 GB (46%) free of 301 GB
Total RAM: 1918 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:48 AM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5072
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GM5072
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.0.1;192.168.2.1
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AROReminder] "C:\Program Files\Advanced Registry Optimizer\aro.exe" -rem
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188667974718
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Super Ad Blocker (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7851 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_E284B25627A14BFA8D73BCB602BA89E5.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-6C30-11D8-9363-000AE6309654}]
SuperAdBlockerBHO Class - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.DLL [2007-08-01 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-08-27 139264]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"pccguide.exe"=C:\Program Files\Trend Micro\Antivirus\pccguide.exe [2004-02-17 950337]
"PCClient.exe"=C:\Program Files\Trend Micro\Antivirus\PCClient.exe [2004-02-17 634949]
"TM Outbreak Agent"=C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe [2004-02-17 290816]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-25 122939]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-24 185896]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 4865600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\aro.exe [2007-07-23 2084480]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-08-21 2173888]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-15 1809648]
"SuperAdBlocker"=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [2007-08-01 1564672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-24 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2008-10-28 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-15 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-03-01 233024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:NMSAccessU"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Disabled:ET"
"C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe:*:Disabled:ETDED"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\system32\dla\tfswctrl.exe"="C:\WINDOWS\system32\dla\tfswctrl.exe:*:Enabled:tfswctrl"
"C:\Program Files\Trend Micro\Antivirus\PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe:*:Enabled:PCClient"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched"
"C:\Program Files\Digital Media Reader\readericon45G.exe"="C:\Program Files\Digital Media Reader\readericon45G.exe:*:Enabled:readericon45G"
"C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe:*:Enabled:Reader_sl"
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe:*:Enabled:sgtray"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:wscntfy"
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe:*:Enabled:SpySweeperUI"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:GoogleUpdaterService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-17 08:21:42 ----D---- C:\WINDOWS\LastGood
2008-12-15 08:57:41 ----A---- C:\WINDOWS\Alcmtr.exe
2008-12-12 11:38:32 ----SHD---- C:\RECYCLER
2008-12-12 09:19:14 ----D---- C:\met pics
2008-12-12 08:03:43 ----D---- C:\WINDOWS\temp
2008-12-12 08:03:42 ----A---- C:\ComboFix.txt
2008-12-12 07:58:46 ----D---- C:\CombosUBs
2008-12-11 08:14:47 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-09 12:29:43 ----A---- C:\Boot.bak
2008-12-09 12:29:39 ----RASHD---- C:\cmdcons
2008-12-09 12:16:34 ----A---- C:\WINDOWS\zip.exe
2008-12-09 12:16:34 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 12:16:34 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\sed.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\grep.exe
2008-12-09 12:16:33 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 12:04:03 ----D---- C:\WINDOWS\ERDNT
2008-12-09 12:04:02 ----D---- C:\Qoobox
2008-12-09 12:04:02 ----D---- C:\ComboFix
2008-12-08 09:28:17 ----D---- C:\WINDOWS\ERUNT
2008-12-08 09:27:00 ----D---- C:\SDFix
2008-12-04 11:27:04 ----D---- C:\Program Files\exPressit S.E. 2.2
2008-12-03 13:02:25 ----D---- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
2008-12-03 12:37:31 ----D---- C:\VundoFix Backups
2008-12-03 12:37:31 ----A---- C:\VundoFix.txt
2008-12-03 12:22:16 ----D---- C:\Program Files\SuperAdBlocker.com
2008-12-03 09:03:15 ----D---- C:\rsit
2008-12-02 09:30:57 ----D---- C:\Program Files\Citrix
2008-12-01 18:55:13 ----A---- C:\WINDOWS\vxvbma.txt
2008-12-01 14:38:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37:49 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-01 14:37:49 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-01 14:37:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-20 16:33:46 ----D---- C:\Program Files\MagicISO

======List of files/folders modified in the last 1 months======

2008-12-17 09:32:06 ----D---- C:\WINDOWS\Prefetch
2008-12-17 08:22:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-17 08:21:45 ----D---- C:\WINDOWS\system32
2008-12-17 08:21:42 ----AD---- C:\WINDOWS
2008-12-17 08:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-16 09:34:29 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2008-12-16 09:34:05 ----D---- C:\WINDOWS\Registration
2008-12-16 09:34:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-15 19:55:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 19:40:04 ----D---- C:\Documents and Settings\Owner\Application Data\DVD Flick
2008-12-15 08:58:21 ----D---- C:\WINDOWS\system32\RTCOM
2008-12-15 08:58:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-15 08:58:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 08:57:41 ----D---- C:\Program Files\Realtek
2008-12-15 08:10:20 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-12-12 08:50:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-12 08:02:12 ----N---- C:\WINDOWS\system.ini
2008-12-12 08:01:18 ----D---- C:\WINDOWS\AppPatch
2008-12-12 08:01:18 ----D---- C:\Program Files\Common Files
2008-12-11 16:10:14 ----D---- C:\Photos
2008-12-11 08:14:47 ----RD---- C:\Program Files
2008-12-10 16:29:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 12:31:29 ----D---- C:\WINDOWS\system32\config
2008-12-09 12:29:44 ----RASH---- C:\boot.ini
2008-12-09 04:10:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 15:57:55 ----D---- C:\My Music
2008-12-04 14:38:18 ----HD---- C:\WINDOWS\inf
2008-12-04 11:58:49 ----A---- C:\WINDOWS\leadsrvr.ini
2008-12-03 14:34:13 ----D---- C:\Program Files\Windows Media Player
2008-12-03 12:22:16 ----SHD---- C:\WINDOWS\Installer
2008-12-03 12:22:16 ----HD---- C:\Config.Msi
2008-12-03 09:03:27 ----D---- C:\Program Files\Trend Micro
2008-12-03 08:45:43 ----D---- C:\MFP
2008-12-03 08:06:18 ----D---- C:\Videos
2008-12-02 08:26:39 ----D---- C:\Program Files\Memory Keepsake Programs
2008-11-25 11:45:37 ----A---- C:\Cucu_Video_log.txt
2008-11-24 13:04:49 ----D---- C:\WINDOWS\system
2008-11-19 17:06:28 ----D---- C:\WINDOWS\Minidump
2008-11-19 17:06:25 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2004-02-17 14976]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-25 25691]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-25 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-25 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-25 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-25 85978]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-25 14235]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-25 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-25 98650]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-25 100603]
R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-09-07 205328]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-09-07 36368]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-09-07 1195448]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-14 99648]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2005-12-14 160256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-03-01 21056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-10 42496]
S1 SABDIFSV;SABDIFSV; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 catchme;catchme; \??\C:\CombosUBs\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2006-01-10 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2006-01-10 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-28 168432]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 71360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-24 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-02-02 172032]
R2 SABSVC;Super Ad Blocker; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE [2005-08-31 65536]
R2 Tmntsrv;Trend NT Realtime Service; C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe [2004-02-17 241737]
R2 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Antivirus\tmproxy.exe [2004-02-17 204873]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-01 3379264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users