Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me guys :< HiJackThis log inside!


  • This topic is locked This topic is locked
26 replies to this topic

#16 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 03 January 2009 - 04:45 AM

ComboFix log with CFScript dragged in--


ComboFix 09-01-01.02 - TheTurk 2009-01-03 8:18:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1313 [GMT 2:00]
Running from: c:\documents and settings\TheTurk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TheTurk\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TheTurk\asdas.exe
c:\documents and settings\theturk\asdsds.exe
c:\documents and settings\TheTurk\dsdsd.exe
c:\documents and settings\TheTurk\sds2d21.exe
c:\documents and settings\TheTurk\sdsd.exe
c:\documents and settings\TheTurk\sdsd2.exe
c:\documents and settings\TheTurk\sdsd21.exe
c:\documents and settings\theturk\sdsxxxd.exe
c:\documents and settings\theturk\ssjkjdkfd.exe
c:\documents and settings\TheTurk\xsdsxd.exe
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-03 08:09 . 2009-01-03 08:09 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-02 15:38 . 2009-01-02 15:38 <DIR> d--hs---- c:\documents and settings\TheTurk\UserData
2009-01-01 18:31 . 2009-01-01 18:31 <DIR> d-------- C:\rsit
2009-01-01 18:23 . 2009-01-01 18:23 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-31 12:06 . 2008-12-31 12:06 <DIR> d-------- c:\program files\Western Digital
2008-12-31 12:05 . 2008-12-31 12:05 <DIR> d-------- c:\program files\Western Digital Technologies
2008-12-31 11:58 . 2009-01-02 05:30 <DIR> d-------- c:\program files\Everything
2008-12-31 11:47 . 2008-12-31 11:47 <DIR> d-------- c:\program files\3RVX
2008-12-31 03:05 . 2008-12-31 03:05 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Uniblue
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 06:28 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 05:30 . 2008-12-29 05:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 12:40 . 2008-12-28 12:40 <DIR> d-------- c:\windows\system32\Adobe
2008-12-26 00:27 . 2008-12-26 00:27 <DIR> dr-hs---- C:\Recycle
2008-12-24 22:10 . 2008-12-24 22:10 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Nero
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\program files\Webroot
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Webroot
2008-12-24 10:31 . 2008-12-24 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-24 10:31 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-12-20 10:27 . 2008-12-20 13:59 36,864 --a------ c:\documents and settings\TheTurk\update.exe
2008-12-20 06:07 . 2008-04-14 04:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-20 06:07 . 2008-12-20 06:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-20 06:02 . 2008-10-16 22:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-20 06:02 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 06:02 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-20 06:02 . 2008-10-16 22:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-20 06:02 . 2008-10-16 22:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 06:02 . 2008-10-16 22:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-20 06:02 . 2008-10-16 22:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-20 06:02 . 2008-10-16 22:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-20 06:02 . 2008-10-16 15:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-20 05:56 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-20 05:53 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-20 05:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-18 22:46 . 2008-12-22 03:40 <DIR> d-------- c:\program files\XoftSpySE
2008-12-15 20:45 . 2009-01-02 05:24 <DIR> dr-hs---- C:\SYSTEM
2008-12-14 19:37 . 2008-12-14 19:37 <DIR> dr-hs---- C:\CONFIG
2008-12-12 08:53 . 2008-12-27 18:53 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-07 21:39 . 2008-12-07 21:39 <DIR> d-------- c:\program files\TVAnts
2008-12-07 05:24 . 2008-12-07 05:25 <DIR> d-------- c:\program files\SopCast
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> dr-h----- c:\documents and settings\TheTurk\Application Data\SecuROM
2008-12-05 15:38 . 2008-12-05 15:38 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-05 15:37 . 2008-05-30 12:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-05 15:37 . 2008-05-30 12:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-05 15:37 . 2008-05-30 12:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-05 15:37 . 2008-05-30 12:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-05 15:35 . 2008-12-05 15:35 <DIR> d-------- c:\windows\system32\xlive
2008-12-05 15:34 . 2008-12-06 21:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-05 15:02 . 2008-12-20 06:08 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-05 15:01 . 2008-12-05 15:01 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-05 15:01 . 2006-06-29 11:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-05 14:55 . 2008-12-05 15:06 <DIR> d-------- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 06:15 --------- d-----w c:\documents and settings\TheTurk\Application Data\DMCache
2008-12-31 10:47 --------- d-----w c:\documents and settings\TheTurk\Application Data\LimeWire
2008-12-24 08:04 164 ----a-w C:\install.dat
2008-12-22 01:42 --------- d-----w c:\program files\Steam
2008-12-20 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 03:43 --------- d-----w c:\documents and settings\TheTurk\Application Data\SystemRequirementsLab
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\skypePM
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\Skype
2008-12-10 02:06 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-10 02:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 23:41 --------- d-----w c:\documents and settings\TheTurk\Application Data\uTorrent
2008-12-05 22:51 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-05 13:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 13:04 --------- d-----w c:\program files\MSBuild
2008-12-04 23:50 --------- d-----w c:\program files\UnHackMe
2008-12-04 14:09 --------- d-----w c:\program files\Java
2008-12-03 21:42 --------- d-----w c:\program files\Hotspot Shield
2008-12-01 16:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\Digidesign
2008-12-01 16:16 --------- d-----w c:\program files\Steinberg
2008-12-01 16:16 --------- d-----w c:\program files\Antares Audio Technologies
2008-12-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 23:53 --------- d-----w c:\program files\Online TV Player 4
2008-11-27 17:17 --------- d-----w c:\documents and settings\TheTurk\Application Data\Adobe-BackupByPhotoshopPortable
2008-11-27 17:16 --------- d-----w c:\program files\Common Files\SupportSoft
2008-11-27 17:15 --------- d-----w c:\program files\Etisalat
2008-11-27 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-11-26 15:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 23:51 --------- d-----w c:\documents and settings\TheTurk\Application Data\iShell
2008-11-25 23:50 --------- d-----w c:\program files\iTunes
2008-11-25 23:50 --------- d-----w c:\documents and settings\TheTurk\Application Data\Apple Computer
2008-11-25 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 23:49 --------- d-----w c:\program files\QuickTime
2008-11-25 23:49 --------- d-----w c:\program files\iPod
2008-11-25 23:49 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 23:49 --------- d-----w c:\program files\Bonjour
2008-11-25 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 21:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Red Alert 3
2008-11-24 18:19 --------- d-----w c:\program files\LimeWire
2008-11-24 08:19 --------- d-----w c:\program files\Broadcom
2008-11-23 19:48 --------- d-----w c:\program files\Google
2008-11-22 21:20 --------- d-----w c:\program files\Mediafour
2008-11-22 21:20 --------- d-----w c:\program files\Common Files\Mediafour
2008-11-22 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2008-11-22 21:19 --------- d-----w c:\program files\InterLok
2008-11-22 21:18 --------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\TheTurk\Application Data\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-22 21:17 --------- d-----w c:\program files\Digidesign
2008-11-22 21:15 --------- d-----w c:\program files\Common Files\Digidesign
2008-11-21 15:39 --------- d-----w c:\program files\GmailBackup
2008-11-20 18:34 --------- d-----w c:\documents and settings\TheTurk\Application Data\eXPert PDF Editor
2008-11-18 23:36 --------- d-----w c:\program files\Etisalat USB Modem E220
2008-11-18 22:43 --------- d-----w c:\program files\DAMN NFO Viewer
2008-11-18 14:05 --------- d-----w c:\documents and settings\TheTurk\Application Data\Leadertech
2008-11-18 13:49 --------- d-----w c:\program files\EA Games
2008-11-16 21:18 --------- d-----w c:\program files\Counter-Strike 1.6
2008-11-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-16 20:48 --------- d-----w c:\program files\DivX
2008-11-16 15:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Megaupload
2008-11-16 15:55 --------- d-----w c:\program files\Megaupload
2008-11-16 15:55 --------- d-----w c:\documents and settings\TheTurk\Application Data\vlc
2008-11-16 15:54 --------- d-----w c:\documents and settings\TheTurk\Application Data\InstallShield
2008-11-15 22:15 --------- d-----w c:\program files\HTTP-Tunnel
2008-11-15 13:19 --------- d-----w c:\program files\Unlocker
2008-11-14 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-14 16:56 --------- d-----w c:\program files\MagicISO
2008-11-14 16:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-14 16:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-14 16:45 --------- d-----w c:\documents and settings\TheTurk\Application Data\DAEMON Tools
2008-11-14 16:44 --------- d-----w c:\program files\Visagesoft
2008-11-14 15:54 --------- d-----w c:\program files\Skype
2008-11-14 15:54 --------- d-----w c:\program files\Common Files\Skype
2008-11-14 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 17:12 --------- d-----w c:\program files\Internet Download Manager
2008-11-12 19:15 --------- d-----w c:\program files\SoulseekNS
2008-11-12 19:12 --------- d-----w c:\program files\uTorrent
2008-11-12 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 14:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 14:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 14:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-11 20:10 --------- d-----w c:\program files\coolpro2
2008-11-11 20:07 --------- d-----w c:\documents and settings\TheTurk\Application Data\Syntrillium
2008-11-11 12:34 --------- d-----w c:\program files\Viewpoint
2008-11-11 12:28 --------- d-----w c:\documents and settings\TheTurk\Application Data\KeePass
2008-11-10 17:26 --------- d-----w c:\program files\Microsoft Works
2008-11-10 17:24 --------- d-----w c:\program files\Microsoft.NET
2008-11-10 13:33 --------- d-----w c:\documents and settings\TheTurk\Application Data\IDM
2008-11-10 06:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 06:16 --------- d-----w c:\program files\KeePass Password Safe
2008-11-10 06:13 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\program files\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\documents and settings\TheTurk\Application Data\GlobalSCAPE
2008-11-10 01:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-09 21:41 --------- d-----w c:\program files\Apple Software Update
2008-11-09 20:52 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-09 20:42 --------- d-----w c:\program files\VideoLAN
2008-11-09 20:31 --------- d-----w c:\documents and settings\TheTurk\Application Data\Thinstall
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 5.31.14.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 03:27:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 03:25:39 72,160 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-02 03:32:12 72,160 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-02 03:25:39 442,834 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-02 03:32:12 442,834 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-02 23:17 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 2610608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-08 8527872]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-04-15 1626112]
"IRW"="c:\windows\system32\IRW.exe" [2008-02-08 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-02-08 423216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-08 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-04-15 16855552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Everything"="c:\program files\Everything\Everything.exe" [2008-09-29 459776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"MIDI2"= diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 13:35 67112 c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etisalat]
--a------ 2008-06-04 17:23 200384 c:\program files\Etisalat\eSupport\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-09 20:41 2610608 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 11:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 08:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_etisalat"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-11-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.sys [2007-04-18 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-02-08 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-02-08 99632]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-11-22 16400]
R2 KeyAgent;KeyAgent;\??\c:\windows\system32\drivers\KeyAgent.sys [2008-02-08 5504]
R2 MacDriveServiceD;MacDriveServiceD;"c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe" [2007-04-18 143360]
R2 MacHALDriver;Mac HAL;\??\c:\windows\system32\drivers\MacHALDriver.sys [2008-02-08 6528]
R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" [2008-12-24 1086840]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2008-11-09 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2008-11-09 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2008-11-09 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2008-11-09 19968]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\DRIVERS\digifw.sys [2008-11-22 167952]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\Etisalat\eSupport\bin\sprtsvc.exe /service /p etisalat []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - n:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\TheTurk\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 08:19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 8:20:39
ComboFix-quarantined-files.txt 2009-01-03 06:19:54
ComboFix2.txt 2009-01-03 01:45:07
ComboFix3.txt 2009-01-02 03:32:15

Pre-Run: 13,487,869,952 bytes free
Post-Run: 13,473,517,568 bytes free

329




The file you told me to submit has been submitted with the mentioned notice ...

Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.




BitDefender - when I first clicked start scan a progress bar took a while but got finished(AntiVirus Engine & Virus Signatures) then gave me an error that it cant update virus definitions - I click to continue scan and the windows gave me this..

Posted Image

On retry the scan proceeded which leads me to believe it maybe was a twitch on the server's side and not mine. GOOD GOD...after waiting for EVER I forgot to export the log and just closed out of forgetfulness please don't let me go through it again lol. Everything found was deleted, 4 identified viruses, 4 infected objects, 7 suspects or 8, and 22 deleted files. that was the final result, I'm 95% sure



...and finally the fresh HJT log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:49 AM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9540 bytes



- Please don't forget to answer which program(s) to use. Since you already suggested a BitDefender scan I presume it's a good program - I know of BitDefender and have used it before but preferred Webroot mainly because I'm used to it. Do I proceed to purchase BitDefender or you have a better suggestion?

As for the actual process everything went as told. The instructions were straight forward and I just enabled Webroot again, no notice or anything so far.

Edited by TheTurk, 03 January 2009 - 04:51 AM.


BC AdBot (Login to Remove)

 


#17 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 03 January 2009 - 06:03 AM

Hmm just noticed something Farbar. My wireless connection just stopped working no matter which network I connect to. I tried through network cable to my router and it worked. I then went to my neighbor's and it didn't work either...I would directly get cannot display page after like 1-2 seconds. I now switched to my Mac and my wireless is working normally here.

No blame ofcourse, it's my fault the recovery console was not installed (I assume it's for such incidents?).

Please advise accordingly and thanks for the major help you've been so far...


EDIT
I attempted to restart and go into safe-mode incase something was hampering the connection - nop same thing.

Edited by TheTurk, 03 January 2009 - 06:05 AM.


#18 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 03 January 2009 - 12:39 PM

On retry the scan proceeded which leads me to believe it maybe was a twitch on the server's side and not mine. GOOD GOD...after waiting for EVER I forgot to export the log and just closed out of forgetfulness please don't let me go through it again lol. Everything found was deleted, 4 identified viruses, 4 infected objects, 7 suspects or 8, and 22 deleted files. that was the final result, I'm 95% sure


Who knows what was deleted and what was suspect? Something which effect the wireless?

I will not put you through it again. Instead will give you another scan, deal? :)

Please don't forget to answer which program(s) to use. Since you already suggested a BitDefender scan I presume it's a good program - I know of BitDefender and have used it before but preferred Webroot mainly because I'm used to it. Do I proceed to purchase BitDefender or you have a better suggestion?


Let get this one out of our way. I suggested BitDefender also because of the type of infection. In the early days of Brontok they had a special removal too. If they are still good in Brontok I'm not so sure. Wanted to see the log you manged to loos. :thumbsup:

I think Kaspersky, BitDefender and Eset NOD32 are at the moment doing well. I recommend AV+Firewall together.

Use one of them along with with MBAM and something like Spybot S & D.

Hmm just noticed something Farbar. My wireless connection just stopped working no matter which network I connect to. I tried through network cable to my router and it worked. I then went to my neighbor's and it didn't work either...I would directly get cannot display page after like 1-2 seconds. I now switched to my Mac and my wireless is working normally here.

No blame of course, it's my fault the recovery console was not installed (I assume it's for such incidents?).

Please advise accordingly and thanks for the major help you've been so far...

EDIT
I attempted to restart and go into safe-mode incase something was hampering the connection - nop same thing.


It's not your fault the Recovery Console was not installed. It was for more serious cases like boot problems. If it was needed we have alternatives and you don't have to worry about that.

About the wireless connection we will repair the connection.

++++++++++++++++++++++++++

We need to run Combofix once more, research the wireless case and run another online scanner to make sure.
  • Close any open browsers.

    Open notepad and copy/paste the text in the code box below into it:

    Folder::
    C:\Recycle

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • To check if all devices are working properly:
    • Go to start > right-click My computer and select Properties.
    • Under Hardware tab select Device Manger.
    • Check if there is any ? or ! besides the listed devices.
    • Expand Network Adapters.
    • Check if there is any ? or ! sign next to the listed devices. If yes note the device name.
    • Double-click on the listed device with ? or !
    • Under General tab note the writing in the Device Status section and post it to your reply.
  • We need to run ESET (NOD32)'s Online Scanner.
    • Please go to ESET OnlineScan (NOD32)
    • You will then see the Terms of Use, check YES, I accept the Terms of Use. Then click Start.
    • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
    • Click Start and wait until the scanner is ready to scan your computer.
    • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
    • Click Scan. The application takes a while to finish the scan, please be patient.
    • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
    • Click Start -> Run... -> copy and paste the following in the run box and click OK: C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste the content of the open text file to your reply.
  • Please copy and paste a fresh Hijackthis log to your reply.


#19 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 03 January 2009 - 10:38 PM

Hey Farbar !

NEW COMBOFIX LOG---


ComboFix 09-01-02.01 - TheTurk 2009-01-04 3:38:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1665 [GMT 2:00]
Running from: c:\documents and settings\TheTurk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TheTurk\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycle
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 08:26 . 2009-01-03 09:21 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-03 08:09 . 2009-01-03 08:09 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-02 15:38 . 2009-01-02 15:38 <DIR> d--hs---- c:\documents and settings\TheTurk\UserData
2009-01-01 18:31 . 2009-01-01 18:31 <DIR> d-------- C:\rsit
2009-01-01 18:23 . 2009-01-01 18:23 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-31 12:06 . 2008-12-31 12:06 <DIR> d-------- c:\program files\Western Digital
2008-12-31 12:05 . 2008-12-31 12:05 <DIR> d-------- c:\program files\Western Digital Technologies
2008-12-31 11:58 . 2009-01-03 17:45 <DIR> d-------- c:\program files\Everything
2008-12-31 11:47 . 2008-12-31 11:47 <DIR> d-------- c:\program files\3RVX
2008-12-31 03:05 . 2008-12-31 03:05 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Uniblue
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-30 06:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 06:28 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 06:28 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 05:30 . 2008-12-29 05:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 12:40 . 2008-12-28 12:40 <DIR> d-------- c:\windows\system32\Adobe
2008-12-24 22:10 . 2008-12-24 22:10 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Nero
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\program files\Webroot
2008-12-24 10:31 . 2008-12-24 10:31 <DIR> d-------- c:\documents and settings\TheTurk\Application Data\Webroot
2008-12-24 10:31 . 2008-12-24 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-24 10:31 . 2008-11-13 17:11 1,553,272 --a------ c:\windows\WRSetup.dll
2008-12-20 06:07 . 2008-04-14 04:11 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-20 06:07 . 2008-12-20 06:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-20 06:02 . 2008-10-16 22:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-20 06:02 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-20 06:02 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-20 06:02 . 2008-10-16 22:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-20 06:02 . 2008-10-16 22:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-20 06:02 . 2008-10-16 22:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-20 06:02 . 2008-10-16 22:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-20 06:02 . 2008-10-16 22:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-20 06:02 . 2008-10-16 15:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-20 05:56 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-20 05:53 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-20 05:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-18 22:46 . 2008-12-22 03:40 <DIR> d-------- c:\program files\XoftSpySE
2008-12-15 20:45 . 2009-01-02 05:24 <DIR> dr-hs---- C:\SYSTEM
2008-12-14 19:37 . 2008-12-14 19:37 <DIR> dr-hs---- C:\CONFIG
2008-12-12 08:53 . 2008-12-27 18:53 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-07 21:39 . 2008-12-07 21:39 <DIR> d-------- c:\program files\TVAnts
2008-12-07 05:24 . 2008-12-07 05:25 <DIR> d-------- c:\program files\SopCast
2008-12-05 16:18 . 2008-12-05 16:18 <DIR> dr-h----- c:\documents and settings\TheTurk\Application Data\SecuROM
2008-12-05 15:38 . 2008-12-05 15:38 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-05 15:37 . 2008-05-30 12:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-05 15:37 . 2008-05-30 12:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-05 15:37 . 2008-05-30 12:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-05 15:37 . 2008-05-30 12:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-05 15:35 . 2008-12-05 15:35 <DIR> d-------- c:\windows\system32\xlive
2008-12-05 15:34 . 2008-12-06 21:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-05 15:02 . 2008-12-20 06:08 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-05 15:01 . 2008-12-05 15:01 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-05 15:01 . 2006-06-29 11:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-05 14:55 . 2008-12-05 15:06 <DIR> d-------- c:\program files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 15:45 --------- d-----w c:\documents and settings\TheTurk\Application Data\DMCache
2009-01-03 07:48 --------- d-----w c:\program files\Online TV Player 4
2008-12-31 10:47 --------- d-----w c:\documents and settings\TheTurk\Application Data\LimeWire
2008-12-24 08:04 164 ----a-w C:\install.dat
2008-12-22 01:42 --------- d-----w c:\program files\Steam
2008-12-20 03:44 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-20 03:43 --------- d-----w c:\documents and settings\TheTurk\Application Data\SystemRequirementsLab
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\skypePM
2008-12-17 11:37 --------- d-----w c:\documents and settings\TheTurk\Application Data\Skype
2008-12-10 02:06 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-10 02:06 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 23:41 --------- d-----w c:\documents and settings\TheTurk\Application Data\uTorrent
2008-12-05 22:51 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-05 13:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 13:04 --------- d-----w c:\program files\MSBuild
2008-12-04 23:50 --------- d-----w c:\program files\UnHackMe
2008-12-04 14:09 --------- d-----w c:\program files\Java
2008-12-03 21:42 --------- d-----w c:\program files\Hotspot Shield
2008-12-01 16:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\Digidesign
2008-12-01 16:16 --------- d-----w c:\program files\Steinberg
2008-12-01 16:16 --------- d-----w c:\program files\Antares Audio Technologies
2008-12-01 07:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 17:17 --------- d-----w c:\documents and settings\TheTurk\Application Data\Adobe-BackupByPhotoshopPortable
2008-11-27 17:16 --------- d-----w c:\program files\Common Files\SupportSoft
2008-11-27 17:15 --------- d-----w c:\program files\Etisalat
2008-11-27 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-11-26 15:42 --------- d-----w c:\documents and settings\TheTurk\Application Data\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\The Learning Company
2008-11-26 15:38 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 23:51 --------- d-----w c:\documents and settings\TheTurk\Application Data\iShell
2008-11-25 23:50 --------- d-----w c:\program files\iTunes
2008-11-25 23:50 --------- d-----w c:\documents and settings\TheTurk\Application Data\Apple Computer
2008-11-25 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 23:49 --------- d-----w c:\program files\QuickTime
2008-11-25 23:49 --------- d-----w c:\program files\iPod
2008-11-25 23:49 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 23:49 --------- d-----w c:\program files\Bonjour
2008-11-25 23:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 21:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Red Alert 3
2008-11-24 18:19 --------- d-----w c:\program files\LimeWire
2008-11-24 08:19 --------- d-----w c:\program files\Broadcom
2008-11-23 19:48 --------- d-----w c:\program files\Google
2008-11-22 21:20 --------- d-----w c:\program files\Mediafour
2008-11-22 21:20 --------- d-----w c:\program files\Common Files\Mediafour
2008-11-22 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2008-11-22 21:19 --------- d-----w c:\program files\InterLok
2008-11-22 21:18 --------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\TheTurk\Application Data\PACE Anti-Piracy
2008-11-22 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2008-11-22 21:17 --------- d-----w c:\program files\Digidesign
2008-11-22 21:15 --------- d-----w c:\program files\Common Files\Digidesign
2008-11-21 15:39 --------- d-----w c:\program files\GmailBackup
2008-11-20 18:34 --------- d-----w c:\documents and settings\TheTurk\Application Data\eXPert PDF Editor
2008-11-18 23:36 --------- d-----w c:\program files\Etisalat USB Modem E220
2008-11-18 22:43 --------- d-----w c:\program files\DAMN NFO Viewer
2008-11-18 14:05 --------- d-----w c:\documents and settings\TheTurk\Application Data\Leadertech
2008-11-18 13:49 --------- d-----w c:\program files\EA Games
2008-11-16 21:18 --------- d-----w c:\program files\Counter-Strike 1.6
2008-11-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-11-16 20:48 --------- d-----w c:\program files\DivX
2008-11-16 15:56 --------- d-----w c:\documents and settings\TheTurk\Application Data\Megaupload
2008-11-16 15:55 --------- d-----w c:\program files\Megaupload
2008-11-16 15:55 --------- d-----w c:\documents and settings\TheTurk\Application Data\vlc
2008-11-16 15:54 --------- d-----w c:\documents and settings\TheTurk\Application Data\InstallShield
2008-11-15 22:15 --------- d-----w c:\program files\HTTP-Tunnel
2008-11-15 13:19 --------- d-----w c:\program files\Unlocker
2008-11-14 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Soulseek
2008-11-14 16:56 --------- d-----w c:\program files\MagicISO
2008-11-14 16:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-14 16:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-14 16:45 --------- d-----w c:\documents and settings\TheTurk\Application Data\DAEMON Tools
2008-11-14 16:44 --------- d-----w c:\program files\Visagesoft
2008-11-14 15:54 --------- d-----w c:\program files\Skype
2008-11-14 15:54 --------- d-----w c:\program files\Common Files\Skype
2008-11-14 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-13 17:12 --------- d-----w c:\program files\Internet Download Manager
2008-11-12 19:15 --------- d-----w c:\program files\SoulseekNS
2008-11-12 19:12 --------- d-----w c:\program files\uTorrent
2008-11-12 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-12 14:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 14:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 14:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-11 20:10 --------- d-----w c:\program files\coolpro2
2008-11-11 20:07 --------- d-----w c:\documents and settings\TheTurk\Application Data\Syntrillium
2008-11-11 12:34 --------- d-----w c:\program files\Viewpoint
2008-11-11 12:28 --------- d-----w c:\documents and settings\TheTurk\Application Data\KeePass
2008-11-10 17:26 --------- d-----w c:\program files\Microsoft Works
2008-11-10 17:24 --------- d-----w c:\program files\Microsoft.NET
2008-11-10 13:33 --------- d-----w c:\documents and settings\TheTurk\Application Data\IDM
2008-11-10 06:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 06:16 --------- d-----w c:\program files\KeePass Password Safe
2008-11-10 06:13 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\program files\GlobalSCAPE
2008-11-10 06:12 --------- d-----w c:\documents and settings\TheTurk\Application Data\GlobalSCAPE
2008-11-10 01:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-09 21:41 --------- d-----w c:\program files\Apple Software Update
2008-11-09 20:52 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-09 20:42 --------- d-----w c:\program files\VideoLAN
2008-11-09 20:31 --------- d-----w c:\documents and settings\TheTurk\Application Data\Thinstall
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_ 5.31.14.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 06:26:20 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-01-03 06:26:20 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2009-01-03 06:26:22 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2009-01-03 06:26:39 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-03 06:26:42 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-03 06:26:25 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 13:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-03 15:44:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-03 15:44:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 03:21:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-03 15:44:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 03:25:39 72,160 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-03 15:49:18 72,160 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-02 03:25:39 442,834 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-03 15:49:18 442,834 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-02 23:17 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 17:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 2610608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-08 8527872]
"nwiz"="c:\windows\system32\nwiz.exe" [2008-04-15 1626112]
"IRW"="c:\windows\system32\IRW.exe" [2008-02-08 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-02-08 423216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-08 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-04-15 16855552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Everything"="c:\program files\Everything\Everything.exe" [2008-09-29 459776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
"MIDI2"= diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 13:35 67112 c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etisalat]
--a------ 2008-06-04 17:23 200384 c:\program files\Etisalat\eSupport\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-11-09 20:41 2610608 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 11:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 08:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_etisalat"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-11-22 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-04-18 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2008-11-09 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2008-11-09 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2008-11-09 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2008-11-09 19968]
R4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-02-08 132400]
R4 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-02-08 99632]
R4 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-11-22 16400]
R4 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-02-08 5504]
R4 MacDriveServiceD;MacDriveServiceD;c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe [2007-04-18 143360]
R4 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-02-08 6528]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-12-24 1086840]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);c:\windows\system32\drivers\digifw.sys [2008-11-22 167952]
S4 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\Etisalat\eSupport\bin\sprtsvc.exe [2008-11-27 200384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
\Shell\AutoRun\command - n:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\TheTurk\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\TheTurk\Application Data\Mozilla\Firefox\Profiles\kwe3ispx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 03:41:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 3:42:32
ComboFix-quarantined-files.txt 2009-01-04 01:41:47
ComboFix2.txt 2009-01-03 06:20:40
ComboFix3.txt 2009-01-03 01:45:07
ComboFix4.txt 2009-01-02 03:32:15

Pre-Run: 13,424,783,360 bytes free
Post-Run: 13,411,815,424 bytes free

331



No problems what-so-ever in device manager ... all working fine - I already checked it earlier today when it stopped working by the way, I think I will just re-install the drivers for the wireless-adapter. Waiting for your okay.



NOD32 LOG----


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3734 (20090103)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3555e8dda12d6e4caf8851bdd8cdb098
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-04 03:31:24
# local_time=2009-01-04 05:31:24 (+0200, Middle East Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=969832
# found=3
# scan_time=5833
C:\Qoobox\Quarantine\[66]-Submit_2009-01-03@8.18.zip Win32/AutoRun.Agent.FB worm (deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[66]-Submit_2009-01-03@8.18.zip »ZIP »asdsds.exe Win32/AutoRun.Agent.FB worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Qoobox\Quarantine\[66]-Submit_2009-01-03@8.18.zip »ZIP »RisinG.exe Win32/AutoRun.Agent.FB worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000




Fresh HJT LOG-----







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:31 AM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [IRW] "C:\WINDOWS\system32\IRW.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Boot Camp\KbdMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744216217
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229744200327
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9540 bytes

#20 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 04 January 2009 - 08:02 AM

NOD32 did not find anything other than the removed malware in Combofix quarantine folder.

As the malware part it looks good.

No problems what-so-ever in device manager ... all working fine - I already checked it earlier today when it stopped working by the way, I think I will just re-install the drivers for the wireless-adapter. Waiting for your okay.


I don't think it is the driver, if it was it would showed in the device manager. But it does no harm you may uninstall and reinstall the driver.

Could you remember what was the lost action before you loose wireless connection? You made BitDefender scan with that connection didn't you?

What else have you tried?

Edited by farbar, 04 January 2009 - 08:53 AM.


#21 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 04 January 2009 - 08:09 AM

I just did the bit-defender with everything disconnected and was connected through network cable. Afterwards at night, I wanted to surf while on the couch so I opened my wireless and it didn't work. It was, I think, bitdefender that removed something it shouldn't have.

I didn't try anything else as I was following your instructions carefully without going commando.

#22 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 04 January 2009 - 08:43 AM

FARBAR!!! Oohhh holy computer messiah - I have managed to get my wireless working again. I just reinstalled the driver with my bootcamp DVD and it's working fine now.

What next? Are we done here as far as my computer goes? And if so, can we please start with my bedroom computer now? The one that was initially giving me that infection as you said.

#23 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 04 January 2009 - 08:57 AM

Great news :thumbsup:

Yes we are done with this computer.

Lets start with both RSIT logs.

#24 TheTurk

TheTurk
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 04 January 2009 - 03:44 PM

RSIT FOR THE OTHER COMPUTER - Brace yourself I have been away for almost 7 months and my family are really bleepty with computers ... and all my little brother does is surf porn online ... *sigh*



info.txt logfile of random's system information tool 1.05 2009-01-04 22:43:28

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0928DE54-3D14-404F-B577-818690BBF9AF}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F8439B3-FACF-4E6F-A0BE-9525461BC2EC}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ASUS Probe V2.24.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
BMW M3 Challenge-->"C:\BMW M3 Challenge\Support\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Cubasis VST 4-->C:\PROGRA~1\STEINB~1\CUBASI~1\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASI~1\INSTALL.LOG
discWelder BRONZE-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Minnetonka Audio Software\discWelder BRONZE\Uninst.isu" -c"C:\WINDOWS\system32\\UNINSTALL\UninstWDM.dll"
Driver Magician 3.28-->"C:\Program Files\Driver Magician\unins000.exe"
EmpirePoker-->"C:\Program Files\EmpirePokerMaster\EmpirePoker\Uninstall.exe" "C:\Program Files\EmpirePokerMaster\EmpirePoker\install.log"
E-MU Audio Drivers and E-MU 1212M Documentation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0928DE54-3D14-404F-B577-818690BBF9AF}\Setup.exe" -l0x9 /remove
E-MU PatchMix DSP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F8439B3-FACF-4E6F-A0BE-9525461BC2EC}\setup.exe" -l0x9 /remove
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{466B21EE-2858-4845-B2B3-056FC544DAA3}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Risk WarZone Client-->C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WarZone Client v1.0.41-->C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
WaveLab Lite-->"C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Beta (all programs)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Beta (all programs)-->MsiExec.exe /I{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}
Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 update.bitdefender.com

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: TURKS
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 8989
Source Name: Service Control Manager
Time Written: 20081027134623.000000+120
Event Type: information
User:

Computer Name: TURKS
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 8988
Source Name: Service Control Manager
Time Written: 20081027134623.000000+120
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TURKS
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 8987
Source Name: Service Control Manager
Time Written: 20081027134623.000000+120
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TURKS
Event Code: 7036
Message: The ServiceLayer service entered the running state.

Record Number: 8986
Source Name: Service Control Manager
Time Written: 20081027134623.000000+120
Event Type: information
User:

Computer Name: TURKS
Event Code: 7035
Message: The ServiceLayer service was successfully sent a start control.

Record Number: 8985
Source Name: Service Control Manager
Time Written: 20081027134623.000000+120
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: TURKS
Event Code: 100
Message: MsnMsgr (504) The database engine 5.01.2600.2780 started.

Record Number: 4377
Source Name: ESENT
Time Written: 20080801185308.000000+120
Event Type: information
User:

Computer Name: TURKS
Event Code: 12001
Message:
Record Number: 4376
Source Name: usnjsvc
Time Written: 20080801185307.000000+120
Event Type:
User:

Computer Name: TURKS
Event Code: 0
Message:
Record Number: 4375
Source Name: ServiceLayer
Time Written: 20080801185038.000000+120
Event Type: information
User:

Computer Name: TURKS
Event Code: 1
Message:
Record Number: 4374
Source Name: avg8emc
Time Written: 20080801185037.000000+120
Event Type: information
User:

Computer Name: TURKS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 4373
Source Name: SecurityCenter
Time Written: 20080801185027.000000+120
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------






Logfile of random's system information tool 1.05 (written by random/random)
Run by Turk at 2009-01-04 22:43:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 85 GB (85%) free of 100 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:27 PM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Turk\Desktop\RSIT.exe
C:\Program Files\trend micro\Turk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8789 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-02 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-01 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-01 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-03 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-06-18 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-20 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-01 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-20 2403392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-09-20 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-03-20 23040]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2008-03-20 23552]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-11 16844800]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-02 185896]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SetDefaultMIDI"=C:\WINDOWS\system32\MIDIDef.exe [2008-03-20 31232]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-09 3513344]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]
"amva"=C:\WINDOWS\system32\amvo.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-03 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-03-20 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Documents and Settings\Turk\My Documents\Internet Download Manager\IDMan.exe [2008-03-13 2594224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-02-25 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-02-25 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2004-02-25 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-09 3513344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-01-17 7323648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-01-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
C:\WINDOWS\system32\MIDIDef.exe [2008-03-20 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-02 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2005-03-18 1048576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"usnjsvc"=3
"avgfws8"=2
"avg8wd"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\SetupWizard.exe"="H:\SetupWizard.exe:*:Enabled:SetupWizard"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332c395c-1d10-11d7-8fc1-0011d88a7bb5}]
shell\AutoRun\command - WD_Windows_Tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0ecb8de-f80a-11dc-98c0-806d6172696f}]
shell\AutoRun\command - I:\ctrun\ctrun.exe


======List of files/folders created in the last 3 months======

2009-01-04 22:41:45 ----D---- C:\rsit
2009-01-04 22:41:45 ----D---- C:\Program Files\trend micro
2008-12-13 19:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 15:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 15:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 15:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-20 08:00:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-13 08:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-27 14:35:57 ----A---- C:\WINDOWS\ODBC.INI
2008-10-27 14:35:45 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-10-27 14:32:30 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-27 14:25:32 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-27 14:21:32 ----D---- C:\WINDOWS\SHELLNEW
2008-10-27 14:21:10 ----D---- C:\Program Files\Microsoft.NET
2008-10-27 14:21:10 ----D---- C:\Program Files\Microsoft Office
2008-10-25 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 3 months======

2009-01-04 22:43:26 ----D---- C:\WINDOWS\temp
2009-01-04 22:42:18 ----D---- C:\WINDOWS\Prefetch
2009-01-04 22:41:45 ----RD---- C:\Program Files
2009-01-04 22:37:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-04 21:56:56 ----AD---- C:\WINDOWS\system32
2009-01-04 21:56:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-04 21:51:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 20:02:16 ----D---- C:\WINDOWS\system32\config
2009-01-03 09:27:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-03 09:26:23 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-20 19:18:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-19 19:16:54 ----D---- C:\WINDOWS
2008-12-18 23:14:10 ----HD---- C:\WINDOWS\inf
2008-12-18 23:14:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 23:13:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 19:03:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 19:02:55 ----D---- C:\Config.Msi
2008-12-13 19:02:52 ----SHD---- C:\WINDOWS\Installer
2008-12-13 19:02:44 ----A---- C:\WINDOWS\win.ini
2008-12-13 19:01:35 ----D---- C:\Program Files\Internet Explorer
2008-12-13 08:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 18:11:10 ----D---- C:\Documents and Settings\Turk\Application Data\LimeWire
2008-11-27 07:39:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-27 07:39:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-20 12:59:19 ----D---- C:\WINDOWS\Help
2008-11-20 08:00:37 ----D---- C:\WINDOWS\Debug
2008-11-13 08:29:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 06:13:00 ----D---- C:\WINDOWS\WinSxS
2008-11-04 20:03:36 ----SD---- C:\Documents and Settings\Turk\Application Data\Microsoft
2008-10-28 20:26:19 ----RSD---- C:\WINDOWS\assembly
2008-10-28 20:25:41 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 20:25:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-27 14:25:32 ----D---- C:\Program Files\Common Files
2008-10-27 14:21:44 ----D---- C:\Program Files\Common Files\System
2008-10-27 14:21:10 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-27 14:20:08 ----D---- C:\WINDOWS\system
2008-10-23 15:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 11:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 22:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 22:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 22:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 22:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 22:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 22:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 22:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 22:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 22:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 15:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 15:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 18:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 09:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-06 22:47:37 ----D---- C:\Program Files\Windows Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-01 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-01 76040]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-03-20 98328]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-03-20 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-03-20 524824]
R3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:\WINDOWS\System32\drivers\CTEDSPFX.SYS [2008-03-20 259096]
R3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:\WINDOWS\System32\drivers\CTEDSPIO.SYS [2008-03-20 134168]
R3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:\WINDOWS\System32\drivers\CTEDSPSY.SYS [2008-03-20 309784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-03-20 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-03-20 159256]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-03-20 95768]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-02-11 11328]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-03-20 802840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-11 4614656]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-08 12032]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-03-20 129560]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-02-14 469696]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
S3 BTIAUSB;Generic Bluetooth Device; C:\WINDOWS\system32\DRIVERS\btiausb.sys [2008-07-30 23808]
S3 BTPROT;Generic Bluetooth Filter; C:\WINDOWS\system32\DRIVERS\btprot.sys [2008-08-02 453120]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-03-20 98328]
S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-03-20 171032]
S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-03-20 171032]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-03-20 528920]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-03-20 528920]
S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:\WINDOWS\System32\drivers\CTEAPSFX.SYS [2008-03-20 163352]
S3 CTEAPSFX;CTEAPSFX; C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2008-03-20 163352]
S3 CTEDSPFX;CTEDSPFX; C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2008-03-20 259096]
S3 CTEDSPIO;CTEDSPIO; C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2008-03-20 134168]
S3 CTEDSPSY;CTEDSPSY; C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2008-03-20 309784]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-03-20 99352]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-03-20 99352]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]
S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-03-20 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-03-20 72728]
S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-03-20 72728]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-03-20 534040]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-03-20 534040]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-03-20 163864]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-17 3580480]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-20 557056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-01 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2003-10-20 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-17 143427]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-20 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-01-10 89136]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#25 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 04 January 2009 - 09:50 PM

And if so, can we please start with my bedroom computer now?

Brace yourself I have been away for almost 7 months and my family are really bleepty with computers ... and all my little brother does is surf porn online ... *sigh*


Cleaning is in wain as long as the computer remains in the bedroom :thumbsup:

+++++++++++++++

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Removal Instructions
  • Empty all p2p (Bitlord, Limwire, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar

    Also remove the folder in bold: C:\Program Files\AskBarDis

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present, the Ask Toolbar entries might not be present any more):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The SDFix log.
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#26 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 10 January 2009 - 09:45 AM

It's 5 day with no reply. I'll wait two more days before closing this sue to inactivity.

#27 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:20 PM

Posted 14 January 2009 - 10:11 AM

This topic is closed due to inactivity.

If you wanted to open the topic send me a Private Message within a couple of days. Otherwise start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users