Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! My PC is behaving strangely


  • This topic is locked This topic is locked
11 replies to this topic

#1 jepoy1026

jepoy1026

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 12 December 2008 - 09:37 AM

Hello BC. I originally posted my problem on the 'Am I infected?' section and was advised to post here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/184198/help-idk-whats-going-on/ ~ OB Well to give an insight about my problem, I sometimes get a microsoft data execution prevention message containing this:

To help protect your computer, Windows has closed this program.
name: Generic Host process for Win32 Services
Publisher: Microsoft Corporation


then after I close the DEP window, an error msg comes up and it goes like this:

Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6
P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 411096ac P7 : 0000a3c0
P8 : c0000409 P9 : 00000000


What's really troublesome is I lose internet connection and sounds in application programs (at this point, I'm not able to open the volume control window).
Also, the appearance of the taskbar switches from the xp theme to classic and then resets back to xp appearance.

I followed the preparation guide and here is my RSIT log. I am not able to scan with kaspersky online scanner because of the connection problem I have mentioned earlier.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeff® at 2008-12-12 22:00:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (7%) free of 38 GB
Total RAM: 767 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:57 PM, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff®\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff®.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7359 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-10-10 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-17 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-04-27 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-10-10 3502840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Reboot.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
C:\WINDOWS\system32\LogonDll.dll [2005-11-20 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\SIERRA\Half-Life\hl.exe"="C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"D:\Getamped\amped.exe"="D:\Getamped\amped.exe:*:Enabled:amped"
"D:\RoN\rise.exe"="D:\RoN\rise.exe:*:Enabled:Rise of Nations"
"D:\12sky\TwelveSky.exe"="D:\12sky\TwelveSky.exe:*:Enabled:TwelveSky"
"D:\Rohan\rohanclient.exe"="D:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FreeStyle Philippines\FreeStyle.exe"="C:\Program Files\FreeStyle Philippines\FreeStyle.exe:*:Disabled:FreeStyle"
"C:\Documents and Settings\Jeff®\Desktop\CabalTemp\ESTSetupLoader.exe"="C:\Documents and Settings\Jeff®\Desktop\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"D:\Cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe"="D:\Cabal\CABAL Online (PH)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"D:\imesh\iMesh.exe"="D:\imesh\iMesh.exe:*:Enabled:iMesh"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe:*:Enabled:RainbowSixVegas2_SADS"
"C:\WINDOWS\system32\mpxu.exe"="C:\WINDOWS\system32\mpxu.exe:*:Enabled:mpxu"
"D:\testdrive\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\TDU\TestDriveUnlimited.exe"="D:\testdrive\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\TDU\TestDriveUnlimited.exe:LocalSubNet:Disabled:Test Drive Unlimited"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-12 22:00:38 ----D---- C:\rsit
2008-12-11 15:39:47 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-11 15:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-11 15:28:42 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-11 15:28:42 ----D---- C:\Documents and Settings\Jeff®\Application Data\SUPERAntiSpyware.com
2008-12-05 12:47:44 ----D---- C:\Documents and Settings\Jeff®\Application Data\Malwarebytes
2008-12-05 12:47:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 12:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 07:39:02 ----A---- C:\WINDOWS\wininit.ini
2008-12-04 01:22:56 ----D---- C:\QUARANTINE
2008-12-03 19:17:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-03 19:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-11-30 17:29:08 ----D---- C:\Program Files\Level Up
2008-11-29 11:35:42 ----D---- C:\Program Files\Executive Software
2008-11-29 11:30:16 ----D---- C:\Program Files\WinASO
2008-11-29 11:30:08 ----D---- C:\Program Files\BurnInTest
2008-11-19 06:55:13 ----D---- C:\Program Files\e-Games
2008-11-16 15:15:36 ----D---- C:\Program Files\Conduit
2008-11-16 15:15:33 ----D---- C:\Program Files\free-downloads.net
2008-11-16 15:15:14 ----D---- C:\Program Files\Alcohol Soft
2008-11-16 15:08:47 ----D---- C:\Program Files\alcohol 120%

======List of files/folders modified in the last 1 months======

2008-12-12 21:57:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-12 21:46:12 ----D---- C:\WINDOWS\Temp
2008-12-12 21:42:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 18:10:48 ----D---- C:\WINDOWS\Prefetch
2008-12-11 21:55:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 15:40:12 ----D---- C:\Documents and Settings
2008-12-11 15:39:47 ----D---- C:\WINDOWS
2008-12-11 15:28:51 ----SHD---- C:\WINDOWS\Installer
2008-12-11 15:28:51 ----HD---- C:\Config.Msi
2008-12-11 15:28:42 ----RD---- C:\Program Files
2008-12-11 15:28:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 08:17:56 ----D---- C:\WINDOWS\system32
2008-12-10 17:33:10 ----D---- C:\Documents and Settings\Jeff®\Application Data\Free Download Manager
2008-12-10 17:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 17:11:21 ----D---- C:\WINDOWS\Minidump
2008-12-08 13:44:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 13:03:16 ----SD---- C:\Documents and Settings\Jeff®\Application Data\Microsoft
2008-12-05 12:47:39 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 19:22:15 ----SH---- C:\boot.ini
2008-12-03 19:22:15 ----A---- C:\WINDOWS\win.ini
2008-12-03 19:22:15 ----A---- C:\WINDOWS\system.ini
2008-12-03 19:22:12 ----D---- C:\WINDOWS\pss
2008-12-03 19:17:43 ----HD---- C:\WINDOWS\inf
2008-12-03 19:17:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 19:17:25 ----D---- C:\WINDOWS\$hf_mig$
2008-12-01 17:59:26 ----D---- C:\Documents and Settings\Jeff®\Application Data\Wildfire
2008-12-01 14:56:06 ----D---- C:\WINDOWS\system32\config
2008-11-30 17:39:21 ----D---- C:\Documents and Settings\Jeff®\Application Data\uTorrent
2008-11-30 14:30:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-30 11:52:52 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-29 11:35:47 ----D---- C:\WINDOWS\Help
2008-11-29 11:30:48 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-25 07:09:13 ----A---- C:\WINDOWS\DUMP1f2b.tmp
2008-11-14 08:55:19 ----D---- C:\Documents and Settings\Jeff®\Application Data\iMesh

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-05-30 25344]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-03-31 3960896]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 aaghwz5l;aaghwz5l; C:\WINDOWS\system32\drivers\aaghwz5l.sys []
S3 amd29s9t;amd29s9t; C:\WINDOWS\system32\drivers\amd29s9t.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 npkcrypt;npkcrypt; \??\C:\WINDOWS\system32\npkcrypt.sys []
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
R2 DF5Serv;DF5Serv; C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe [2005-11-20 303104]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-04-26 622700]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-11 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-07-11 107832]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S2 npkcsvc;npkcsvc; C:\WINDOWS\system32\npkcsvc.exe [2004-03-31 172544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-03-24 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-24 306432]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-12-12 22:00:59

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FC3A21A4-928F-4211-A27B-E76EE76FC7E2}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Ballistik-->"C:\Program Files\Ballistik\ReflexiveArcade\unins000.exe"
BurnInTest v5.1 Pro-->"C:\Program Files\BurnInTest\unins000.exe"
CABAL Online (PH) 1.0-->D:\Cabal\CABAL Online (PH)\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chikka Messenger V4-->C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
Diskeeper Lite-->MsiExec.exe /X{3872D54E-84A0-4C04-9BDB-684D01840CA6}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free Download Manager 2.5-->"D:\Free Download Manager\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Galapago-->"C:\Program Files\Galapago\ReflexiveArcade\unins000.exe"
GetAmped Philippines-->MsiExec.exe /I{0EE0BF59-593F-4F4C-9203-CB1719188227}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iMesh-->D:\imesh\UninstallSurvey.exe D:\imesh\UNWISE.EXE /U D:\imesh\INSTALL.LOG
iTunes-->MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joymax\DecoOnline-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABE960AB-45A7-4184-BA5A-EADAE2789FE8}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Ultra Edition-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
nProtect KeyCrypt-->C:\WINDOWS\system32\npkuninst.exe
O2Jam_PH-->"D:\O2 Jam\O2Jam_PH\uninstall.exe"
Off Road Arena-->"C:\Program Files\Off Road Arena\ReflexiveArcade\unins000.exe"
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Picture Package Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
POD-Bot 2.5-->C:\WINDOWS\unvise32.exe C:\SIERRA\Half-Life\cstrike\poduninst.log
PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SierraHome Print Artist 8.0-->C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Print Artist 8.0\Uninst.isu" -c"C:\Sierra\Print Artist 8.0\Uninstpa.DLL"
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trust WB-1400T Webcam-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{30837A37-8F9F-4817-8B52-C501B67DC3BE} /l1033
Tumble Bugs-->"C:\Program Files\Tumble Bugs\ReflexiveArcade\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinASO Registry Optimizer 3.0.5-->"C:\Program Files\WinASO\Registry Optimizer 3.0\unins000.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe-->"C:\Program Files\Zuma Deluxe\ReflexiveArcade\unins000.exe"
ZU-ONLINE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D619E865-AE93-4785-BB20-F3072CE4E8C5}\setup.exe" -l0x9 -removeonly
ZX Online Client 1.0-->C:\Program Files\e-Games\ZX Online\uninst.exe

======Security center information======

AV: McAfee VirusScan Enterprise

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Executive Software\Diskeeper\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------


Thx BC! hope to fix this with your help.

Edited by Orange Blossom, 12 December 2008 - 12:58 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:29 AM

Posted 20 December 2008 - 12:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jepoy1026

jepoy1026
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 December 2008 - 04:53 AM

Hello! here's the result of the DDS scan.



DDS (Version 1.1.0) - NTFSx86
Run by Jeffr at 17:22:13.35 on Sun 12/21/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.480 [GMT 8:00]

============== Running Processes ===============

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Jeff®\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uWindow Title = Microsoft Internet Explorer
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: DfLogon - LogonDll.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff~1\applic~1\mozilla\firefox\profiles\ejve0ewb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

PP2 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\Mcshield.exe" [2007-2-22 144960]
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2005-11-20 134016]
R1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\FrameworkService.exe" /ServiceStart [2008-3-24 104000]
R2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe" [2007-2-22 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-24 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-24 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-24 170408]
S2 WinHost32Svr;Windows Host32 Server Service;"c:\windows\security\svchost.exe" []
S2 ypnmppf;ypnmppf;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-5-14 508288]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sysdrv32;Host Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys [2008-12-16 11656]

=============== Created Last 30 ================

2008-12-16 20:37 11,656 a------- c:\windows\system32\drivers\sysdrv32.sys
2008-12-15 21:05 <DIR> --d-hr-- c:\documents and settings\jeff®\Recent
2008-12-11 15:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-11 15:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-11 15:28 <DIR> --d----- c:\docume~1\jeff~1\applic~1\SUPERAntiSpyware.com
2008-12-05 12:47 <DIR> --d----- c:\docume~1\jeff~1\applic~1\Malwarebytes
2008-12-05 12:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-05 12:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 12:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 07:39 106 a------- c:\windows\wininit.ini
2008-12-04 01:22 <DIR> --d----- C:\QUARANTINE
2008-11-30 17:29 <DIR> --d----- c:\program files\Level Up
2008-11-30 13:51 1,835,008 a------- C:\~bittestC00001
2008-11-29 11:35 <DIR> --d----- c:\program files\Executive Software
2008-11-29 11:30 <DIR> --d----- c:\program files\WinASO
2008-11-29 11:30 <DIR> --d----- c:\program files\BurnInTest

==================== Find3M ====================

2008-12-21 12:55 5,242,880 a------- c:\documents and settings\jeff®\ntuser.dat
2008-11-25 07:09 102,400 a------- c:\windows\DUMP1f2b.tmp
2008-11-14 09:37 230,432 a------- C:\PA207.DAT
2008-07-11 22:25 22,328 ac------ c:\docume~1\jeff~1\applic~1\PnkBstrK.sys

============= FINISH: 17:22:41.64 ===============

oops, I cant upload a compressed version of the "attach" file

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 22 December 2008 - 11:03 PM

Hello.

Looks like an infection has hijacked the Svchost. Let's see what we can do.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable McAfee:
  • Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
    Right-click it -> chose Exit.
  • A popup will warn that protection will now be disabled. Click on Yes to disable the Antivirus guard.
If you have re-enabled TeaTimer since that log was taking..
You can find instructions with visuals here.
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. If you are not using Internet Explorer, you may not be prompted to download the file when you click it. In that case, right click it and select "Save Target/Link as" and save the file onto your desktop.
    The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode. However, do not use the MsConfig method to edit the Boot.ini.
Important!:Please do not select the Show all checkbox during the scan..

With Regards,
The Panda

#5 jepoy1026

jepoy1026
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 27 December 2008 - 11:07 AM

Hello Panda, Happy Holidays to you too!

Sorry for the delay, I just got home from our Christmas vacation. Anyways, here's the combofix log but I wasn't able to complete the gmer scan because I get a BSOD during the scan. I also tried scanning in safe mode. :thumbsup:

THX!

_____________________________________________________________________________________
ComboFix 08-12-26.03 - Jeff® 2008-12-27 18:52:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.485 [GMT 8:00]
Running from: c:\documents and settings\Jeff®\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
.
/wow section - STAGE 41


((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-16 20:37 . 2008-12-16 20:37 11,656 --a------ c:\windows\system32\drivers\sysdrv32.sys
2008-12-12 22:00 . 2008-12-12 22:00 <DIR> d-------- C:\rsit
2008-12-11 15:40 . 2008-12-11 15:40 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB.000\Application Data\SUPERAntiSpyware.com
2008-12-11 15:40 . 2008-12-11 15:40 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB.000
2008-12-11 15:29 . 2008-12-11 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-11 15:28 . 2008-12-11 15:28 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-11 15:28 . 2008-12-11 15:28 <DIR> d-------- c:\documents and settings\Jeff®\Application Data\SUPERAntiSpyware.com
2008-12-05 12:47 . 2008-12-05 12:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:47 . 2008-12-05 12:47 <DIR> d-------- c:\documents and settings\Jeff®\Application Data\Malwarebytes
2008-12-05 12:47 . 2008-12-05 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 12:47 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 12:47 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:15 . 2008-12-04 19:15 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\documents and settings\Administrator
2008-12-04 07:39 . 2008-12-04 07:39 106 --a------ c:\windows\wininit.ini
2008-12-04 01:22 . 2008-12-21 17:08 <DIR> d-------- C:\QUARANTINE
2008-11-30 17:29 . 2008-12-01 12:02 <DIR> d-------- c:\program files\Level Up
2008-11-30 13:51 . 2008-11-30 14:41 1,835,008 --a------ C:\~bittestC00001
2008-11-29 11:35 . 2008-11-29 11:35 <DIR> d-------- c:\program files\Executive Software
2008-11-29 11:30 . 2008-11-29 11:30 <DIR> d-------- c:\program files\WinASO
2008-11-29 11:30 . 2008-11-29 11:30 <DIR> d-------- c:\program files\BurnInTest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 10:37 --------- d-----w c:\documents and settings\Jeff®\Application Data\Free Download Manager
2008-12-21 09:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 07:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-08 05:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 09:59 --------- d-----w c:\documents and settings\Jeff®\Application Data\Wildfire
2008-11-30 09:39 --------- d-----w c:\documents and settings\Jeff®\Application Data\uTorrent
2008-11-24 23:09 102,400 ----a-w c:\windows\DUMP1f2b.tmp
2008-11-18 22:55 --------- d-----w c:\program files\e-Games
2008-11-16 07:15 --------- d-----w c:\program files\free-downloads.net
2008-11-16 07:15 --------- d-----w c:\program files\Conduit
2008-11-16 07:15 --------- d-----w c:\program files\Alcohol Soft
2008-11-16 07:09 --------- d-----w c:\program files\alcohol 120%
2008-11-14 01:37 230,432 ----a-w C:\PA207.DAT
2008-11-14 00:55 --------- d-----w c:\documents and settings\Jeff®\Application Data\iMesh
2008-11-12 12:46 --------- d-----w c:\documents and settings\Jeff®\Application Data\2K Sports
2008-11-12 12:30 --------- d-----w c:\program files\NBA 2K9
2008-10-31 15:04 --------- d-----w c:\documents and settings\Jeff®\Application Data\Sony Corporation
2008-10-31 14:21 --------- d-----w c:\program files\Sony
2008-10-31 12:12 --------- d-----w c:\program files\Tumble Bugs
2008-10-30 14:11 --------- d-----w c:\program files\Zuma Deluxe
2008-10-30 13:39 --------- d-----w c:\program files\FreeStyle Philippines
2008-10-28 11:31 --------- d-----w c:\program files\Trust
2008-10-28 11:31 --------- d-----w c:\program files\Common Files\PAC207
2008-10-28 08:55 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2008-07-11 14:25 22,328 -c--a-w c:\documents and settings\Jeff®\Application Data\PnkBstrK.sys
2006-10-02 18:43 2,402,550 -c--a-w c:\windows\inf\SET55.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2005-11-20 19:21 49152 c:\windows\system32\LogonDll.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Jeff®\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Reboot.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a--c--- 2007-11-17 02:20 91432 c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2007-01-15 16:14 147456 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-04-27 11:25 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
-----c--- 2007-10-11 12:06 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 17:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-10-10 06:11 3502840 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Getamped\\amped.exe"=
"d:\\Rohan\\rohanclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FreeStyle Philippines\\FreeStyle.exe"=
"d:\\Cabal\\CABAL Online (PH)\\launcher\\update\\ESTdnheadless.exe"=
"d:\\imesh\\iMesh.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4697:TCP"= 4697:TCP:WWW

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2005-11-20 134016]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
S2 WinHost32Svr;Windows Host32 Server Service;"c:\windows\security\svchost.exe" []
S2 ypnmppf;ypnmppf;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sysdrv32;Host Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys [2008-12-16 11656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ypnmppf

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\mglaunch_USAv1002.exe - c:\windows\Downloaded Program Files\mglaunch_USAv1002.dll
O16 -: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE}
hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
c:\windows\Downloaded Program Files\mglaunch_USAv1002.inf
FF - ProfilePath - c:\documents and settings\Jeff®\Application Data\Mozilla\Firefox\Profiles\ejve0ewb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 18:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LogonDll.dll
.
Completion time: 2008-12-27 18:55:07
ComboFix-quarantined-files.txt 2008-12-27 10:55:05

Pre-Run: 3,013,226,496 bytes free
Post-Run: 3,164,561,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

205

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 27 December 2008 - 08:52 PM

Hello.

No problem. Been a bit busy myself the last while.

Please make sure your protection is disabled.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    Rootkit::
    c:\windows\system32\drivers\sysdrv32.sys
    c:\windows\security\svchost.exe
    
    Driver::
    WinHost32Svr
    ypnmppf
    sysdrv32
    
    NetSvc::
    ypnmppf
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Please post back with:
-the ComboFix log
-the MalwareBytes log

Try running GMER again, and if you can, post that log too.

How is your computer running now?

With Regards,
The Panda

#7 jepoy1026

jepoy1026
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 28 December 2008 - 02:47 AM

Hello Panda! Here are the logs:


________________________________________________________________

ComboFix 08-12-26.03 - Jeff® 2008-12-28 15:19:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.518 [GMT 8:00]
Running from: c:\documents and settings\Jeff®\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff®\Desktop\CFScript.txt.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
.
/wow section - STAGE 41


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Legacy_WINHOST32SVR
-------\Legacy_YPNMPPF
-------\Service_sysdrv32
-------\Service_WinHost32Svr
-------\Service_ypnmppf


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-27 23:31 . 2008-12-27 23:52 345 --a------ c:\windows\gmer.ini
2008-12-27 23:30 . 2008-12-27 23:30 <DIR> d-------- C:\gmer
2008-12-12 22:00 . 2008-12-12 22:00 <DIR> d-------- C:\rsit
2008-12-11 15:40 . 2008-12-11 15:40 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB.000\Application Data\SUPERAntiSpyware.com
2008-12-11 15:40 . 2008-12-11 15:40 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB.000
2008-12-11 15:29 . 2008-12-11 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-11 15:28 . 2008-12-11 15:28 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-05 12:47 . 2008-12-05 12:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:47 . 2008-12-05 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 12:47 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 12:47 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:15 . 2008-12-04 19:15 <DIR> d-------- c:\documents and settings\Administrator.JEFF-9FFD724ECB
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\documents and settings\Administrator
2008-12-04 07:39 . 2008-12-04 07:39 106 --a------ c:\windows\wininit.ini
2008-12-04 01:22 . 2008-12-21 17:08 <DIR> d-------- C:\QUARANTINE
2008-11-30 17:29 . 2008-12-01 12:02 <DIR> d-------- c:\program files\Level Up
2008-11-30 13:51 . 2008-11-30 14:41 1,835,008 --a------ C:\~bittestC00001
2008-11-29 11:35 . 2008-11-29 11:35 <DIR> d-------- c:\program files\Executive Software
2008-11-29 11:30 . 2008-11-29 11:30 <DIR> d-------- c:\program files\WinASO
2008-11-29 11:30 . 2008-11-29 11:30 <DIR> d-------- c:\program files\BurnInTest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 09:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 07:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-08 05:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 23:09 102,400 ----a-w c:\windows\DUMP1f2b.tmp
2008-11-18 22:55 --------- d-----w c:\program files\e-Games
2008-11-16 07:15 --------- d-----w c:\program files\free-downloads.net
2008-11-16 07:15 --------- d-----w c:\program files\Conduit
2008-11-16 07:15 --------- d-----w c:\program files\Alcohol Soft
2008-11-16 07:09 --------- d-----w c:\program files\alcohol 120%
2008-11-14 01:37 230,432 ----a-w C:\PA207.DAT
2008-11-12 12:30 --------- d-----w c:\program files\NBA 2K9
2008-10-31 14:21 --------- d-----w c:\program files\Sony
2008-10-31 12:12 --------- d-----w c:\program files\Tumble Bugs
2008-10-30 14:11 --------- d-----w c:\program files\Zuma Deluxe
2008-10-30 13:39 --------- d-----w c:\program files\FreeStyle Philippines
2008-10-28 11:31 --------- d-----w c:\program files\Trust
2008-10-28 11:31 --------- d-----w c:\program files\Common Files\PAC207
2008-10-28 08:55 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
.

((((((((((((((((((((((((((((( snapshot@2008-12-27_18.54.34.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-27 15:31:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-12-27 15:31:44 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-12-28 07:25:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2005-11-20 19:21 49152 c:\windows\system32\LogonDll.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Jeff®\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeff®^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a--c--- 2007-11-17 02:20 91432 c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2007-01-15 16:14 147456 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-04-27 11:25 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
-----c--- 2007-10-11 12:06 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 17:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-10-10 06:11 3502840 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Getamped\\amped.exe"=
"d:\\Rohan\\rohanclient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FreeStyle Philippines\\FreeStyle.exe"=
"d:\\Cabal\\CABAL Online (PH)\\launcher\\update\\ESTdnheadless.exe"=
"d:\\imesh\\iMesh.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4697:TCP"= 4697:TCP:WWW

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2005-11-20 134016]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\mglaunch_USAv1002.exe - c:\windows\Downloaded Program Files\mglaunch_USAv1002.dll
O16 -: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE}
hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab
c:\windows\Downloaded Program Files\mglaunch_USAv1002.inf
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 15:27:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LogonDll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
Completion time: 2008-12-28 15:30:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 07:30:01
ComboFix2.txt 2008-12-27 10:55:08

Pre-Run: 3,123,314,688 bytes free
Post-Run: 2,995,671,040 bytes free

210


________________________________________________________________

Malwarebytes' Anti-Malware 1.31
Database version: 1560
Windows 5.1.2600 Service Pack 2

12/28/2008 3:44:09 PM
mbam-log-2008-12-28 (15-44-09).txt

Scan type: Quick Scan
Objects scanned: 60664
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 28 December 2008 - 03:30 AM

Hello.

Looks good. Let's do some updating.

Update Windows Installation
Your Microsoft Windows installation is out of date. Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please feel free to ask for help.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.

Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java, Java Runtime Environment (JRE) 6 Update 11 from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" to download the installer. Double click the installer to run. Delete the installer after use.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Also include a fresh DDS log.

Any problems right now with the machine?

With Regards,
The Panda

#9 jepoy1026

jepoy1026
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 28 December 2008 - 06:38 PM

Hi! I followed your instructions and here are the logs. As for the machine, Its on a lot better state now. I haven't had any errors lately. Sound and Internet connection is not lost as well. :thumbsup:


Scanning Report
Monday, December 29, 2008 02:17:55 - 07:16:42

Computer name: JEFF-9FFD724ECB
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 2 malware found
TrackingCookie.Adinterax (spyware)

* System

TrackingCookie.Yieldmanager (spyware)

* System

Statistics
Scanned:

* Files: 22235
* System: 3430
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\PERSI0.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2008-12-27
* F-Secure AVP: 7.0.171, 2008-12-28
* F-Secure Pegasus: 1.20.0, 2008-11-17
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

________________________________________________________________________
DDS (Version 1.1.0) - NTFSx86
Run by Jeff® at 7:21:22.57 on Mon 12/29/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.540 [GMT 8:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Jeff®\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Download all with Free Download Manager - file://d:\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: DfLogon - LogonDll.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff~1\applic~1\mozilla\firefox\profiles\ejve0ewb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

PP2 McShield;McAfee McShield;"c:\program files\mcafee\virusscan enterprise\Mcshield.exe" [2007-2-22 144960]
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2005-11-20 134016]
R1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\FrameworkService.exe" /ServiceStart [2008-3-24 104000]
R2 McTaskManager;McAfee Task Manager;"c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe" [2007-2-22 54872]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-24 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-24 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-24 170408]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-5-14 508288]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2008-12-29 01:45 <DIR> --d----- C:\fsaua.data
2008-12-29 01:40 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-29 01:40 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-28 21:25 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-28 21:25 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-28 21:25 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-28 21:25 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-28 21:25 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-27 23:31 345 a------- c:\windows\gmer.ini
2008-12-27 23:30 <DIR> --d----- C:\gmer
2008-12-27 18:51 <DIR> a-dshr-- C:\cmdcons
2008-12-27 18:46 161,792 a------- c:\windows\SWREG.exe
2008-12-27 18:46 98,816 a------- c:\windows\sed.exe
2008-12-11 15:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-11 15:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-11 15:28 <DIR> --d----- c:\docume~1\jeff~1\applic~1\SUPERAntiSpyware.com
2008-12-05 12:47 <DIR> --d----- c:\docume~1\jeff~1\applic~1\Malwarebytes
2008-12-05 12:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-05 12:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 12:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 12:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 07:39 106 a------- c:\windows\wininit.ini
2008-12-04 01:22 <DIR> --d----- C:\QUARANTINE
2008-11-30 17:29 <DIR> --d----- c:\program files\Level Up
2008-11-30 13:51 1,835,008 a------- C:\~bittestC00001
2008-11-29 11:35 <DIR> --d----- c:\program files\Executive Software
2008-11-29 11:30 <DIR> --d----- c:\program files\WinASO
2008-11-29 11:30 <DIR> --d----- c:\program files\BurnInTest

==================== Find3M ====================

2008-11-25 07:09 102,400 a------- c:\windows\DUMP1f2b.tmp
2008-11-14 09:37 230,432 a------- C:\PA207.DAT
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-07-11 22:25 22,328 ac------ c:\docume~1\jeff~1\applic~1\PnkBstrK.sys

============= FINISH: 7:22:02.29 ===============

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 28 December 2008 - 09:13 PM

Great! If it's all good on your side, then we can wrap up.

Uninstall ComboFix
Remove Combofix now that we're done with it.

If this tool has helped you, please consider making a donation to its author. Posted Image
  • Click on your Start Menu, then Run....
  • Type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#11 jepoy1026

jepoy1026
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 January 2009 - 10:27 AM

Hi! It seems to be working fine now. Although I'm having little issues with my microphone. It doesn't seem to be working. Anyways, A lot of thanks to your help! happy new year!!

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 02 January 2009 - 11:29 AM

Welcome. Happy New Year.

You may want to post in the External Hardware Forum about that issue.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users