Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan dnscharger?


  • Please log in to reply
17 replies to this topic

#1 Jenn Shaffahhhh

Jenn Shaffahhhh

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 22 December 2008 - 03:18 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jennifer at 2008-12-22 15:06:33
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 42 GB (44%) free of 96 GB
Total RAM: 446 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2008-12-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jennifer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5753 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-11-15 1783808]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2008-11-05 64880]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f213baf-55aa-11dd-b641-00038a000015}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-22 15:06:33 ----DC---- C:\rsit
2008-12-20 11:01:29 ----D---- C:\Users\Jennifer\AppData\Roaming\Printer Info Cache
2008-12-20 11:01:21 ----D---- C:\Users\Jennifer\AppData\Roaming\Image Zone Express
2008-12-20 02:45:51 ----D---- C:\ProgramData\HPSSUPPLY
2008-12-20 02:35:59 ----D---- C:\Program Files\Common Files\HP
2008-12-18 13:39:22 ----D---- C:\Windows\Minidump
2008-12-18 13:38:10 ----A---- C:\Windows\system32\PARTIZAN.TXT
2008-12-18 12:50:53 ----A---- C:\Windows\NIRCMD.exe
2008-12-18 12:50:52 ----A---- C:\Windows\zip.exe
2008-12-18 12:50:52 ----A---- C:\Windows\VFIND.exe
2008-12-18 12:50:52 ----A---- C:\Windows\SWSC.exe
2008-12-18 12:50:52 ----A---- C:\Windows\SWREG.exe
2008-12-18 12:50:52 ----A---- C:\Windows\sed.exe
2008-12-18 12:50:52 ----A---- C:\Windows\grep.exe
2008-12-18 12:50:52 ----A---- C:\Windows\fdsv.exe
2008-12-18 12:50:51 ----A---- C:\Windows\SWXCACLS.exe
2008-12-18 12:50:24 ----DC---- C:\Qoobox
2008-12-18 12:50:24 ----D---- C:\Windows\ERDNT
2008-12-18 12:50:17 ----DC---- C:\ComboFix
2008-12-18 12:50:03 ----A---- C:\Windows\system32\CF6115.exe
2008-12-18 12:48:42 ----A---- C:\Windows\system32\swsc.exe
2008-12-17 23:25:11 ----D---- C:\Program Files\Common Files\Apple
2008-12-17 23:24:20 ----D---- C:\Program Files\QuickTime
2008-12-17 23:24:04 ----D---- C:\ProgramData\Apple Computer
2008-12-17 23:15:40 ----D---- C:\Program Files\Apple Software Update
2008-12-17 23:15:39 ----D---- C:\ProgramData\Apple
2008-12-17 22:30:22 ----D---- C:\Windows\PCHEALTH
2008-12-17 22:29:34 ----HDC---- C:\Config.Msi
2008-12-17 22:28:51 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-17 21:56:06 ----A---- C:\Windows\system32\Partizan.exe
2008-12-14 19:45:18 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-13 22:35:07 ----D---- C:\ProgramData\Roxio
2008-12-13 22:34:54 ----D---- C:\Users\Jennifer\AppData\Roaming\Roxio
2008-12-13 22:03:25 ----AC---- C:\FINIS_IT.TXT
2008-12-13 22:01:52 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-12-12 16:29:14 ----A---- C:\Windows\system32\javaws.exe
2008-12-12 16:29:13 ----A---- C:\Windows\system32\javaw.exe
2008-12-12 16:29:12 ----A---- C:\Windows\system32\java.exe
2008-12-12 13:01:55 ----D---- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2008-12-12 13:01:24 ----D---- C:\ProgramData\Malwarebytes
2008-12-12 13:01:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-09 11:20:13 ----D---- C:\Users\Jennifer\AppData\Roaming\AviDvdBurner
2008-12-08 23:59:57 ----A---- C:\Windows\system32\GIF89.DLL
2008-12-08 23:59:56 ----A---- C:\Windows\system32\WMAFile.dll
2008-12-08 23:59:56 ----A---- C:\Windows\system32\SSubTmr6.dll
2008-12-08 23:59:56 ----A---- C:\Windows\system32\AudioInfos.dll
2008-12-08 23:59:56 ----A---- C:\Windows\system32\AudFile.dll
2008-12-08 22:27:10 ----A---- C:\Windows\MOTA113.exe
2008-12-08 22:27:09 ----A---- C:\Windows\system32\AVSredirect.dll
2008-12-08 22:27:08 ----A---- C:\Windows\system32\yv12vfw.dll
2008-12-08 22:27:07 ----A---- C:\Windows\system32\i420vfw.dll
2008-12-08 22:27:05 ----A---- C:\Windows\system32\x.264.exe
2008-12-08 22:27:03 ----A---- C:\Windows\x2.64.exe
2008-12-08 22:27:01 ----A---- C:\Windows\meta4.exe
2008-12-08 22:26:03 ----D---- C:\Program Files\eRightSoft
2008-12-06 15:45:33 ----D---- C:\Windows\RegCure
2008-12-06 14:27:24 ----D---- C:\Program Files\RegCure

======List of files/folders modified in the last 1 months======

2008-12-22 15:07:55 ----D---- C:\Windows\Temp
2008-12-22 15:06:56 ----D---- C:\Windows\Prefetch
2008-12-22 12:06:31 ----D---- C:\Users\Jennifer\AppData\Roaming\uTorrent
2008-12-22 09:42:55 ----SHD---- C:\System Volume Information
2008-12-21 12:31:18 ----D---- C:\Windows\System32
2008-12-21 12:31:18 ----D---- C:\Windows\inf
2008-12-21 12:31:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-20 19:07:24 ----D---- C:\Windows
2008-12-20 18:46:11 ----D---- C:\Users\Jennifer\AppData\Roaming\FrostWire
2008-12-20 12:35:15 ----D---- C:\ProgramData\Spyware Terminator
2008-12-20 12:34:39 ----D---- C:\Users\Jennifer\AppData\Roaming\Spyware Terminator
2008-12-20 02:48:43 ----SHD---- C:\Windows\Installer
2008-12-20 02:47:22 ----A---- C:\Windows\win.ini
2008-12-20 02:45:52 ----D---- C:\Program Files\HP
2008-12-20 02:45:51 ----D---- C:\ProgramData
2008-12-20 02:41:04 ----D---- C:\ProgramData\HP
2008-12-20 02:39:35 ----D---- C:\Windows\winsxs
2008-12-20 02:37:09 ----D---- C:\Windows\twain_32
2008-12-20 02:35:59 ----D---- C:\Program Files\Common Files
2008-12-20 02:32:19 ----D---- C:\Windows\system32\drivers
2008-12-20 02:16:45 ----D---- C:\Program Files\Spyware Terminator
2008-12-20 02:09:11 ----D---- C:\Program Files\WinRAR
2008-12-20 02:09:11 ----D---- C:\Program Files
2008-12-20 01:38:08 ----AD---- C:\ProgramData\TEMP
2008-12-18 18:11:19 ----D---- C:\ProgramData\Microsoft
2008-12-18 14:10:15 ----SD---- C:\Users\Jennifer\AppData\Roaming\Microsoft
2008-12-18 13:50:10 ----SD---- C:\Windows\system32\Microsoft
2008-12-18 12:50:01 ----D---- C:\Windows\system32\en-US
2008-12-18 10:17:41 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 23:16:51 ----D---- C:\Windows\system32\Tasks
2008-12-17 22:49:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-12-17 22:42:14 ----D---- C:\Windows\system32\catroot
2008-12-17 22:41:51 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-12-17 22:30:28 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-16 17:44:58 ----D---- C:\Windows\system32\wbem
2008-12-16 17:41:56 ----D---- C:\Windows\system32\config
2008-12-16 17:40:52 ----D---- C:\Windows\Tasks
2008-12-16 17:40:52 ----D---- C:\Windows\system32\spool
2008-12-16 17:40:51 ----D---- C:\Windows\system32\Msdtc
2008-12-16 17:40:51 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-16 17:40:50 ----D---- C:\Windows\system32\catroot2
2008-12-16 17:40:39 ----D---- C:\Program Files\DivX
2008-12-16 17:40:31 ----D---- C:\Windows\registration
2008-12-14 20:02:07 ----D---- C:\Program Files\Roxio
2008-12-14 19:52:36 ----SD---- C:\Windows\Downloaded Program Files
2008-12-14 19:52:35 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-14 19:52:34 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-14 19:51:15 ----RSD---- C:\Windows\Fonts
2008-12-13 22:18:47 ----HD---- C:\hp
2008-12-13 22:16:31 ----D---- C:\Windows\SMINST
2008-12-12 16:26:48 ----D---- C:\Program Files\Java
2008-11-24 19:27:37 ----D---- C:\Users\Jennifer\AppData\Roaming\App Launcher Gadget
2008-11-24 14:54:38 ----D---- C:\ProgramData\avg8

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-11-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-11-15 26824]
R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-11-15 141312]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\Windows\system32\DRIVERS\WPN311.sys [2005-03-29 456384]
S3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-11-15 69128]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MR97310_USB_DUAL_CAMERA;DUAL MODE CAMERA SL310; C:\Windows\system32\DRIVERS\mr97310c.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys [2008-12-17 30946]
S3 Pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\Pcouffin.sys [2008-06-19 47360]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-15 231704]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2008-01-19 47616]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-15 570880]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2008-11-05 1132912]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-15 875288]
S3 CISVC;Indexing Service; C:\Windows\system32\CISVC.EXE [2008-01-19 11264]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 31 December 2008 - 02:39 AM

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.


Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#3 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 02 January 2009 - 06:20 PM

Ahhhhhh, someone help me PLEASE. My computer has been getting slower and SLOWER.
Here are the logs, again.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2008-12-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jennifer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5753 bytes



---------------




Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 6.0.6001 Service Pack 1

2009-01-02 18:09:47
mbam-log-2009-01-02 (18-09-47).txt

Scan type: Quick Scan
Objects scanned: 45421
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 03 January 2009 - 02:31 AM

Hi,

I see Viewpoint is installed..

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

Next, perform another scan with MBAM, reboot and post that log togheter with a new HijackThis log here for me.
Let me know how things are running.
Posted Image
Proud member of ASAP since 2007

#5 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 January 2009 - 03:26 AM

Okay, I did everything you told me to. But it still is running just the same as before!!! Here are the logs you asked for.


Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 6.0.6001 Service Pack 1

2009-01-05 19:39:05
mbam-log-2009-01-05 (19-39-05).txt

Scan type: Quick Scan
Objects scanned: 45420
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



----



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2008-12-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jennifer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5753 bytes

#6 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 06 January 2009 - 03:48 AM

Hi again,

Click Start, click Run, and enter into the command box that opens: CMD and then click OK.

In the black box that opens, type:

IPCONFIG /all and then press the {Enter} key.

The information I want is found in the last section of the report. Here is what it should looks like:


Ethernet adapter Local Area Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-40-F4-84-F8-DC
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.103
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Disabled




In order to copy/paste this from your own results, highlight the text with your mouse. Then in the Title Bar for the CMD session box, right click the little icon that appears at the far left (C:>), and choose Edit, Copy.

Type Exit to close the CMD session box and return to Windows. In a new reply, do a Paste of your information.
Posted Image
Proud member of ASAP since 2007

#7 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 January 2009 - 12:41 PM

Ethernet adapter Jenn's local connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1B-B9-53-43-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ad47:e0f7:3423:d0fc%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2009-01-05 19:44
Lease Expires . . . . . . . . . . : 2009-01-06 19:43
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 0.255.112.191
85.255.112.181
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Edited by Jenn Shaffahhhh, 06 January 2009 - 12:41 PM.


#8 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 06 January 2009 - 01:19 PM

1. Run MBAM, Quick Scan.

2. When finished, Right click the little connectoid for your internet connection in the taskbar, and choose Status.
Click the button at the bottom, Properties.
Scroll the list and double click Internet Protocol (TCP/IP)

Click the radio choice button, Use the following IP address.
Enter the following information (check carefully your typing) in the three boxes:

IP Address. . . . . . . . . . . . : 192.168.1.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

In the lower panel panel, choose the option button, Use the following DNS server addresses:
Enter the following information (check carefully your typing) in the two boxes:

Primary DNS Server: 208.67.222.222
Secondary DNS Server: 208.67.222.220

Save your changes, and exit out to the Desktop.

3. Run MBAM once again.

You Must Reboot your computer when finished.

4. Now run MBAM one last time, and post the log results back to the Forum.
Posted Image
Proud member of ASAP since 2007

#9 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 06 January 2009 - 04:27 PM

I don't have that option. Here is a screen shot of what choices I have. Also, I have vista. So does that have something to do with it?


Posted Image

#10 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 07 January 2009 - 03:04 AM

Can you rerun MBAM once again please.
Posted Image
Proud member of ASAP since 2007

#11 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 07 January 2009 - 04:29 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 6.0.6001 Service Pack 1

2009-01-07 16:24:37
mbam-log-2009-01-07 (16-24-37).txt

Scan type: Quick Scan
Objects scanned: 45926
Time elapsed: 29 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 07 January 2009 - 04:48 PM

Hi,

you're not been forgotten!! Asking for some advice on other HijackThis helpers.
Posted Image
Proud member of ASAP since 2007

#13 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 08 January 2009 - 02:06 AM

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Special Note for Vista: In all that follows, and subsequent sessions, you need to run these utilities "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly.
Posted Image
Proud member of ASAP since 2007

#14 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 08 January 2009 - 04:03 PM

ComboFix 09-01-08.01 - Jennifer 2009-01-08 15:13:53.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.446.65 [GMT -5:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
AV: AVG *On-access scanning enabled* (Outdated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jennifer\AppData\Roaming\inst.exe
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2008-12-28 21:52 . 2008-12-28 21:52 <DIR> d-------- c:\users\All Users\HP Product Assistant
2008-12-28 21:52 . 2008-12-28 21:52 <DIR> d-------- c:\programdata\HP Product Assistant
2008-12-27 03:25 . 2008-12-27 03:25 <DIR> d-------- c:\users\Jennifer\New Folder
2008-12-26 00:04 . 2008-12-26 00:04 <DIR> d-------- c:\program files\MyDSC2
2008-12-26 00:04 . 2008-12-26 00:04 <DIR> d-------- c:\program files\JL2005C
2008-12-26 00:04 . 2005-12-15 17:34 135,168 --a------ c:\windows\System32\jl_jdct.drv
2008-12-26 00:04 . 2008-07-09 17:31 68,826 --a------ c:\windows\System32\drivers\jl2005c.sys
2008-12-26 00:04 . 2005-08-10 10:44 15,360 --a------ c:\windows\System32\jl2005c.ax
2008-12-26 00:03 . 2008-12-26 00:04 <DIR> d-------- c:\program files\JL2005D
2008-12-25 22:22 . 2008-12-29 15:25 <DIR> d-------- c:\program files\PhoTags Express
2008-12-24 21:37 . 2009-01-02 15:30 <DIR> d-------- c:\users\Jennifer\Music
2008-12-22 15:06 . 2008-12-22 15:08 <DIR> d----c--- C:\rsit
2008-12-20 11:01 . 2008-12-20 11:01 <DIR> d-------- c:\users\Jennifer\AppData\Roaming\Printer Info Cache
2008-12-20 11:01 . 2009-01-03 00:58 <DIR> d-------- c:\users\Jennifer\AppData\Roaming\Image Zone Express
2008-12-20 02:45 . 2008-12-20 02:45 <DIR> d-------- c:\users\All Users\HPSSUPPLY
2008-12-20 02:45 . 2008-12-20 02:45 <DIR> d-------- c:\programdata\HPSSUPPLY
2008-12-20 02:35 . 2008-12-20 02:44 <DIR> d-------- c:\program files\Common Files\HP
2008-12-20 02:26 . 2008-12-27 03:20 164,374 --a------ c:\windows\hpoins19.dat
2008-12-20 02:24 . 2007-03-13 14:55 26,952 --a------ c:\windows\hpomdl19.dat
2008-12-18 13:38 . 2008-12-18 13:39 177,745,513 --a------ c:\windows\MEMORY.DMP
2008-12-17 23:25 . 2008-12-17 23:25 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-17 23:24 . 2008-12-17 23:24 <DIR> d-------- c:\users\All Users\Apple Computer
2008-12-17 23:24 . 2008-12-17 23:24 <DIR> d-------- c:\programdata\Apple Computer
2008-12-17 23:24 . 2008-12-17 23:28 <DIR> d-------- c:\program files\QuickTime
2008-12-17 23:15 . 2008-12-17 23:15 <DIR> d-------- c:\users\All Users\Apple
2008-12-17 23:15 . 2008-12-17 23:15 <DIR> d-------- c:\programdata\Apple
2008-12-17 23:15 . 2008-12-17 23:15 <DIR> d-------- c:\program files\Apple Software Update
2008-12-17 22:49 . 2007-11-27 22:45 91,200 --a------ c:\windows\System32\drivers\msfwdrv.sys
2008-12-17 22:49 . 2007-11-27 22:44 37,440 --a------ c:\windows\System32\drivers\msfwhlpr.sys
2008-12-17 22:40 . 2008-05-15 16:15 53,168 --a------ c:\windows\System32\drivers\MpFilter.sys
2008-12-17 22:30 . 2008-12-17 22:30 <DIR> d-------- c:\windows\PCHEALTH
2008-12-17 22:28 . 2009-01-08 10:01 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-17 21:56 . 2008-12-17 21:56 30,946 --a------ c:\windows\System32\drivers\Partizan.sys
2008-12-17 21:56 . 2008-12-17 21:56 25,088 --a------ c:\windows\System32\Partizan.exe
2008-12-14 19:45 . 2008-12-14 20:01 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-12-13 22:35 . 2008-12-15 19:03 <DIR> d-------- c:\users\All Users\Roxio
2008-12-13 22:35 . 2008-12-15 19:03 <DIR> d-------- c:\programdata\Roxio
2008-12-13 22:34 . 2008-12-16 17:23 <DIR> d-------- c:\users\Jennifer\AppData\Roaming\Roxio
2008-12-13 22:01 . 2008-12-13 22:02 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2008-12-12 13:01 . 2008-12-12 13:01 <DIR> d-------- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2008-12-12 13:01 . 2008-12-12 13:01 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-12 13:01 . 2008-12-12 13:01 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-12 13:01 . 2008-12-12 13:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 13:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-12 13:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-09 11:20 . 2008-12-09 16:28 <DIR> d-------- c:\users\Jennifer\AppData\Roaming\AviDvdBurner
2008-12-08 23:59 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\System32\AudFile.dll
2008-12-08 23:59 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\System32\AudioInfos.dll
2008-12-08 23:59 . 2005-02-24 12:51 348,160 --a------ c:\windows\System32\WMAFile.dll
2008-12-08 23:59 . 2006-11-18 11:38 200,704 --a------ c:\windows\System32\vbalExpBar6.ocx
2008-12-08 23:59 . 2005-01-10 13:54 116,296 --a------ c:\windows\System32\NCTWMAProfiles.prx
2008-12-08 23:59 . 1998-07-13 17:53 44,544 --a------ c:\windows\System32\GIF89.DLL
2008-12-08 23:59 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\SSubTmr6.dll
2008-12-08 22:27 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-12-08 22:27 . 2005-02-28 13:16 240,128 --a------ c:\windows\System32\x.264.exe
2008-12-08 22:27 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-12-08 22:27 . 2004-01-25 00:00 70,656 --a------ c:\windows\System32\yv12vfw.dll
2008-12-08 22:27 . 2004-01-25 00:00 70,656 --a------ c:\windows\System32\i420vfw.dll
2008-12-08 22:27 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-12-08 22:27 . 2005-07-14 12:31 27,648 --a------ c:\windows\System32\AVSredirect.dll
2008-12-08 22:26 . 2008-12-08 22:26 <DIR> d-------- c:\program files\eRightSoft
2008-12-08 22:26 . 2005-02-12 17:00 186,880 -r-hs---- c:\windows\System32\RLOgg.ax
2008-12-08 22:26 . 2005-01-17 17:26 179,200 -r-hs---- c:\windows\System32\DiracSplitter.ax
2008-12-08 22:26 . 2006-08-16 08:53 175,104 -r-hs---- c:\windows\System32\CoreAAC.ax
2008-12-08 22:26 . 2005-02-05 17:00 92,672 -r-hs---- c:\windows\System32\RLVorbisDec.ax
2008-12-08 22:26 . 2005-02-22 10:55 81,920 -r-hs---- c:\windows\System32\aac_parser.ax
2008-12-08 22:26 . 2005-02-12 17:00 67,584 -r-hs---- c:\windows\System32\RLTheoraDec.ax
2008-12-08 22:26 . 2005-02-12 17:00 51,712 -r-hs---- c:\windows\System32\RLSpeexDec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 18:41 --------- d-----w c:\programdata\Viewpoint
2009-01-02 21:48 --------- d-----w c:\users\Jennifer\AppData\Roaming\FrostWire
2008-12-29 17:14 --------- d-----w c:\programdata\NVIDIA
2008-12-23 18:33 --------- d-----w c:\users\Jennifer\AppData\Roaming\uTorrent
2008-12-20 17:35 --------- d-----w c:\programdata\Spyware Terminator
2008-12-20 17:34 --------- d-----w c:\users\Jennifer\AppData\Roaming\Spyware Terminator
2008-12-20 07:45 --------- d-----w c:\program files\HP
2008-12-20 07:41 --------- d-----w c:\programdata\HP
2008-12-20 07:16 --------- d-----w c:\program files\Spyware Terminator
2008-12-20 06:38 --------- d---a-w c:\programdata\TEMP
2008-12-18 03:41 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-16 22:40 --------- d-----w c:\program files\DivX
2008-12-15 01:02 --------- d-----w c:\program files\Roxio
2008-12-15 00:52 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-15 00:52 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-12 21:26 --------- d-----w c:\program files\Java
2008-12-09 17:48 --------- d-----w c:\program files\RegCure
2008-11-25 00:27 --------- d-----w c:\users\Jennifer\AppData\Roaming\App Launcher Gadget
2008-11-24 19:54 --------- d-----w c:\programdata\avg8
2008-11-22 03:17 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-19 01:46 --------- d-----w c:\program files\Advanced Spyware Remover
2008-11-18 04:55 --------- d-----w c:\program files\Trend Micro
2008-11-16 19:42 --------- d-----w c:\users\Jennifer\AppData\Roaming\U3
2008-11-16 02:44 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-16 02:44 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys
2008-11-16 02:44 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-11-16 02:43 --------- d-----w c:\program files\AVG
2008-11-16 01:01 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-15 19:35 --------- d-----w c:\program files\FrostWire
2008-11-15 19:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 21:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 21:12 --------- d-----w c:\program files\Serif
2008-11-10 10:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-03 05:32 724,992 ----a-w c:\windows\iun6002.exe
2008-08-29 17:33 47,360 ----a-w c:\users\Jennifer\AppData\Roaming\pcouffin.sys
2008-07-02 17:04 174 --sha-w c:\program files\desktop.ini
2007-09-05 09:52 476,752 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-09-05 09:52 476,752 ----a-w c:\programdata\pswi_preloaded.exe
2008-07-21 09:49 168 --sh--r c:\windows\System32\DEE8856056.sys
2008-07-21 09:49 5,018 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-15 1783808]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 10:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7363932D-9202-413D-9C62-BEAA3D7D3B3E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{088FADAB-A564-43D2-8A74-7D715182C659}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97216739-CC2B-4D26-B138-0E1E3FC68355}"= UDP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{94006A0A-5DE5-46E1-8CEB-BC99F853A35E}"= TCP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{808F4B56-9285-4394-B34C-6F115E757E83}"= UDP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{026ED870-B1D7-441E-B6A0-2472B900C617}"= TCP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{4821D79F-52A3-442B-9C47-6957C70510DE}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL
"{C8949732-4A6C-435D-9A9F-A6F151D9A25C}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL
"{ECE8BBFE-0066-4801-92E8-0858A9421EA1}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{FC581E53-2EE5-4E64-80D9-9289A266B86A}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{066587AD-58B6-4A83-BB37-483380C1379C}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{15619F1D-E646-4000-B8EC-899B250DBA20}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"TCP Query User{562674CC-DE7B-42BB-8524-59F1340F4142}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{10A792E6-15A5-4B33-ADF0-33A13EE95DCD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BF3CAFC7-DB97-4D29-9BB9-10D7F86E587F}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{9702843F-D890-4A5E-92E2-8B66AED93B14}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{D61F5E30-0F44-4723-ACF8-19423F0CB1D2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A2A5D206-78D2-40D7-985C-3446A51667CB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{4982591D-4AF0-4D4D-B001-88FF026CFACE}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{493AF747-84E6-4AD4-B0E7-3DB838BC0F8D}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{CC33E543-43BA-4889-BADC-96B0B909230E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{26E0974F-B888-4EB5-9324-523F2E245395}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{E128AAF2-C17B-4EC8-B0F6-946EF6050461}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{F68BA7EE-6F2A-4E14-AE06-5F3B35F45F2B}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{A570943C-6C7B-4246-B57D-3B4AF7153747}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{9739A281-5D94-49D1-8EEF-EC3C8EEDAE13}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{E5A1B727-1D01-4F52-83A8-72DA7E89C77E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0CD605F2-9D58-4052-AAF8-E4DC475D54DF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6EACC334-A68E-484D-A30E-B2556F2C8CB4}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{4DA2CC8D-D02D-48F7-9C02-50FEC1B8930C}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{08E8B9C1-4209-45ED-8870-BBE64E25E8EC}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{84B50661-18D4-4EA7-8F21-103627036011}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{A3F46323-D90F-40CE-88C2-311245A9C554}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4E1F0F99-CE18-42B8-B6AA-5AB74FB17ECA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4FA23331-E858-4BD5-8C2B-C1D65F74747C}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2035F4CB-C2D0-4CCA-B316-CC3931831B60}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{EAECA1AA-AC32-4D4F-904E-8921E3B15BD4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E0F12104-D5D2-4695-B747-95B38EAAA44C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{13A4D7E0-ACEF-4E44-9C46-550DC9000365}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{563B6F97-FC8A-4703-BA45-E88D933CFD15}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-15 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2008-11-15 141312]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-15 231704]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
S3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-11-15 69128]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-18 33752]
S3 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [2008-12-17 30946]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\System32\drivers\s125bus.sys [2007-04-24 83336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-15 875288]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-06-23 810320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f213baf-55aa-11dd-b641-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:20]

2009-01-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:20]

2009-01-08 c:\windows\Tasks\WebReg psc 1310 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 21:36]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=1607
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\0xhb1k9f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 15:19:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-08 15:24:06
ComboFix-quarantined-files.txt 2009-01-08 20:24:02

Pre-Run: 49,390,878,720 bytes free
Post-Run: 49,943,736,320 bytes free

311 --- E O F --- 2008-10-31 06:21:17





-------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2008-12-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jennifer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5753 bytes

#15 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:49 PM

Posted 13 January 2009 - 10:07 PM

not trying to be annoying. just checking to see if i was forgotten of. haha




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users