Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me guys :< HiJackThis log inside!


  • This topic is locked This topic is locked
26 replies to this topic

#1 TheTurk

TheTurk

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 28 December 2008 - 10:36 PM

I have always been careful with my computer with what to visit. But recently I went back home on vacation and well ... my little cousins managed to get a something on my computer(I think)....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:58 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/03/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/04/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/02/clip_image001.gif

--
End of file - 10275 bytes

Edited by TheTurk, 28 December 2008 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 30 December 2008 - 08:18 PM

DDS (Version 1.1.0) - NTFSx86
Run by TheTurk at 3:11:48.43 on Wed 12/31/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1364 [GMT 2:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TheTurk\My Documents\Downloads\Programs\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [BluetoothAuthenticationAgent] "c:\windows\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [IRW] "c:\windows\system32\IRW.exe"
mRun: [Apple_KbdMgr] "c:\program files\boot camp\KbdMgr.exe"
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DigidesignMMERefresh] "c:\program files\digidesign\drivers\MMERefresh.exe"
mRun: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "c:\program files\mediafour\macdrive 7\MacDriveD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {6020A403-DA44-430A-92F6-B7EBE5F05524} = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\theturk\applic~1\mozilla\firefox\profiles\kwe3ispx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\theturk\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\theturk\application data\mozilla\firefox\profiles\kwe3ispx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-11-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-4-18 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-2-8 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-2-8 99632]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-11-22 16400]
R2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys [2008-2-8 5504]
R2 MacDriveServiceD;MacDriveServiceD;"c:\program files\mediafour\macdrive 7\MacDriveServiceD.exe" [2007-4-18 143360]
R2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys [2008-2-8 6528]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\SpySweeper.exe" [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service;"c:\program files\webroot\webrootsecurity\WRConsumerService.exe" [2008-12-24 1086840]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2008-11-9 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2008-11-9 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2008-11-9 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2008-11-9 19968]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\drivers\digifw.sys [2008-11-22 167952]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\etisalat\esupport\bin\sprtsvc.exe /service /p etisalat []

=============== Created Last 30 ================

2008-12-31 03:05 <DIR> --d----- c:\docume~1\theturk\applic~1\Uniblue
2008-12-31 03:04 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2008-12-31 02:52 9,772 a------- c:\documents and settings\theturk\sdsd2.exe
2008-12-31 02:29 303 a------- c:\documents and settings\theturk\xsdsxd.exe
2008-12-31 00:14 9,772 a------- c:\documents and settings\theturk\sdsd.exe
2008-12-30 06:28 <DIR> --d----- c:\docume~1\theturk\applic~1\Malwarebytes
2008-12-30 06:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-30 06:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 06:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-30 06:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 05:46 102,400 a------- c:\documents and settings\theturk\sdsxxxd.exe
2008-12-29 05:30 <DIR> --d----- c:\program files\Trend Micro
2008-12-28 12:40 <DIR> --d----- c:\windows\system32\Adobe
2008-12-26 00:27 <DIR> --dshr-- C:\Recycle
2008-12-26 00:27 40,960 a------- c:\documents and settings\theturk\asdsds.exe
2008-12-25 07:18 96,399 a---h--- c:\windows\MEMORY.DMP
2008-12-24 10:31 1,553,272 a------- c:\windows\WRSetup.dll
2008-12-24 10:31 <DIR> --d----- c:\program files\Webroot
2008-12-24 10:31 <DIR> --d----- c:\docume~1\theturk\applic~1\Webroot
2008-12-24 10:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2008-12-20 10:27 36,864 a------- c:\documents and settings\theturk\update.exe
2008-12-20 06:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-20 06:07 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2008-12-20 06:02 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-20 06:02 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 06:02 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-20 06:02 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-20 06:02 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-20 06:02 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-20 06:02 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 06:02 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-20 06:02 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-20 05:56 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-20 05:53 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-20 05:37 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-18 22:46 <DIR> --d----- c:\program files\XoftSpySE
2008-12-18 22:24 60,972 a------- c:\documents and settings\theturk\ssjkjdkfd.exe
2008-12-17 13:11 36,864 a------- c:\documents and settings\theturk\dsdsd.exe
2008-12-16 15:52 36,864 a------- C:\update.exe
2008-12-15 20:45 <DIR> --dshr-- C:\SYSTEM
2008-12-15 20:44 36,864 a------- c:\documents and settings\theturk\asdas.exe
2008-12-14 19:37 <DIR> --dshr-- C:\CONFIG
2008-12-12 08:53 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-07 21:39 <DIR> --d----- c:\program files\TVAnts
2008-12-07 05:24 <DIR> --d----- c:\program files\SopCast
2008-12-05 15:38 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-05 15:37 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-05 15:37 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-05 15:37 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-05 15:37 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-05 15:35 <DIR> --d----- c:\windows\system32\xlive
2008-12-05 15:34 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-05 15:02 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-05 15:01 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-05 14:55 <DIR> --d----- c:\program files\Rockstar Games
2008-12-01 18:16 <DIR> --d----- c:\program files\Steinberg
2008-12-01 18:16 <DIR> --d----- c:\program files\Antares Audio Technologies
2008-12-01 18:16 1,777,664 a------- c:\windows\system32\gdiplus.dll

==================== Find3M ====================

2008-12-24 10:04 164 a------- C:\install.dat
2008-12-10 04:06 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-10 04:06 183,112 a------- c:\windows\system32\PnkBstrB.exe
2008-12-06 00:51 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-14 18:45 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-11-12 16:02 170,608 a------- c:\windows\system32\drivers\ssidrv.sys
2008-11-12 16:02 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 16:02 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2008-11-10 09:17 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-10 03:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-09 21:44 971,232 a------- c:\windows\system32\drivers\tdrpm147.sys
2008-11-09 21:44 540,000 a------- c:\windows\system32\drivers\timntr.sys
2008-11-09 21:44 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2008-11-09 15:23 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-09 15:22 315,392 a------- c:\windows\HideWin.exe
2008-11-09 14:55 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-28 15:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 15:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 14:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 22:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 12:02 247,326 a------- c:\windows\system32\strmdll.dll

============= FINISH: 3:12:12.71 ===============




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:07 AM, on 12/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/03/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/04/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/02/clip_image001.gif

--
End of file - 10632 bytes






It keeps giving me SDSD.exe errors and SDSD2.exe errors (the send / don't send errors) and Webroot Antivirus keeps detecting them both but does nothing as they re-appaer even after delete


-WEBROOT SNAP-


Posted Image




PS : I think I got infected when I plugged in my mother's flash memory that webroot instantly warned me of and that I directly removed but I think the damage was done.

Edited by Orange Blossom, 30 December 2008 - 09:55 PM.
Merged topics and put 2nd topic title into subtitle. ~ OB


#3 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 December 2008 - 05:16 AM

still need help guys please...

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 31 December 2008 - 11:09 AM

Hi TheTurk,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#5 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 01 January 2009 - 11:34 AM

I haven't done anything honestly - webroot has been quarantining whenever I go online - the error reports started as SEND/DONT SEND SDSD.exe then SDSD2.exe now it's like SDS1D21.exe - as for the performance it's pretty good. I own a MacBook Pro with Bootcamp running Windows XP SP3. It's just that the errors are really annoying and the internet may be a bit slower.


info.txt logfile of random's system information tool 1.05 2009-01-01 18:31:05

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3RVX 2.0-->"C:\Program Files\3RVX\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Boot Camp Services-->MsiExec.exe /I{F0E45628-1218-4865-A516-8E8A54272ADC}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Digidesign Free Bomb Factory Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign HFS+ Disk Support-->MsiExec.exe /X{8306763F-A7FC-41D1-8ACF-DB6FA8020FD2}
Digidesign Pro Tools LE 7.4-->C:\Program Files\InstallShield Installation Information\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}\setup.exe -runfromtemp -l0x0009 -removeonly
Digidesign Shared Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Etisalat eSupport 1.0-->"C:\Program Files\Etisalat\eSupport\unins000.exe"
Etisalat USB Modem E220-->C:\Program Files\Etisalat USB Modem E220\uninst.exe
Everything 1.1.4.301-->C:\Program Files\Everything\Uninstall.exe
Free eXPert PDF Reader-->MsiExec.exe /X{4E5E800B-9244-4C1D-BCF3-6AB0D8646CC6}
Gmail Backup-->"C:\Program Files\GmailBackup\uninstall.exe"
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotspot Shield 1.10-->C:\Program Files\Hotspot Shield\Uninstall.exe
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KeePass Password Safe 1.14-->"C:\Program Files\KeePass Password Safe\unins000.exe"
K-Lite Codec Pack 4.2.5 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn to Speak French Deluxe 9-->MsiExec.exe /I{B7603DF7-DFD6-4ECD-8AF8-1182EE4BFF9F}
LimeWire PRO 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Webroot AntiVirus with AntiSpyware-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe"
Windows Driver Package - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_2AFDFA020DECCE87129AB18179F97C964445FAAC\applebt.inf
Windows Driver Package - Apple Inc. (applebt) Bluetooth (11/13/2007 2.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_EAE12B83F33370F470F67FD50ED8A3A09E778B6F\applebt.inf
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\appleusbet_6A3275723D7938B8CA3EC650DBC99B1E2C65F44B\appleusbethernet.inf
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bthkicker_22481FFE232728F300C3EA4B9D04741F71A78A6F\bthkicker.inf
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\isight_9400F3F80DDA0C20D44CA2C11A0AC807680CB60D\isight.inf
Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aaplmonf_23258C7C7282A187EB6F2A77C18E3B3BC852D04D\aaplmonf.inf
Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\irfilter_1B7BB89AE411085A6AC127DCBF8C41E26A8A8592\irfilter.inf
Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_F53EB2D12E895A98319E03CE13FACAF273CBB244\keymagic.inf
Windows Driver Package - Apple Inc. Apple Keyboard (12/18/2007 2.0.2.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_C78DBFD5C75B3B93BA8D942DB3A045F380BF1A76\keymagic.inf
Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applemtp_4188EB303A0EA85801A31C467889AB494D52DC02\applemtp.inf
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applemtm_98FB1BE77D11DFBAE6446CA90678465D448641CD\applemtm.inf
Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltp_F3D6F04C49D41FFDCE8B7B563B57B110E62F08F8\aapltp.inf
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltctp_932475B6A0E9A94773F9F9662D557609CB32FF4E\aapltctp.inf
Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applenull_8D831C2CF232C6113BF35CA6DFA60199CB2CC70B\applenull.inf
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5416_011416A5D099921307D4CC88E2E5BD075CE39446\net5416.inf
Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bcmwl5_F9FBC28EF04BA05355D6105BDFE0197A3790DAA4\bcmwl5.inf
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1000325_4D2F92D840FE9D1A0C33FEC20BFC7747BB0608EA\e1000325.inf
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1e5132_A95FC331A737294D9476DAB83E0F4371146BDFDE\e1e5132.inf
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\qd25232_E8704349DFE568F4F507D2E3303A72E4230BFE7B\qd25232.inf
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\yk51x86_98FE2F08F37A78F4FF0C10AACFE1E827854D61AE\yk51x86.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Webroot AntiVirus with AntiSpyware
FW: Webroot Internet Security Essentials (disabled)

System event log

Computer Name: TURK
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{6020A403-DA44-430A-92F6-B7EBE5F05524} because a master browser was stopped.

Record Number: 3646
Source Name: BROWSER
Time Written: 20081201105214.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 4202
Message: The system detected that network adapter Broadcom...Adapter - Packet Scheduler Miniport was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 3645
Source Name: Tcpip
Time Written: 20081201105214.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 4201
Message: The system detected that network adapter Broadcom...Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3644
Source Name: Tcpip
Time Written: 20081201094352.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3643
Source Name: Service Control Manager
Time Written: 20081201094345.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Record Number: 3642
Source Name: BTHUSB
Time Written: 20081201094344.000000+120
Event Type: warning
User:

Application event log

Computer Name: TURK
Event Code: 1000
Message: Faulting application kbdmgr.exe, version 2.0.2.44, faulting module unknown, version 0.0.0.0, fault address 0x009b0280.

Record Number: 5
Source Name: Application Error
Time Written: 20081218224350.000000+120
Event Type: error
User:

Computer Name: TURK
Event Code: 0
Message:
Record Number: 4
Source Name: WebrootSpySweeperService
Time Written: 20081218224343.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20081218224343.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 1
Message: Service started

Record Number: 2
Source Name: sprtsvc_etisalat
Time Written: 20081218224341.000000+120
Event Type: information
User:

Computer Name: TURK
Event Code: 1
Message:
Record Number: 1
Source Name: Bonjour Service
Time Written: 20081218224338.000000+120
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------





Logfile of random's system information tool 1.05 (written by random/random)
Run by TheTurk at 2009-01-01 18:31:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (26%) free of 48 GB
Total RAM: 2028 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:04 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TheTurk\My Documents\Downloads\Compressed\PhotoshopCS4Portable\PhotoshopPortable.exe
C:\Documents and Settings\TheTurk\My Documents\Downloads\Compressed\PhotoshopCS4Portable\App\Photoshop\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\TheTurk\My Documents\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TheTurk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/03/clip_image001.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/04/clip_image001.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/TheTurk/LOCALS~1/Temp/msohtmlclip1/02/clip_image001.gif

--
End of file - 10864 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-07-29 148912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-02 204248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-08 8527872]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-04-15 1626112]
"IRW"=C:\WINDOWS\system32\IRW.exe [2008-02-08 147456]
"Apple_KbdMgr"=C:\Program Files\Boot Camp\KbdMgr.exe [2008-02-08 423216]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-08 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-15 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-04-15 69632]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"=C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe [2007-04-18 159744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]
"Everything"=C:\Program Files\Everything\Everything.exe [2008-09-29 459776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-11-09 2610608]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etisalat]
C:\Program Files\Etisalat\eSupport\bin\sprtcmd.exe [2008-06-04 200384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe [2008-11-09 2610608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_etisalat"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Protocol"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\TheTurk\asdsds.exe"="C:\Documents and Settings\TheTurk\asdsds.exe:*:Enabled:Windows Messanger"
"C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe"="C:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\AutoRun\command - N:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a89f36-ae98-11dd-977f-001ec28e06a3}]
shell\AutoRun\command - N:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd17e78-b59a-11dd-978e-001f5bea459f}]
shell\AutoRun\command - R:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a3be86-ca05-11dd-97ae-001f5bea459f}]
shell\AutoRun\command - F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe


======List of files/folders created in the last 1 months======

2009-01-01 18:31:00 ----D---- C:\rsit
2009-01-01 18:23:31 ----D---- C:\Program Files\Common Files\Adobe
2009-01-01 18:23:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-01 18:23:19 ----D---- C:\Documents and Settings\TheTurk\Application Data\Adobe
2008-12-31 12:06:00 ----D---- C:\Program Files\Western Digital
2008-12-31 12:05:26 ----D---- C:\Program Files\Western Digital Technologies
2008-12-31 11:58:18 ----D---- C:\Program Files\Everything
2008-12-31 11:47:18 ----D---- C:\Program Files\3RVX
2008-12-31 03:05:51 ----D---- C:\Documents and Settings\TheTurk\Application Data\Uniblue
2008-12-31 03:04:47 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0
2008-12-30 06:28:29 ----D---- C:\Documents and Settings\TheTurk\Application Data\Malwarebytes
2008-12-30 06:28:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-30 06:28:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 05:30:49 ----D---- C:\Program Files\Trend Micro
2008-12-28 12:40:17 ----D---- C:\WINDOWS\system32\Adobe
2008-12-26 00:27:21 ----RSHD---- C:\Recycle
2008-12-24 22:10:19 ----D---- C:\Documents and Settings\TheTurk\Application Data\Nero
2008-12-24 10:31:47 ----D---- C:\Program Files\Webroot
2008-12-24 10:31:47 ----D---- C:\Documents and Settings\TheTurk\Application Data\Webroot
2008-12-24 10:31:47 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-12-24 10:31:47 ----A---- C:\WINDOWS\WRSetup.dll
2008-12-20 06:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-20 06:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 06:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 06:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-20 06:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 06:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-20 06:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 06:07:37 ----D---- C:\WINDOWS\ie7updates
2008-12-20 06:07:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-20 06:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-20 05:37:51 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-18 22:46:42 ----D---- C:\Program Files\XoftSpySE
2008-12-18 22:43:09 ----D---- C:\WINDOWS\Minidump
2008-12-16 15:52:45 ----A---- C:\update.exe
2008-12-15 20:45:03 ----RSHD---- C:\SYSTEM
2008-12-14 19:37:53 ----RSHD---- C:\CONFIG
2008-12-07 21:39:47 ----D---- C:\Program Files\TVAnts
2008-12-07 05:24:39 ----D---- C:\Program Files\SopCast
2008-12-05 16:18:34 ----RHD---- C:\Documents and Settings\TheTurk\Application Data\SecuROM
2008-12-05 15:38:38 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-05 15:37:55 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-05 15:37:55 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-05 15:37:54 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-05 15:37:53 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-05 15:35:05 ----D---- C:\WINDOWS\system32\xlive
2008-12-05 15:34:59 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-05 15:02:21 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-05 15:01:38 ----D---- C:\Program Files\Reference Assemblies
2008-12-05 15:01:11 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-05 14:55:34 ----D---- C:\Program Files\Rockstar Games
2008-12-04 16:09:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 16:09:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 16:09:45 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-01-01 18:31:00 ----D---- C:\WINDOWS\Temp
2009-01-01 18:30:56 ----D---- C:\WINDOWS\Prefetch
2009-01-01 18:30:02 ----D---- C:\Documents and Settings\TheTurk\Application Data\DMCache
2009-01-01 18:27:07 ----D---- C:\Program Files\Mozilla Firefox
2009-01-01 18:23:31 ----D---- C:\Program Files\Common Files
2008-12-31 12:47:07 ----D---- C:\Documents and Settings\TheTurk\Application Data\LimeWire
2008-12-31 12:06:00 ----RD---- C:\Program Files
2008-12-31 12:05:51 ----SHD---- C:\WINDOWS\Installer
2008-12-31 12:05:27 ----SD---- C:\Documents and Settings\TheTurk\Application Data\Microsoft
2008-12-30 06:28:28 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 00:14:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 00:14:32 ----HD---- C:\WINDOWS\inf
2008-12-28 12:40:17 ----D---- C:\WINDOWS\system32
2008-12-27 19:25:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 19:20:29 ----D---- C:\WINDOWS
2008-12-24 10:33:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 09:37:17 ----D---- C:\Documents and Settings
2008-12-22 03:42:41 ----D---- C:\Program Files\Steam
2008-12-22 03:40:53 ----SD---- C:\WINDOWS\Tasks
2008-12-20 08:28:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-20 06:38:18 ----RSD---- C:\WINDOWS\assembly
2008-12-20 06:37:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-20 06:15:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-20 06:14:24 ----D---- C:\Program Files\Internet Explorer
2008-12-20 06:12:42 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-20 06:11:04 ----A---- C:\WINDOWS\imsins.BAK
2008-12-20 06:10:50 ----D---- C:\WINDOWS\system32\en-US
2008-12-20 06:10:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 06:10:07 ----D---- C:\WINDOWS\WinSxS
2008-12-20 05:44:59 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-20 05:43:54 ----D---- C:\Documents and Settings\TheTurk\Application Data\SystemRequirementsLab
2008-12-20 05:38:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-20 05:37:55 ----D---- C:\WINDOWS\Help
2008-12-20 05:37:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 02:45:46 ----SH---- C:\boot.ini
2008-12-19 02:45:46 ----A---- C:\WINDOWS\win.ini
2008-12-19 02:45:46 ----A---- C:\WINDOWS\system.ini
2008-12-17 13:37:42 ----D---- C:\Documents and Settings\TheTurk\Application Data\Skype
2008-12-17 13:37:33 ----D---- C:\Documents and Settings\TheTurk\Application Data\skypePM
2008-12-13 08:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 04:06:48 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 01:41:25 ----D---- C:\Documents and Settings\TheTurk\Application Data\uTorrent
2008-12-06 21:05:38 ----D---- C:\WINDOWS\system32\DirectX
2008-12-06 00:51:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-05 15:35:05 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-05 15:06:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 15:04:54 ----D---- C:\Program Files\MSBuild
2008-12-05 15:02:16 ----RSD---- C:\WINDOWS\Fonts
2008-12-05 15:01:18 ----D---- C:\WINDOWS\system32\spool
2008-12-05 01:50:53 ----D---- C:\Program Files\UnHackMe
2008-12-04 16:09:42 ----D---- C:\Program Files\Java
2008-12-04 11:47:08 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-04 10:20:24 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-03 23:42:28 ----D---- C:\Program Files\Hotspot Shield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 DigiNet;Digidesign Ethernet Support; C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-30 16400]
R2 KeyAgent;KeyAgent; \??\C:\WINDOWS\system32\drivers\KeyAgent.sys []
R2 MacHALDriver;Mac HAL; \??\C:\WINDOWS\system32\drivers\MacHALDriver.sys []
R3 applemtm;Apple Multitouch Mouse; C:\WINDOWS\system32\DRIVERS\applemtm.sys [2008-02-08 10496]
R3 applemtp;Apple Multitouch; C:\WINDOWS\system32\DRIVERS\applemtp.sys [2008-02-08 15616]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-05-16 1294200]
R3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-15 4625408]
R3 IRRemoteFlt;IR Receiver Filter Driver; C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2008-02-08 16512]
R3 KeyMagic;USB Keyboard HID Filter; C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2008-04-15 19968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-15 7438144]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 az7d4gbb;az7d4gbb; C:\WINDOWS\system32\drivers\az7d4gbb.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM); C:\WINDOWS\system32\DRIVERS\digifw.sys [2007-10-30 167952]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AppleOSSMgr;Apple OS Switch Manager; C:\WINDOWS\system32\AppleOSSMgr.exe [2008-02-08 132400]
R2 AppleTimeSrv;Apple Time Service; C:\WINDOWS\system32\AppleTimeSrv.exe [2008-02-08 99632]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2007-10-30 77824]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-25 88024]
R2 MacDriveServiceD;MacDriveServiceD; C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe [2007-04-18 143360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-15 155716]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 digiSPTIService;digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-30 159744]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat); C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe [2008-06-04 200384]

-----------------EOF-----------------

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 01 January 2009 - 03:17 PM

I see from the log you are using a registry cleaner. It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.

You have have been infected with Brontok worm and a flash drive infectien. Your computer is infected with a flash drive infection. This type of infections get usually carried over through infected e-mails and removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet. When asked to connect please to it and leave it when running Combofix.
  • Please perform this:
    • Right click on desktop and select Properties. Alternatively go to start -> Control Panel -> Display.
    • Go to the Desktop tab.
    • click the "Customize Desktop" button.
    • Go to the Web tab in the new window that comes up.
    • Uncheck everything you find there.
    • Also delete everything you can delete there except for "Desktop" OR "My Current Home Page" (which you won't be able to delete anyway).
  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd17e78-b59a-11dd-978e-001f5bea459f}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a3be86-ca05-11dd-97ae-001f5bea459f}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.


  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • The Hijackthis log.
  • Any comment or feedback about how it went.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 01 January 2009 - 03:19 PM

Also please tell me if this is the only computer you have, or if you are connected to a (home) network because I see the following entry:

O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1

#8 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 01 January 2009 - 10:58 PM

Malwarebytes' Anti-Malware 1.31
Database version: 1571
Windows 5.1.2600 Service Pack 3

1/2/2009 2:27:16 AM
mbam-log-2009-01-02 (02-27-16).txt

Scan type: Quick Scan
Objects scanned: 59996
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




As for Flash-Disinfector - it told me to plugin everything and I did, 3 external hard-disks and the flash memory - it just blinked the screen and said done and gave me FINISH-OK .. just wana make sure if that's it or if there should be something more..


- just ran ComboFix... first time it gave me a bluescreen for no reason - it happened before like 1 or 2 times because of bootcamp windows on mac - dont think it has anything to do with it ... 2nd time around it worked and here's the log



ComboFix 08-12-31.01 - TheTurk 2009-01-02 5:24:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1713 [GMT 2:00]
Running from: c:\documents and settings\TheTurk\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\TheTurk\Application Data\EurekaLog
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
C:\update.exe

----- BITS: Possible infected sites -----

hxxp://esupport.contactcentre.ae
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-01 18:31 . 2009-01-01 18:31 <DIR> d-------- C:\rsit
2009-01-01 18:23 . 2009-01-01 18:23 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-01 18:23 . 2009-01-02 02:26 34,860 --a------ c:\documents and settings\TheTurk\sds2d21.exe
2008-12-31 16:11 . 2008-12-31 16:24 9,772 --a------ c:\documents and settings\TheTurk\sdsd21.exe
2008-12-31 12:06 . 2008-12-31 12:06 <DIR> d-------- c:\program files\Western Digital
2008-12-31 12:05 . 2008-12-31 12:05 <DIR> d-------- c:\program files\Western Digital Technologies
2008-12-31 11:58 . 2009-01-02 05:22 <DIR> d-------- c:\program files\Everything
2008-12-31 11:47 . 2008-12-31 11:47 <DIR> d-------- c:\program files\3RVX
2008-12-31 03:05 . 2008-12-31 03:05 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Uniblue
2008-12-31 02:52 . 2008-12-31 05:56 9,772 --a------ c:\documents and settings\TheTurk\sdsd2.exe
2008-12-31 02:29 . 2008-12-31 02:29 303 --a------ c:\documents and settings\TheTurk\xsdsxd.exe
2008-12-31 00:14 . 2008-12-31 02:27 9,772 --a------ c:\documents and settings\TheTurk\sdsd.exe
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 06:28 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 05:46 . 2008-12-30 05:47 102,400 --a------ c:\documents and settings\TheTurk\sdsxxxd.exe
2008-12-29 05:30 . 2008-12-29 05:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 12:40 . 2008-12-28 12:40 <DIR> d-------- c:\windows\system32\Adobe
2008-12-26 00:27 . 2008-12-26 00:27 <DIR> dr-hs---- C:\Recycle
2008-12-26 00:27 . 2008-12-26 02:09 40,960 --a------ c:\documents and settings\TheTurk\asdsds.exe
2008-12-24 22:10 . 2008-12-24 22:10 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Nero
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\program files\Webroot
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Webroot
2008-12-24 10:31 . 2008-12-24 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-24 10:31 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-12-20 10:27 . 2008-12-20 13:59 36,864 --a------ c:\documents and settings\TheTurk\update.exe
2008-12-20 06:07 . 2008-04-14 04:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-20 06:07 . 2008-12-20 06:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-20 06:02 . 2008-10-16 22:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-20 06:02 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 06:02 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-20 06:02 . 2008-10-16 22:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-20 06:02 . 2008-10-16 22:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 06:02 . 2008-10-16 22:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-20 06:02 . 2008-10-16 22:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-20 06:02 . 2008-10-16 22:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-20 06:02 . 2008-10-16 15:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-20 05:56 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-20 05:53 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-20 05:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-18 22:46 . 2008-12-22 03:40 <DIR> d-------- c:\program files\XoftSpySE
2008-12-18 22:24 . 2008-12-19 05:49 60,972 --a------ c:\documents and settings\TheTurk\ssjkjdkfd.exe
2008-12-17 13:11 . 2008-12-19 06:33 36,864 --a------ c:\documents and settings\TheTurk\dsdsd.exe
2008-12-15 20:45 . 2009-01-02 05:24 <DIR> dr-hs---- C:\SYSTEM
2008-12-15 20:44 . 2008-12-15 20:54 36,864 --a------ c:\documents and settings\TheTurk\asdas.exe
2008-12-14 19:37 . 2008-12-14 19:37 <DIR> dr-hs---- C:\CONFIG
2008-12-12 08:53 . 2008-12-27 18:53 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-07 21:39 . 2008-12-07 21:39 <DIR> d-------- c:\program files\TVAnts
2008-12-07 05:24 . 2008-12-07 05:25 <DIR> d-------- c:\program files\SopCast
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> dr-h----- c:\documents and settings\TheTurk\Application Data\SecuROM
2008-12-05 15:38 . 2008-12-05 15:38 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-05 15:37 . 2008-05-30 12:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-05 15:37 . 2008-05-30 12:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-05 15:37 . 2008-05-30 12:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-05 15:37 . 2008-05-30 12:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-05 15:35 . 2008-12-05 15:35 <DIR> d-------- c:\windows\system32\xlive
2008-12-05 15:34 . 2008-12-06 21:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-05 15:02 . 2008-12-20 06:08 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-05 15:01 . 2008-12-05 15:01 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-05 15:01 . 2006-06-29 11:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-05 14:55 . 2008-12-05 15:06 <DIR> d-------- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 03:21 --------- d-----w c:\documents and settings\TheTurk\Application Data\DMCache
2008-12-31 10:47 --------- d-----w c:\documents and settings\TheTurk\Application Data\LimeWire
2008-12-24 08:04 164 ----a-w C:\install.dat
2008-12-22 01:42 --------- d-----w c:\program files\Steam
2008-12-20 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 03:43 --------- d-----w c:\documents and settings\TheTurk\Application Data\SystemRequirementsLab
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\skypePM
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\Skype
2008-12-10 02:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 23:41 --------- d-----w c:\documents and settings\TheTurk\Application Data\uTorrent
2008-12-05 13:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 13:04 --------- d-----w c:\program files\MSBuild
2008-12-04 23:50 --------- d-----w c:\program files\UnHackMe
2008-12-04 14:09 --------- d-----w c:\program files\Java
2008-12-03 21:42 --------- d-----w c:\program files\Hotspot Shield
2008-12-01 16:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\Digidesign
2008-12-01 16:16 --------- d-----w c:\program files\Steinberg
2008-12-01 16:16 --------- d-----w c:\program files\Antares Audio Technologies
2008-12-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 23:53 --------- d-----w c:\program files\Online TV Player 4
2008-11-27 17:17 --------- d-----w c:\documents and settings\TheTurk\Application Data\Adobe-BackupByPhotoshopPortable
2008-11-27 17:16 --------- d-----w c:\program files\Common Files\SupportSoft
2008-11-27 17:15 --------- d-----w c:\program files\Etisalat
2008-11-27 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-11-26 15:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 23:51 --------- d-----w c:\documents and settings\TheTurk\Application Data\iShell
2008-11-25 23:50 --------- d-----w c:\program files\iTunes
2008-11-25 23:50 --------- d-----w c:\documents and settings\TheTurk\Application Data\Apple Computer
2008-11-25 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 23:49 --------- d-----w c:\program files\QuickTime
2008-11-25 23:49 --------- d-----w c:\program files\iPod
2008-11-25 23:49 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 23:49 --------- d-----w c:\program files\Bonjour
2008-11-25 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 21:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Red Alert 3
2008-11-24 18:19 --------- d-----w c:\program files\LimeWire
2008-11-24 08:19 --------- d-----w c:\program files\Broadcom
2008-11-23 19:48 --------- d-----w c:\program files\Google
2008-11-22 21:20 --------- d-----w c:\program files\Mediafour
2008-11-22 21:20 --------- d-----w c:\program files\Common Files\Mediafour
2008-11-22 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2008-11-22 21:19 --------- d-----w c:\program files\InterLok
2008-11-22 21:18 --------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\TheTurk\Application Data\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-22 21:17 --------- d-----w c:\program files\Digidesign
2008-11-22 21:15 --------- d-----w c:\program files\Common Files\Digidesign
2008-11-21 15:39 --------- d-----w c:\program files\GmailBackup
2008-11-20 18:34 --------- d-----w c:\documents and settings\TheTurk\Application Data\eXPert PDF Editor
2008-11-18 23:36 --------- d-----w c:\program files\Etisalat USB Modem E220
2008-11-18 22:43 --------- d-----w c:\program files\DAMN NFO Viewer
2008-11-18 14:05 --------- d-----w c:\documents and settings\TheTurk\Application Data\Leadertech
2008-11-18 13:49 --------- d-----w c:\program files\EA Games
2008-11-16 21:18 --------- d-----w c:\program files\Counter-Strike 1.6
2008-11-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-16 20:48 --------- d-----w c:\program files\DivX
2008-11-16 15:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Megaupload
2008-11-16 15:55 --------- d-----w c:\program files\Megaupload
2008-11-16 15:55 --------- d-----w c:\documents and settings\TheTurk\Application Data\vlc
2008-11-16 15:54 --------- d-----w c:\documents and settings\TheTurk\Application Data\InstallShield
2008-11-15 22:15 --------- d-----w c:\program files\HTTP-Tunnel
2008-11-15 13:19 --------- d-----w c:\program files\Unlocker
2008-11-14 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-14 16:56 --------- d-----w c:\program files\MagicISO
2008-11-14 16:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-14 16:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-14 16:45 --------- d-----w c:\documents and settings\TheTurk\Application Data\DAEMON Tools
2008-11-14 16:44 --------- d-----w c:\program files\Visagesoft
2008-11-14 15:54 --------- d-----w c:\program files\Skype
2008-11-14 15:54 --------- d-----w c:\program files\Common Files\Skype
2008-11-14 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 17:12 --------- d-----w c:\program files\Internet Download Manager
2008-11-12 19:15 --------- d-----w c:\program files\SoulseekNS
2008-11-12 19:12 --------- d-----w c:\program files\uTorrent
2008-11-12 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 14:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 14:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 14:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-11 20:10 --------- d-----w c:\program files\coolpro2
2008-11-11 20:07 --------- d-----w c:\documents and settings\TheTurk\Application Data\Syntrillium
2008-11-11 12:34 --------- d-----w c:\program files\Viewpoint
2008-11-11 12:28 --------- d-----w c:\documents and settings\TheTurk\Application Data\KeePass
2008-11-10 17:26 --------- d-----w c:\program files\Microsoft Works
2008-11-10 17:24 --------- d-----w c:\program files\Microsoft.NET
2008-11-10 13:33 --------- d-----w c:\documents and settings\TheTurk\Application Data\IDM
2008-11-10 06:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 06:16 --------- d-----w c:\program files\KeePass Password Safe
2008-11-10 06:13 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\program files\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\documents and settings\TheTurk\Application Data\GlobalSCAPE
2008-11-09 21:41 --------- d-----w c:\program files\Apple Software Update
2008-11-09 20:52 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-09 20:42 --------- d-----w c:\program files\VideoLAN
2008-11-09 20:31 --------- d-----w c:\documents and settings\TheTurk\Application Data\Thinstall
2008-11-09 20:05 --------- d-----w c:\program files\Kristanix
2008-11-09 20:01 --------- d-----w c:\program files\AIM
2008-11-09 20:01 --------- d-----w c:\documents and settings\TheTurk\Application Data\Aim
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-02 23:17 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 2610608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-08 8527872]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-04-15 1626112]
"IRW"="c:\windows\system32\IRW.exe" [2008-02-08 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-02-08 423216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-08 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-04-15 16855552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Everything"="c:\program files\Everything\Everything.exe" [2008-09-29 459776]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"MIDI2"= diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 13:35 67112 c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etisalat]
--a------ 2008-06-04 17:23 200384 c:\program files\Etisalat\eSupport\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-09 20:41 2610608 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 11:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 08:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_etisalat"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\TheTurk\\asdsds.exe"=
"c:\\Recycle\\X-5-4-27-2345678318-4567890223-4234567884-2341\\RisinG.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-11-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-04-18 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-02-08 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-02-08 99632]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-11-22 16400]
R2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys [2008-02-08 5504]
R2 MacDriveServiceD;MacDriveServiceD;"c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe" [2007-04-18 143360]
R2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys [2008-02-08 6528]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-12-24 1086840]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2008-11-09 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2008-11-09 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2008-11-09 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2008-11-09 19968]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\DRIVERS\digifw.sys [2008-11-22 167952]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\Etisalat\eSupport\bin\sprtsvc.exe /service /p etisalat []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - n:\wd_windows_tools\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644242}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C544541}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6020A403-DA44-430A-92F6-B7EBE5F05524} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\TheTurk\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 05:27:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*P*NULL*r*NULL*o*NULL*S*NULL*t*NULL*r*NULL*e*NULL*e*NULL*t*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,d0,02,00,00,01,00,00,00,05,00,00,00,8c,00,\
00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
00,48,00,00,00,6d,39,79,5c,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
42,00,03,00,04,00,ef,be,6d,39,79,5c,6e,39,1a,86,14,00,00,00,43,00,68,00,65,\
00,63,00,6b,00,20,00,66,00,6f,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,\
65,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,84,00,00,00,6d,39,79,5c,20,\
00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,4e,00,03,00,04,00,ef,be,6d,39,\
79,5c,6e,39,1a,86,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,\
00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,\
69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,02,00,00,00,8e,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,53,07,00,00,6d,39,79,\
5c,20,00,4e,45,45,44,46,4f,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,\
6d,39,79,5c,6e,39,1a,86,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,\
00,72,00,20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,50,00,72,00,6f,00,\
53,00,74,00,72,00,65,00,65,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,\
03,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,9e,\
03,00,00,6d,39,79,5c,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,\
03,00,04,00,ef,be,6d,39,79,5c,6e,39,1a,86,14,00,00,00,52,00,65,00,61,00,64,\
00,20,00,4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,00,00,00,04,00,00,00,7e,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,00,7d,04,00,00,6d,39,\
79,5c,20,00,54,45,43,48,4e,49,7e,31,2e,4c,4e,4b,00,00,42,00,03,00,04,00,ef,\
be,6d,39,79,5c,6e,39,1a,86,14,00,00,00,54,00,65,00,63,00,68,00,6e,00,69,00,\
63,00,61,00,6c,00,20,00,53,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-854245398-602609370-839522115-1003\Software\SecuROM\License information*NULL*]
@Security="Inherited"
"datasecu"=hex:92,7a,0f,a7,8f,dc,f7,3e,80,d6,5a,73,21,9a,74,f4,03,14,89,d0,22,\
b3,cb,71,96,24,3b,60,e8,da,5a,b4,d1,c1,b0,0d,b7,1d,b9,a1,19,e3,6e,6e,ed,a9,\
fb,dd,e5,3c,c7,72,1e,45,22,4e,14,62,4e,36,de,19,16,08,52,a8,dd,92,ff,bf,5c,\
25,db,8f,48,61,e4,55,02,79,52,76,a4,f3,46,82,50,1f,4e,99,4f,b1,fc,8b,0c,95,\
b7,07,2a,83,8b,f8,f9,c0,33,ea,33,21,22,51,f1,09,d8,5d,38,d3,db,f7,0a,13,b4,\
d5,b2,db,39,27,d5,f0,40,f0,3b,9e,cb,b1,35,da,1f,0f,fc,ec,68,f3,26,89,87,6c,\
c4,e6,82,8b,ab,52,9b,3b,c6,04,cc,a8,a1,d5,49,cf,d4,c1,2b,f9,a5,3b,0f,21,b8,\
c1,08,44,e4,25,cc,e9,e3,99,1f,89,ee,47,13,c8,9d,95,75,8f,b4,0e,3f,9f,4b,c9,\
33,15,cd,e4,2e,ce,60,44,14,eb,29,82,7c,90,78,95,2f,81,84,de,43,e4,1b,2d,1c,\
ab,df,53,ee,aa,13,c4,83,9b,55,7a,f4,7e,8d,4d,d3,ec,af,5d,27,bd,71,e3,fe,ff,\
85,6d,75,48,f1,19,8a,da,fb,21,4b,8a,0c,e3,34,92,53,f1,fd,73,56,f7,95,3b,c4,\
97,5e,ba,bf,98,86,58,20,c3,78,9c,27,44,09,4f,36,9d,dc,02,3e,9b,05,65,d7,49,\
87,5b,13,41,1d,8f,d2,06,8e,90,f8,da,4f,e1,09,27,e3,26,4c,eb,df,c1,28,d6,a0,\
c4,40,78,cc,8e,50,8c,13,29,fc,df,dd,da,ae,58,51,81,60,b0,b1,d9,28,3b,61,a8,\
31,ea,d0,be,97,63,d8,1d,24,99,56,ec,c6,3a,d1,67,c2,79,04,e6,59,ff,cd,56,07,\
48,41,b3,44,95,03,ee,7c,15,af,14,eb,92,6d,d4,8b,f1,b8,d9,56,ab,9e,06,36,17,\
57,e5,3b,f2,34,bd,6c,d2,09,61,e0,78,ed,ff,21,fc,4f,3a,cb,c4,a1,17,c4,e8,c5,\
96,5d,a9,02,23,74,c9,2a,da,51,8e,74,fa,5d,c9,d4,a6,0d,e4,27,b3,b2,2e,f5,fa,\
d4,86,17,77,ef,62,07,cb,5f,48,18,2f,9c,42,10,3c,25,1a,5a,41,01,36,73,0d,25,\
37,8e,20,ad,01,36,c2,68,46,70,e9,fa,61,7a,5c,a9,af,8f,d0,2b,c6,44,b5,5f,3c,\
22,06,56,14,9d,ca,8f,d6,cf,7a,88,10,1e,3a,39,d4,36,59,46,59,a6,36,8a,0c,b0,\
42,7b,68,2d,28,2d,e9,99,a8,df,36,66,23,41,1d,09,4b,d7,1c,37,66,6c,a3,a2,91,\
11,a7,c8,71,50,20,28,ce,09,50,31,22,d0,ef,02,e6,45,3e,dd,30,89,0f,31,d8,f0,\
ae,72,1b,cb,bd,90,97,5a,d3,ad,e9,bd,93,b2,83,4d,47,c8,9a,5f,8f,3b,54,6b,da,\
18,94,00,ed,cc,39,23,74,9e,af,da,75,4b,2c,84,b6,3d,08,b5,e7,8d,db,7f,5d,76,\
c7,da,16,9f,5d,08,8e,db,19,04,21,ac,d9,0e,bb,53,87,e7,58,84,d7,16,64,3f,40,\
1e,ec,d5,fa,a2,e8,6a,fc,9e,25,5f,8d,ee,5e,c7,63,0f,34,dd,1e,41,69,f4,86,ee,\
37,b4,ec,e5,39,b4,26,34,dd,af,bf,a0,5f,4b,39,cc,da,a3,f4,cf,8f,41,df,e0,a0,\
25,22,f6,bc,cd,f1,74,33,bc,ab,35,44,22,e9,82,75,f5,f7,7b,14,35,ab,8e,06,e6,\
3a,5c,a2,a9,be,32,12,02,8c,e9,48,02,be,15,27,22,e7,8f,35,11,5e,59,49,41,2d,\
62,2c,04,b4,0d,f4,ed,9f,87,4b,78,8e,ec,d3,ad,32,ce,21,b8,4a,37,45,1f,4c,36,\
3a,95,62,63,d7,57,9a,78,f3,a5,42,28,ee,d4,b0,56,d4,f4,2f,11,94,06,e9,14,cd,\
05,f0,1c,96,32,47,8e,7a,a7,51,c8,c9,b6,a5,0a,91,2a,3f,c8,36,50,19,fd,44,42,\
ae,e0,8b,77,ac,ff,43,3c,58,ab,b3,b6,8a,92,0a,1f,ab,63,ad,43,eb,b9,10,5d,b6,\
da,a1,80,95,ec,db,19,4a,d5,28,bf,16,45,b2,ce,e6,2b,02,b3,f0,e0,0c,ec,e8,bb,\
70,13,8d,06,1e,ed,6b,05,36,4e,15,c8,a2,5c,26,42,c5,f9,e3,99,ee,6b,f8,ee,c1,\
13,cc,ea,0e,3d,ca,51,ef,db,a0,33,72,4e,9f,c4,b0,64,2d,b2,67,3d,04,de,50,dc,\
a0,6e,5c,b0,18,db,41,cf,f4,33,30,74,9d,70,e9,eb,fe,96,03,63,7c,80,b1,71,ec,\
1b,e7,a9,73,2c,2b,cd,44,bb,12,ec,16,d6,1f,5c,d4,f7,75,d9,a1,7c,2b,1f,7a,77,\
5f,c3,70,84,ed,e9,56,88,c7,23,82,82,de,57,0c,c8,dd,09,d7,17,54,c9,c5,4a,08,\
80,db,37,6b,cb,87,94,fb,6b,34,14,11,8a,e5,0b,99,f0,33,5b,e2,20,58,1d,ed,6d,\
ba,ac,78,9f,c7,1d,54,f4,bf,f3,f5,13,d8,5d,e9,11,c9,de,bd,35,05,d5,8a,4f,5c,\
83,3b,1b,29,d2,40,62,77,77,8c,75,36,92,20,39,0d,bc,7b,f7,5f,d5,0e,31,4a,47,\
85,eb,02,5b,ea,d7,a6,41,68,05,3d,4b,ec,78,58,95,ef,1b,f9,9c,f3,c0,ba,6a,9c,\
97,c7,68,e7,05,5c,db,23,a2,9a,7a,8f,6f,6d,2e,09,6c,92,f3,ce,bb,cf,36,0b,31,\
8e,92,5d,87,a1,ff,68,e0,65,ec,07,f3,1f,63,dd,de,e9,fb,40,84,8d,01,92,13,d4,\
60,a0,32,51,9e,04,15,db,66,71,d7,45,50,5a,58,bf,5a,fc,63,78,8a,f8,92,13,39,\
f5,a0,60,08,91,3c,81,d8,a3,95,17,50,80,06,9f,de,f7,40,42,42,04,7d,3c,f9,13,\
71,e0,27,f0,f8,a3,9c,3c,39,65,c3,1a,14,3d,2f,95,b0,0c,4d,17,a5,a5,3d,ca,d4,\
61,63,02,3f,df,7e,2f,fc,94,89,7b,29,3a,4c,f3,91,f6,4c,0e,c5,21,b2,b7,d9,b1,\
8d,3c,55,43,fc,74,fa,99,01,34,45,b7,20,7d,44,ba,91,0a,4e,c6,9c,6b,df,1e,e0,\
a5,dc,04,4f,b8,3c,09,5b,da,ec,62,dd,f5,44,61,cd,0a,79,75,9e,60,9a,2f,c8,a5,\
9a,1b,f3,2d,d5,d5,9c,cc,bc,97,6d,5f,47,64,43,bd,94,c5,0b,fd,da,69,66,34,48,\
8a,39,89,f7,53,4b,c4,12,56,75,46,a9,db,81,30,d2,f0,28,c5,c7,96,bf,25,d4,7f,\
89,b9,9c,d7,7b,3d,1c,a6,00,7a,0c,02,1d,bf,9c,58,0f,99,60,e0,8c,68,df,c2,fa,\
d2,90,89,8b,e6,26,14,38,4d,d8,59,ca,ad,3f,7b,71,cb,b8,f0,91,ca,f5,b1,91,57,\
8f,d4,35,14,d1,d2,f7,1f,e9,69,d0,fa,40,b7,c7,72,02,71,16,bc,4b,b4,c7,0e,98,\
1c,72,4b,af,9a,ad,86,85,96,3d,cb,da,68,3e,f2,3a,af,47,f7,25,20,e5,28,a1,99,\
26,00,e8,a1,85,27,6c,a9,5f,4c,c7,bf,f3,d9,66,1c,ba,0a,df,e5,34,19,81,e7,77,\
ce,89,61,02,65,e7,90,ff,eb,1e,2b,5c,3f,c1,7b,25,b4,b1,63,c1,1d,4c,61,96,51,\
0d,a2,8e,2e,60,8d,56,6b,c5,0d,e6,da,a6,99,3a,41,c4,3f,0a,2b,a3,fc,80,19,b3,\
44,7d,65,4c,2f,9e,bb,e4,fe,78,05,69,97,8c,9b,c2,74,c9,50,b3,2e,8f,ab,a4,d3,\
e0,bb,1b,fe,bc,0c,3a,c5,a2,82,bc,81,8f,43,17,7a,3b,88,8d,e1,4a,e1,99,0d,71,\
56,ef,73,ca,43,e5,78,e2,61,aa,50,d0,cd,0b,b8,79,4d,cc,fe,63,03,c1,5e,04,4a,\
13,8d,4c,56,39,14,11,76,bf,b7,55,bf,ac,12,33,d0,10,82,fc,db,65,c7,9c,58,92,\
83,a5,7f,57,38,ee,71,98,f2,84,c7,d2,9d,0d,c1,80,b7,0a,5f,f8,c9,1e,b7,bb,45,\
15,4a,18,be,5c,bb,59,3d,0c,9c,cd,0b,96,cb,58,f6,da,ef,5e,65,e5,5e,a7,53,67,\
65,5f,38,b5,e0,52,cf,db,e1,b2,4f,f6,11,51,7f,07,7a,bc,73,84,cf,c1,c0,bc,34,\
a9,52,2c,b4,1c,7d,2e,d0,bf,34,17,79,e6,c9,71,0d,1d,43
"rkeysecu"=hex:a1,8c,c1,b4,d8,62,12,88,43,ab,d7,9c,24,f4,78,82

[HKEY_LOCAL_MACHINE\software\Digidesign]
@Owner=S-1-5-21-854245398-602609370-839522115-1003
@Denied: (A C D) (S-1-5-21-854245398-602609370-839522115-1005)
@Allowed: (Full) (S-1-5-21-854245398-602609370-839522115-1005)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2009-01-02 5:32:14 - machine was rebooted [TheTurk]
ComboFix-quarantined-files.txt 2009-01-02 03:32:06

Pre-Run: 13,280,673,792 bytes free
Post-Run: 13,553,221,632 bytes free

457



NEW HiJACK THIS LOG----


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:14 AM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9406 bytes



and yes there is another computer on the network plugged to my Netgear router but ever since I began my fixing i made sure to disconnect it and unshare everything on my computer just to be sure.


As for the computer - I just connected to the internet and stayed on for some 15minutes just to see if I get the errors and I didn't so far which is an improvement because I used to get it the second i connected to the internet and didn't get it when I wasn't connected to the internet..

also, 1 question, which anti-virus-spyware-malware combo do you recommend? I just run Webroot AntiVirus & AntiSpyware ... is that good enough or do you recommend another program like Kaspersky or whatever.... and any other thing we need to do to clean my computer??


PS : I greatly appreciate all the help you are giving me !

Edited by TheTurk, 01 January 2009 - 11:01 PM.


#9 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 02 January 2009 - 04:11 AM

hmmm ... just now webroot has once again quarantined brontok in MyVideos/MyMusic/SharedDocuments...etc

weird ... I stopped getting the send/dont send errors though.... I guess I still have it somewhere .. what now ?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 02 January 2009 - 05:46 AM

Please read the instruction carefully and carry them out to avoid unneeded problems and complications.

Lets concentrate on finishing the job first. Then I'll answer you questions.

Malwarebytes' Anti-Malware 1.31
Database version: 1571


You forgot to update MBAM before running it.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


You didn't follow the instruction to install Recovery Console. For this reason we can't proceed with Combofix to the next step to remove the remaining infection.

and yes there is another computer on the network plugged to my Netgear router but ever since I began my fixing i made sure to disconnect it and unshare everything on my computer just to be sure.


hmmm ... just now webroot has once again quarantined brontok in MyVideos/MyMusic/SharedDocuments...etc

  • Since you have a router you don't need to set up a home network. The router does the job and provide you connection. But having a shared documents folder make both the computers vulnerable. There are viruses that use shared documents to spread. I suggest you disable shared folders. to do that:

    http://www.softwaretipsandtricks.com/windo...rom-My-Computer

    Also empty the content of Shred Documents.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6020A403-DA44-430A-92F6-B7EBE5F05524}: NameServer = 192.168.0.1


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    Note: The startup entry pointing at ALCMTR.EXE is an "Sypware" entry related to Realtek used silently to monitor one's actions. It is not a sinister one and you can remove the start up entry without affecting the function of Realtek software. We have just removed the start up entry but not the file itself. Notice that you should not remove the file itself because it is needed for the subsequent updating of the software.

  • Delete your copy of Combofix from your desktop. Download the latest copy, run it and follow the instruction to install the recovery console. Let it scan the computer once more and post the log. We will remove the rest of infection in the next post after making sure the Recovery console is installed.

  • Please copy and paste a fresh Hijackthis log to your reply.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 02 January 2009 - 06:39 AM

Just a reminder that the other computer is possibly infected. The infection might be now in the Shared Documents of the other computer. While the other computer is disconnected disable its Shared Documents and remove all the files inside it. This is the only way to delete the infection because you antivirus can't delete the file that is on another computer and gets to this computer from the Shared folders.

#12 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 02 January 2009 - 08:46 PM

Helo Farbar - Yesterday when I came home my aDSL connection was expired and I had to do all those scans while no connection was present as I downloaded the programs from a nearby coffeeshop's WIFI so no update was made and I took the risk of no recovery console. Sorry for the problems my decision caused.

New MBAM logs with latest update..

Malwarebytes' Anti-Malware 1.31
Database version: 1597
Windows 5.1.2600 Service Pack 3

1/3/2009 3:29:43 AM
mbam-log-2009-01-03 (03-29-43).txt

Scan type: Quick Scan
Objects scanned: 55919
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I couldn't removing sharing through gpedit.msc the second I press enter I get the send/dont send error and doesnt allow me to remove it. So for now I removed it via regedit NoSharedDocuments.




As for HiJackThis I removed what you told me but didnt find "O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"" in there,I'm sure I checked about 5 times.


While combofix was installing recovery console, when it finished it gave my this error
Posted Image

I just clicked on and it continued doing its thing.


ComboFix 09-01-01.02 - TheTurk 2009-01-03 3:42:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1539 [GMT 2:00]
Running from: c:\documents and settings\TheTurk\Desktop\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TheTurk\Application Data\EurekaLog
N:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-02 15:38 . 2009-01-02 15:38 <DIR> d--hs---- c:\documents and settings\TheTurk\UserData
2009-01-01 18:31 . 2009-01-01 18:31 <DIR> d-------- C:\rsit
2009-01-01 18:23 . 2009-01-01 18:23 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-01 18:23 . 2009-01-02 02:26 34,860 --a------ c:\documents and settings\TheTurk\sds2d21.exe
2008-12-31 16:11 . 2008-12-31 16:24 9,772 --a------ c:\documents and settings\TheTurk\sdsd21.exe
2008-12-31 12:06 . 2008-12-31 12:06 <DIR> d-------- c:\program files\Western Digital
2008-12-31 12:05 . 2008-12-31 12:05 <DIR> d-------- c:\program files\Western Digital Technologies
2008-12-31 11:58 . 2009-01-02 05:30 <DIR> d-------- c:\program files\Everything
2008-12-31 11:47 . 2008-12-31 11:47 <DIR> d-------- c:\program files\3RVX
2008-12-31 03:05 . 2008-12-31 03:05 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Uniblue
2008-12-31 02:52 . 2008-12-31 05:56 9,772 --a------ c:\documents and settings\TheTurk\sdsd2.exe
2008-12-31 02:29 . 2008-12-31 02:29 303 --a------ c:\documents and settings\TheTurk\xsdsxd.exe
2008-12-31 00:14 . 2008-12-31 02:27 9,772 --a------ c:\documents and settings\TheTurk\sdsd.exe
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 06:28 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 05:46 . 2008-12-30 05:47 102,400 --a------ c:\documents and settings\TheTurk\sdsxxxd.exe
2008-12-29 05:30 . 2008-12-29 05:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 12:40 . 2008-12-28 12:40 <DIR> d-------- c:\windows\system32\Adobe
2008-12-26 00:27 . 2008-12-26 00:27 <DIR> dr-hs---- C:\Recycle
2008-12-26 00:27 . 2008-12-26 02:09 40,960 --a------ c:\documents and settings\TheTurk\asdsds.exe
2008-12-24 22:10 . 2008-12-24 22:10 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Nero
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\program files\Webroot
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Webroot
2008-12-24 10:31 . 2008-12-24 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-24 10:31 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-12-20 10:27 . 2008-12-20 13:59 36,864 --a------ c:\documents and settings\TheTurk\update.exe
2008-12-20 06:07 . 2008-04-14 04:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-20 06:07 . 2008-12-20 06:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-20 06:02 . 2008-10-16 22:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-20 06:02 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 06:02 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-20 06:02 . 2008-10-16 22:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-20 06:02 . 2008-10-16 22:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 06:02 . 2008-10-16 22:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-20 06:02 . 2008-10-16 22:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-20 06:02 . 2008-10-16 22:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-20 06:02 . 2008-10-16 15:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-20 05:56 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-20 05:53 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-20 05:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-18 22:46 . 2008-12-22 03:40 <DIR> d-------- c:\program files\XoftSpySE
2008-12-18 22:24 . 2008-12-19 05:49 60,972 --a------ c:\documents and settings\TheTurk\ssjkjdkfd.exe
2008-12-17 13:11 . 2008-12-19 06:33 36,864 --a------ c:\documents and settings\TheTurk\dsdsd.exe
2008-12-15 20:45 . 2009-01-02 05:24 <DIR> dr-hs---- C:\SYSTEM
2008-12-15 20:44 . 2008-12-15 20:54 36,864 --a------ c:\documents and settings\TheTurk\asdas.exe
2008-12-14 19:37 . 2008-12-14 19:37 <DIR> dr-hs---- C:\CONFIG
2008-12-12 08:53 . 2008-12-27 18:53 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-07 21:39 . 2008-12-07 21:39 <DIR> d-------- c:\program files\TVAnts
2008-12-07 05:24 . 2008-12-07 05:25 <DIR> d-------- c:\program files\SopCast
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> dr-h----- c:\documents and settings\TheTurk\Application Data\SecuROM
2008-12-05 15:38 . 2008-12-05 15:38 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-05 15:37 . 2008-05-30 12:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-05 15:37 . 2008-05-30 12:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-05 15:37 . 2008-05-30 12:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-05 15:37 . 2008-05-30 12:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-05 15:35 . 2008-12-05 15:35 <DIR> d-------- c:\windows\system32\xlive
2008-12-05 15:34 . 2008-12-06 21:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-05 15:02 . 2008-12-20 06:08 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-05 15:01 . 2008-12-05 15:01 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-05 15:01 . 2006-06-29 11:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-05 14:55 . 2008-12-05 15:06 <DIR> d-------- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 03:28 --------- d-----w c:\documents and settings\TheTurk\Application Data\DMCache
2008-12-31 10:47 --------- d-----w c:\documents and settings\TheTurk\Application Data\LimeWire
2008-12-24 08:04 164 ----a-w C:\install.dat
2008-12-22 01:42 --------- d-----w c:\program files\Steam
2008-12-20 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 03:43 --------- d-----w c:\documents and settings\TheTurk\Application Data\SystemRequirementsLab
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\skypePM
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\Skype
2008-12-10 02:06 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-10 02:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 23:41 --------- d-----w c:\documents and settings\TheTurk\Application Data\uTorrent
2008-12-05 22:51 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-05 13:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 13:04 --------- d-----w c:\program files\MSBuild
2008-12-04 23:50 --------- d-----w c:\program files\UnHackMe
2008-12-04 14:09 --------- d-----w c:\program files\Java
2008-12-03 21:42 --------- d-----w c:\program files\Hotspot Shield
2008-12-01 16:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\Digidesign
2008-12-01 16:16 --------- d-----w c:\program files\Steinberg
2008-12-01 16:16 --------- d-----w c:\program files\Antares Audio Technologies
2008-12-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 23:53 --------- d-----w c:\program files\Online TV Player 4
2008-11-27 17:17 --------- d-----w c:\documents and settings\TheTurk\Application Data\Adobe-BackupByPhotoshopPortable
2008-11-27 17:16 --------- d-----w c:\program files\Common Files\SupportSoft
2008-11-27 17:15 --------- d-----w c:\program files\Etisalat
2008-11-27 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-11-26 15:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 23:51 --------- d-----w c:\documents and settings\TheTurk\Application Data\iShell
2008-11-25 23:50 --------- d-----w c:\program files\iTunes
2008-11-25 23:50 --------- d-----w c:\documents and settings\TheTurk\Application Data\Apple Computer
2008-11-25 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 23:49 --------- d-----w c:\program files\QuickTime
2008-11-25 23:49 --------- d-----w c:\program files\iPod
2008-11-25 23:49 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 23:49 --------- d-----w c:\program files\Bonjour
2008-11-25 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 21:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Red Alert 3
2008-11-24 18:19 --------- d-----w c:\program files\LimeWire
2008-11-24 08:19 --------- d-----w c:\program files\Broadcom
2008-11-23 19:48 --------- d-----w c:\program files\Google
2008-11-22 21:20 --------- d-----w c:\program files\Mediafour
2008-11-22 21:20 --------- d-----w c:\program files\Common Files\Mediafour
2008-11-22 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2008-11-22 21:19 --------- d-----w c:\program files\InterLok
2008-11-22 21:18 --------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\TheTurk\Application Data\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-22 21:17 --------- d-----w c:\program files\Digidesign
2008-11-22 21:15 --------- d-----w c:\program files\Common Files\Digidesign
2008-11-21 15:39 --------- d-----w c:\program files\GmailBackup
2008-11-20 18:34 --------- d-----w c:\documents and settings\TheTurk\Application Data\eXPert PDF Editor
2008-11-18 23:36 --------- d-----w c:\program files\Etisalat USB Modem E220
2008-11-18 22:43 --------- d-----w c:\program files\DAMN NFO Viewer
2008-11-18 14:05 --------- d-----w c:\documents and settings\TheTurk\Application Data\Leadertech
2008-11-18 13:49 --------- d-----w c:\program files\EA Games
2008-11-16 21:18 --------- d-----w c:\program files\Counter-Strike 1.6
2008-11-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-16 20:48 --------- d-----w c:\program files\DivX
2008-11-16 15:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Megaupload
2008-11-16 15:55 --------- d-----w c:\program files\Megaupload
2008-11-16 15:55 --------- d-----w c:\documents and settings\TheTurk\Application Data\vlc
2008-11-16 15:54 --------- d-----w c:\documents and settings\TheTurk\Application Data\InstallShield
2008-11-15 22:15 --------- d-----w c:\program files\HTTP-Tunnel
2008-11-15 13:19 --------- d-----w c:\program files\Unlocker
2008-11-14 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-14 16:56 --------- d-----w c:\program files\MagicISO
2008-11-14 16:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-14 16:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-14 16:45 --------- d-----w c:\documents and settings\TheTurk\Application Data\DAEMON Tools
2008-11-14 16:44 --------- d-----w c:\program files\Visagesoft
2008-11-14 15:54 --------- d-----w c:\program files\Skype
2008-11-14 15:54 --------- d-----w c:\program files\Common Files\Skype
2008-11-14 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 17:12 --------- d-----w c:\program files\Internet Download Manager
2008-11-12 19:15 --------- d-----w c:\program files\SoulseekNS
2008-11-12 19:12 --------- d-----w c:\program files\uTorrent
2008-11-12 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 14:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 14:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 14:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-11 20:10 --------- d-----w c:\program files\coolpro2
2008-11-11 20:07 --------- d-----w c:\documents and settings\TheTurk\Application Data\Syntrillium
2008-11-11 12:34 --------- d-----w c:\program files\Viewpoint
2008-11-11 12:28 --------- d-----w c:\documents and settings\TheTurk\Application Data\KeePass
2008-11-10 17:26 --------- d-----w c:\program files\Microsoft Works
2008-11-10 17:24 --------- d-----w c:\program files\Microsoft.NET
2008-11-10 13:33 --------- d-----w c:\documents and settings\TheTurk\Application Data\IDM
2008-11-10 06:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 06:16 --------- d-----w c:\program files\KeePass Password Safe
2008-11-10 06:13 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\program files\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\documents and settings\TheTurk\Application Data\GlobalSCAPE
2008-11-10 01:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-09 21:41 --------- d-----w c:\program files\Apple Software Update
2008-11-09 20:52 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-09 20:42 --------- d-----w c:\program files\VideoLAN
2008-11-09 20:31 --------- d-----w c:\documents and settings\TheTurk\Application Data\Thinstall
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 5.31.14.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 03:25:39 72,160 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-02 03:32:12 72,160 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-02 03:25:39 442,834 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-02 03:32:12 442,834 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-02 23:17 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 2610608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-08 8527872]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-04-15 1626112]
"IRW"="c:\windows\system32\IRW.exe" [2008-02-08 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-02-08 423216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-08 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-04-15 16855552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Everything"="c:\program files\Everything\Everything.exe" [2008-09-29 459776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"MIDI2"= diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 13:35 67112 c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etisalat]
--a------ 2008-06-04 17:23 200384 c:\program files\Etisalat\eSupport\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-09 20:41 2610608 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 11:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 08:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_etisalat"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\TheTurk\\asdsds.exe"=
"c:\\Recycle\\X-5-4-27-2345678318-4567890223-4234567884-2341\\RisinG.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-11-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-04-18 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-02-08 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-02-08 99632]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-11-22 16400]
R2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys [2008-02-08 5504]
R2 MacDriveServiceD;MacDriveServiceD;"c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe" [2007-04-18 143360]
R2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys [2008-02-08 6528]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-12-24 1086840]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2008-11-09 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2008-11-09 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2008-11-09 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2008-11-09 19968]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\DRIVERS\digifw.sys [2008-11-22 167952]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\Etisalat\eSupport\bin\sprtsvc.exe /service /p etisalat []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - n:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a89f36-ae98-11dd-977f-001ec28e06a3}]
\Shell\AutoRun\command - n:\wd_windows_tools\WDSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644242}]
c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C544541}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\TheTurk\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 03:43:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 3:45:06
ComboFix-quarantined-files.txt 2009-01-03 01:44:23
ComboFix2.txt 2009-01-02 03:32:15

Pre-Run: 13,520,162,816 bytes free
Post-Run: 13,509,951,488 bytes free

337




new HJ log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:16 AM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9062 bytes

Edited by TheTurk, 02 January 2009 - 08:47 PM.


#13 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 02 January 2009 - 08:53 PM

I see now that it told me again no recovery console present... that's weird as I agreed on installing - maybe that error was the cause. I should mention that bootcamp takes a chunk of the already dedicated OSX hard-disk and boots windows on it - don't know if that could be the problem. I tried again now and gave me same error - only I pressed NO to not continue with the scan and exit.

Is there a way I can maybe download it directly through Microsoft or something of sort?

Edited by TheTurk, 02 January 2009 - 08:53 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 AM

Posted 03 January 2009 - 01:02 AM

You have done a good job. Thanks for the detailed feedback. It gave me a clear idea about what is going on at the other end.

The hijackthis was on the first log but not the second. I wanted to make sure.

You have done your best and we don't push for the Recovery Console.

You have done the Flash-Disinfector part from the previous posts. I'm sorry you asked if the step takes so short. Yes it takes just a second or two.
  • Please connect the device with the letter F and R prior to running Combofix.
    Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/190160/please-help-me-guys-hijackthis-log-inside/?p=1072946
    
    Collect::[66]
    c:\documents and settings\TheTurk\sds2d21.exe
    c:\documents and settings\TheTurk\sdsd21.exe
    c:\documents and settings\TheTurk\sdsd2.exe
    c:\documents and settings\TheTurk\xsdsxd.exe
    c:\documents and settings\TheTurk\sdsd.exe
    c:\documents and settings\theturk\sdsxxxd.exe
    c:\documents and settings\theturk\asdsds.exe
    c:\documents and settings\theturk\ssjkjdkfd.exe
    c:\documents and settings\TheTurk\dsdsd.exe
    c:\documents and settings\TheTurk\asdas.exe
    C:\update.exe
    F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    R:\AutoRun.exe
    c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX3C644242}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C544541}]

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    • Click on I Agree.
    • If an Active X warning box will appear Click on Install.
      If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
      "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
      Click on that and select: Install Active x.
    • Now Click On Start Scan. Please wait as it might take some time.
    • When it finished click More Details >>
    • Under Detected Problems tab click Click here to export the scan report
    • Click on Click here to export the scan report Save it to your Desktop.
    • Give the report a name and save it. The file will be a .HTML file.
    • Please attach the file to your reply.
  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The BitDefender log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#15 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 03 January 2009 - 03:20 AM

Woops, early post not quite ready yet, will update soon.

Edited by TheTurk, 03 January 2009 - 03:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users