Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me


  • This topic is locked This topic is locked
12 replies to this topic

#1 jayksofue

jayksofue

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 03 January 2009 - 10:23 PM

This problem on my computer is terrible. I've tried using Norton 360, Malwarebytes, and SpyBot Search and Destroy to remove the Adware, Spyware, and Malware on my computer. The pop ups it gives me do not load so I do not know what it does but sometimes it loads so many hidden popups that the CPU gets up to 90% on my 1Gb RAM. Also, now the infection has gotten to my Win32 Process and it shuts down my computer every tme I boot. The Problem is "Generic Host Process for Win32 Services encountered a problem and needed to close.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:46, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Security Task Manager\taskman.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqqoLc.dll
O2 - BHO: (no name) - {6f4e23e9-8f05-410f-b1fe-ea770a36c6c0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Norton 360.lnk = C:\Program Files\Norton 360\MainStub.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll pjnynb.dll zuqnly.dll c:\windows\system32\towoyila.dll C:\WINDOWS\system32\wawunego.dll c:\windows\system32\nabigeki.dll
O20 - Winlogon Notify: awtqqoLc - C:\WINDOWS\SYSTEM32\awtqqoLc.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13686 bytes

BC AdBot (Login to Remove)

 


#2 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 04 January 2009 - 04:42 PM

I am giving my computer to a factory for a few days to repair other external stuff so in the mean time, all the stuff that you may instruct me to do, I cannot do. This will just be in effect for a few days from today.

#3 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 13 January 2009 - 02:01 PM

Welcome to Bleeping Computer, sorry for the delay as you can tell we are quite busy.

Did you get your system back? still having problems? If so post a fresh HijackThis log and we will take a look at it for you.

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#4 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 21 January 2009 - 08:21 PM

GOT MY COMP BACK YAY
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:51, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6f4e23e9-8f05-410f-b1fe-ea770a36c6c0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Norton 360.lnk = C:\Program Files\Norton 360\MainStub.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll pjnynb.dll zuqnly.dll c:\windows\system32\towoyila.dll C:\WINDOWS\system32\wawunego.dll c:\windows\system32\nabigeki.dll
O20 - Winlogon Notify: awtqqoLc - C:\WINDOWS\
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12992 bytes

#5 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 22 January 2009 - 10:30 AM

Hi jayksofue,

glad to hear you got your system back, but it appears to still be infected so lets get started...

ComboFix

Please download ComboFix from Here or Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#6 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 January 2009 - 12:00 PM

ComboFix 09-01-21.04 - Jay 2009-01-22 11:39:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1538 [GMT -5:00]
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\bafuruga.dll
C:\WINDOWS\system32\bifenona.dll
C:\WINDOWS\system32\drivers\seneka.sys
C:\WINDOWS\system32\drivers\senekaebnaxfmi.sys
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\ezavavan.ini
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\owuyelat.ini
C:\WINDOWS\system32\pkukfm.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\rvtarmtx.dll
C:\WINDOWS\system32\senekalog.dat
C:\WINDOWS\system32\senekawadfuwmv.dll
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\ydgdgmik.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d-------- C:\Documents and Settings\Jay\bluej
2009-01-21 23:50 . 2009-01-21 23:50 <DIR> d-------- C:\Program Files\Sun
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony Setup
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- C:\Program Files\Avanquest update
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-01-21 21:17 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\BlueJ
2009-01-21 19:53 . 2008-01-18 16:16 110,504 --a------ C:\WINDOWS\system32\drivers\a016mdm.sys
2009-01-21 19:53 . 2008-01-18 16:16 104,488 --a------ C:\WINDOWS\system32\drivers\a016mgmt.sys
2009-01-21 19:53 . 2008-01-18 16:16 100,648 --a------ C:\WINDOWS\system32\drivers\a016obex.sys
2009-01-21 19:53 . 2008-01-18 16:16 83,880 --a------ C:\WINDOWS\system32\drivers\a016bus.sys
2009-01-21 19:53 . 2008-01-18 16:16 15,016 --a------ C:\WINDOWS\system32\drivers\a016mdfl.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016whnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016wh.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016cmnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016cm.sys
2009-01-11 18:26 . 2009-01-11 18:26 <DIR> d-------- C:\Program Files\First Class
2009-01-11 18:26 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2009-01-11 18:26 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2009-01-04 01:21 . 2009-01-04 01:22 1,085,440 --a------ C:\WINDOWS\system32\rn.tmp
2009-01-03 22:13 . 2009-01-03 22:13 <DIR> d-------- C:\Program Files\Security Task Manager
2009-01-03 22:13 . 2009-01-03 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-01-01 22:21 . 2009-01-01 22:21 <DIR> d-------- C:\Program Files\Windows Sidebar
2009-01-01 22:17 . 2009-01-01 23:06 <DIR> d-------- C:\Program Files\Symantec
2009-01-01 22:17 . 2009-01-01 23:06 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2009-01-01 22:17 . 2009-01-01 23:06 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2009-01-01 22:17 . 2009-01-01 23:06 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2009-01-01 22:17 . 2009-01-01 23:06 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-12-28 18:10 . 2008-12-31 18:19 327 --a------ C:\WINDOWS\wininit.ini
2008-12-28 12:49 . 2008-12-28 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-28 12:49 . 2008-12-28 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 12:02 . 2008-12-28 13:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-12-27 23:28 . 2008-12-27 23:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-12-27 09:53 . 2008-12-27 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-12-27 09:51 . 2008-12-27 23:19 <DIR> d-------- C:\Documents and Settings\Jay\.housecall6.6
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- C:\Program Files\DAP
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-26 14:49 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-26 14:39 . 2008-12-27 23:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-12-25 19:09 . 2008-12-25 19:09 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 16:51 --------- d-----w C:\Documents and Settings\Jay\Application Data\stickies
2009-01-22 16:50 --------- d-----w C:\Documents and Settings\Jay\Application Data\WTablet
2009-01-22 04:49 --------- d-----w C:\Program Files\Java
2009-01-22 04:43 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-01-22 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-22 00:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-01-22 00:27 --------- d-----w C:\Program Files\FirstClass
2009-01-03 05:29 --------- d-----w C:\Program Files\Norton 360
2009-01-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-02 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-02 03:25 --------- d-----w C:\Documents and Settings\Jay\Application Data\Symantec
2009-01-02 03:16 --------- d-----w C:\Program Files\Armagetron Advanced
2009-01-02 00:17 --------- d-----w C:\Program Files\Steam
2008-12-28 04:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-12-27 14:35 --------- d-----w C:\Program Files\AskBarDis
2008-12-27 13:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 20:05 --------- d-----w C:\Program Files\AIM Music Link
2008-12-22 20:44 --------- d-----w C:\Program Files\World of Warcraft
2008-12-22 03:33 --------- d-----w C:\Program Files\StepMania
2008-12-19 20:22 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-12-19 20:20 --------- d-----w C:\Program Files\Logitech
2008-12-19 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-12-19 19:55 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-12-19 14:36 --------- d-----w C:\Program Files\AIMTunes
2008-12-18 23:28 --------- d-----w C:\Documents and Settings\Jay\Application Data\Vivox
2008-12-16 04:05 --------- d-----w C:\Program Files\DVDVideoSoft
2008-12-16 04:05 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-12-15 02:30 --------- d-----w C:\Documents and Settings\Jay\Application Data\uTorrent
2008-12-13 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-13 04:56 --------- d-----w C:\Documents and Settings\Jay\Application Data\Vidalia
2008-12-13 04:51 --------- d-----w C:\Documents and Settings\Jay\Application Data\tor
2008-12-13 04:49 --------- d-----w C:\Program Files\VentSrv
2008-12-11 04:39 --------- d-----w C:\Documents and Settings\Jay\Application Data\PCF-VLC
2008-12-10 02:51 5 ----a-w C:\WINDOWS\system32\drivers\DELL_INS_9300.MRK
2008-12-10 02:51 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_INS_9300.MRK
2008-12-07 23:37 --------- d-----w C:\Program Files\Vernier Software
2008-12-07 21:33 --------- d-----w C:\Program Files\Common Files\Vernier Software
2008-12-07 21:33 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-12-07 01:42 --------- d-----w C:\Program Files\Image-Line
2008-12-07 01:34 --------- d-----w C:\Program Files\Outsim
2008-11-30 23:05 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-11-30 23:04 --------- d-----w C:\Documents and Settings\Jay\Application Data\Handy Software Lab
2008-11-30 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Handy Software Lab
2008-11-30 23:03 --------- d-----w C:\Program Files\Handy Software Lab
2008-11-30 20:53 --------- d-----w C:\Program Files\FrostWire
2008-11-30 04:01 --------- d-----w C:\Documents and Settings\Jay\Application Data\GameRanger
2008-11-29 18:24 --------- d-----w C:\Program Files\iTunes
2008-11-29 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 18:18 --------- d-----w C:\Program Files\iPod
2008-11-29 04:12 --------- d-----w C:\Documents and Settings\Jay\Application Data\Subversion
2008-11-29 04:09 --------- d-----w C:\Program Files\Gmod Mod Installer n
2008-11-26 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-11-23 00:29 --------- d-----w C:\Program Files\Rogue
2008-11-22 04:28 --------- d-----w C:\Documents and Settings\Jay\Application Data\Rogue.140F0B534E676AD25491A378BD6D96164D40676E.1
2008-11-22 04:10 --------- d-----w C:\Program Files\GotGame
2008-11-22 04:10 --------- d-----w C:\Documents and Settings\Jay\Application Data\GotGame.140F0B534E676AD25491A378BD6D96164D40676E.1
2008-11-22 04:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-11-15 16:26 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-11-15 16:26 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-11-09 05:06 30 ----a-w C:\Documents and Settings\Jay\jagex_runescape_preferences.dat
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-06-23 17:49 61,224 -c--a-w C:\Documents and Settings\Jay\GoToAssistDownloadHelper.exe
2008-05-08 23:31 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2008-01-19 04:05 22,328 ----a-w C:\Documents and Settings\Jay\Application Data\PnkBstrK.sys
2007-12-10 04:55 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-02-01 18:53 80 --sha-r C:\WINDOWS\system32\0AD577EF70.dll
.

#7 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 22 January 2009 - 03:01 PM

New Scan Log
ComboFix 09-01-21.04 - Jay 2009-01-22 14:49:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1449 [GMT -5:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bafuruga.dll
c:\windows\system32\bifenona.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaebnaxfmi.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezavavan.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\owuyelat.ini
c:\windows\system32\pkukfm.dll
c:\windows\system32\Process.exe
c:\windows\system32\rvtarmtx.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekawadfuwmv.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\ydgdgmik.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d-------- c:\documents and settings\Jay\bluej
2009-01-21 23:50 . 2009-01-21 23:50 <DIR> d-------- c:\program files\Sun
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony Setup
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- c:\program files\Avanquest update
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-21 21:17 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\BlueJ
2009-01-21 19:53 . 2008-01-18 16:16 110,504 --a------ c:\windows\system32\drivers\a016mdm.sys
2009-01-21 19:53 . 2008-01-18 16:16 104,488 --a------ c:\windows\system32\drivers\a016mgmt.sys
2009-01-21 19:53 . 2008-01-18 16:16 100,648 --a------ c:\windows\system32\drivers\a016obex.sys
2009-01-21 19:53 . 2008-01-18 16:16 83,880 --a------ c:\windows\system32\drivers\a016bus.sys
2009-01-21 19:53 . 2008-01-18 16:16 15,016 --a------ c:\windows\system32\drivers\a016mdfl.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016whnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016wh.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016cmnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016cm.sys
2009-01-11 18:26 . 2009-01-11 18:26 <DIR> d-------- c:\program files\First Class
2009-01-11 18:26 . 2001-05-03 06:36 4,710 --a------ c:\windows\system32\fc.ico
2009-01-11 18:26 . 1996-02-26 18:15 2,528 --a------ c:\windows\FCIC.INI
2009-01-04 01:21 . 2009-01-04 01:22 1,085,440 --a------ c:\windows\system32\rn.tmp
2009-01-03 22:13 . 2009-01-03 22:13 <DIR> d-------- c:\program files\Security Task Manager
2009-01-03 22:13 . 2009-01-03 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-01-01 22:21 . 2009-01-01 22:21 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-01 22:17 . 2009-01-01 23:06 <DIR> d-------- c:\program files\Symantec
2009-01-01 22:17 . 2009-01-01 23:06 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-01 22:17 . 2009-01-01 23:06 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-01 22:17 . 2009-01-01 23:06 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-01 22:17 . 2009-01-01 23:06 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-28 18:10 . 2008-12-31 18:19 327 --a------ c:\windows\wininit.ini
2008-12-28 12:49 . 2008-12-28 15:37 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 12:49 . 2008-12-28 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 12:02 . 2008-12-28 13:58 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-27 23:28 . 2008-12-27 23:28 <DIR> d-------- c:\program files\Lavasoft
2008-12-27 09:53 . 2008-12-27 09:52 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-27 09:51 . 2008-12-27 23:19 <DIR> d-------- c:\documents and settings\Jay\.housecall6.6
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- c:\program files\DAP
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 14:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 14:39 . 2008-12-27 23:15 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-25 19:09 . 2008-12-25 19:09 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 19:14 --------- d-----w c:\documents and settings\Jay\Application Data\stickies
2009-01-22 19:12 --------- d-----w c:\documents and settings\Jay\Application Data\WTablet
2009-01-22 04:49 --------- d-----w c:\program files\Java
2009-01-22 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-22 02:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 00:43 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-22 00:27 --------- d-----w c:\program files\FirstClass
2009-01-03 05:29 --------- d-----w c:\program files\Norton 360
2009-01-02 16:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 04:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 03:25 --------- d-----w c:\documents and settings\Jay\Application Data\Symantec
2009-01-02 03:16 --------- d-----w c:\program files\Armagetron Advanced
2009-01-02 00:17 --------- d-----w c:\program files\Steam
2008-12-28 04:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-27 14:35 --------- d-----w c:\program files\AskBarDis
2008-12-27 13:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 20:05 --------- d-----w c:\program files\AIM Music Link
2008-12-22 20:44 --------- d-----w c:\program files\World of Warcraft
2008-12-22 03:33 --------- d-----w c:\program files\StepMania
2008-12-19 20:22 --------- d-----w c:\program files\Common Files\LogiShrd
2008-12-19 20:20 --------- d-----w c:\program files\Logitech
2008-12-19 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-12-19 19:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-19 14:36 --------- d-----w c:\program files\AIMTunes
2008-12-18 23:28 --------- d-----w c:\documents and settings\Jay\Application Data\Vivox
2008-12-16 04:05 --------- d-----w c:\program files\DVDVideoSoft
2008-12-16 04:05 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-15 02:30 --------- d-----w c:\documents and settings\Jay\Application Data\uTorrent
2008-12-13 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-13 04:56 --------- d-----w c:\documents and settings\Jay\Application Data\Vidalia
2008-12-13 04:51 --------- d-----w c:\documents and settings\Jay\Application Data\tor
2008-12-13 04:49 --------- d-----w c:\program files\VentSrv
2008-12-11 04:39 --------- d-----w c:\documents and settings\Jay\Application Data\PCF-VLC
2008-12-10 02:51 5 ----a-w c:\windows\system32\drivers\DELL_INS_9300.MRK
2008-12-10 02:51 5 ----a-w c:\windows\system32\drivers\1028_DELL_INS_9300.MRK
2008-12-07 23:37 --------- d-----w c:\program files\Vernier Software
2008-12-07 21:33 --------- d-----w c:\program files\Common Files\Vernier Software
2008-12-07 21:33 --------- d-----w c:\program files\Common Files\TI Shared
2008-12-07 01:42 --------- d-----w c:\program files\Image-Line
2008-12-07 01:34 --------- d-----w c:\program files\Outsim
2008-11-30 23:05 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-30 23:04 --------- d-----w c:\documents and settings\Jay\Application Data\Handy Software Lab
2008-11-30 23:04 --------- d-----w c:\documents and settings\All Users\Application Data\Handy Software Lab
2008-11-30 23:03 --------- d-----w c:\program files\Handy Software Lab
2008-11-30 20:53 --------- d-----w c:\program files\FrostWire
2008-11-30 04:01 --------- d-----w c:\documents and settings\Jay\Application Data\GameRanger
2008-11-29 18:24 --------- d-----w c:\program files\iTunes
2008-11-29 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 18:18 --------- d-----w c:\program files\iPod
2008-11-29 04:12 --------- d-----w c:\documents and settings\Jay\Application Data\Subversion
2008-11-29 04:09 --------- d-----w c:\program files\Gmod Mod Installer n
2008-11-26 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-23 00:29 --------- d-----w c:\program files\Rogue
2008-11-22 04:28 --------- d-----w c:\documents and settings\Jay\Application Data\Rogue.140F0B534E676AD25491A378BD6D96164D40676E.1
2008-11-22 04:10 --------- d-----w c:\program files\GotGame
2008-11-22 04:10 --------- d-----w c:\documents and settings\Jay\Application Data\GotGame.140F0B534E676AD25491A378BD6D96164D40676E.1
2008-11-22 04:07 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-15 16:26 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-15 16:26 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-09 05:06 30 ----a-w c:\documents and settings\Jay\jagex_runescape_preferences.dat
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-06-23 17:49 61,224 -c--a-w c:\documents and settings\Jay\GoToAssistDownloadHelper.exe
2008-05-08 23:31 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-01-19 04:05 22,328 ----a-w c:\documents and settings\Jay\Application Data\PnkBstrK.sys
2007-12-10 04:55 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-08 01:46 13,624 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-02-01 18:53 80 --sha-r c:\windows\system32\0AD577EF70.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]

c:\documents and settings\Jay\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\stickies\stickies.exe [2007-03-08 700416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Norton 360.lnk - c:\program files\Norton 360\MainStub.exe [2008-02-26 448864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 12:49 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Joost.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Joost.lnk
backup=c:\windows\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 22:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 12:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
--a------ 2007-02-16 11:58 856064 c:\program files\I8kfanGUI\I8kfanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-31 22:08 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 08:35 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2007-08-26 01:02 11852288 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Livestation"=c:\program files\Livestation\Livestation.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\Steam\\steamapps\\jayksofue\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Armagetron Advanced\\ArmagetronAd.exe"=
"c:\\Program Files\\Steam\\steamapps\\jayksofue\\counter-strike\\hl.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\FileMaker\\FileMaker Pro 9\\FileMaker Pro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Galcon\\main.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\jayksofue\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\I8kfanGUI\\I8kfanGUI.exe"=
"c:\\WINDOWS\\system32\\Tablet.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-09-10 14464]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-02-07 31616]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 814728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-25 24652]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2009-01-21 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2009-01-21 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2009-01-21 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2009-01-21 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2009-01-21 100648]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\R101351\ATIXPGAA.SYS [2007-09-10 12032]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-05-21 34576]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{6f4e23e9-8f05-410f-b1fe-ea770a36c6c0} - (no file)
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
Notify-awtqqoLc - (no file)
MSConfigStartUp-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_10908.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 14:54:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1492)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'lsass.exe'(1556)
c:\windows\system32\xfire_lsp_10908.dll
.
Completion time: 2009-01-22 14:58:53
ComboFix-quarantined-files.txt 2009-01-22 19:57:34

Pre-Run: 6,778,761,216 bytes free
Post-Run: 6,761,914,368 bytes free

403 --- E O F --- 2008-12-19 10:50:45

#8 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 24 January 2009 - 04:55 PM

Hi jayksofue,

sorry for the delay, for some reason I didnĺt get the email notification.

P2P Warning!

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current problem/infection. I would strongly suggest you remove Frostwire as this is one of the worst offenders. Removing can be done through Add/Remove Programs.

===============================================

Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\rn.tmp
c:\windows\system32\drivers\lvuvc.hs


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
===============================================

Needed in your next reply:

Combofix log
Kaspersky WebScanner results

And let me know how things are running now :thumbsup:

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#9 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 28 January 2009 - 05:07 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 28, 2009 02:29:09
Records in database: 1715445
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 196422
Threat name: 8
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 02:21:38


File name / Threat name / Threats count
C:\Documents and Settings\Jay\Shared\300 violin orchestra CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\Jay\Shared\300 violin orchestra.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Jay\Shared\jizzed in my pants snl - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Jay\Shared\jizzed in my pants snl.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\Jay\Shared\shawty really luv it MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bafuruga.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bifenona.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\seneka.sys.vir Infected: Rootkit.Win32.Agent.gjw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\senekaebnaxfmi.sys.vir Infected: Rootkit.Win32.Agent.gjw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekawadfuwmv.dll.vir Infected: Trojan.Win32.Small.brl 1
C:\WINDOWS\system32\nabigeki.dll_old Infected: Trojan-Spy.Win32.Agent.hgr 1

The selected area was scanned.


ComboFix 09-01-21.04 - Jay 2009-01-24 17:26:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1209 [GMT -5:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFscript.txt.txt
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-22 18:10 . 2009-01-22 18:10 <DIR> d-------- c:\program files\Hotspot Shield
2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d-------- c:\documents and settings\Jay\bluej
2009-01-21 23:50 . 2009-01-21 23:50 <DIR> d-------- c:\program files\Sun
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony Setup
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- c:\program files\Avanquest update
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-21 21:17 . 2009-01-21 21:25 <DIR> d-------- c:\program files\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\BlueJ
2009-01-21 19:53 . 2008-01-18 16:16 110,504 --a------ c:\windows\system32\drivers\a016mdm.sys
2009-01-21 19:53 . 2008-01-18 16:16 104,488 --a------ c:\windows\system32\drivers\a016mgmt.sys
2009-01-21 19:53 . 2008-01-18 16:16 100,648 --a------ c:\windows\system32\drivers\a016obex.sys
2009-01-21 19:53 . 2008-01-18 16:16 83,880 --a------ c:\windows\system32\drivers\a016bus.sys
2009-01-21 19:53 . 2008-01-18 16:16 15,016 --a------ c:\windows\system32\drivers\a016mdfl.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016whnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016wh.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016cmnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ c:\windows\system32\drivers\a016cm.sys
2009-01-11 18:26 . 2009-01-11 18:26 <DIR> d-------- c:\program files\First Class
2009-01-11 18:26 . 2001-05-03 06:36 4,710 --a------ c:\windows\system32\fc.ico
2009-01-11 18:26 . 1996-02-26 18:15 2,528 --a------ c:\windows\FCIC.INI
2009-01-04 01:21 . 2009-01-04 01:22 1,085,440 --a------ c:\windows\system32\rn.tmp
2009-01-03 22:13 . 2009-01-03 22:13 <DIR> d-------- c:\program files\Security Task Manager
2009-01-03 22:13 . 2009-01-03 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-01-01 22:21 . 2009-01-01 22:21 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-01 22:17 . 2009-01-01 23:06 <DIR> d-------- c:\program files\Symantec
2009-01-01 22:17 . 2009-01-01 23:06 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-01 22:17 . 2009-01-01 23:06 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-01 22:17 . 2009-01-01 23:06 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-01 22:17 . 2009-01-01 23:06 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-28 18:10 . 2008-12-31 18:19 327 --a------ c:\windows\wininit.ini
2008-12-28 12:49 . 2008-12-28 15:37 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 12:49 . 2008-12-28 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 12:02 . 2008-12-28 13:58 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-27 23:28 . 2008-12-27 23:28 <DIR> d-------- c:\program files\Lavasoft
2008-12-27 09:53 . 2008-12-27 09:52 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-27 09:51 . 2008-12-27 23:19 <DIR> d-------- c:\documents and settings\Jay\.housecall6.6
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- c:\program files\DAP
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 14:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 14:39 . 2008-12-27 23:15 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-25 19:09 . 2008-12-25 19:09 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 22:24 --------- d-----w c:\documents and settings\Jay\Application Data\stickies
2009-01-24 16:07 --------- d-----w c:\documents and settings\Jay\Application Data\WTablet
2009-01-24 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-24 00:12 --------- d-----w c:\program files\Steam
2009-01-22 04:49 --------- d-----w c:\program files\Java
2009-01-22 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-22 02:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 00:43 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-22 00:27 --------- d-----w c:\program files\FirstClass
2009-01-03 05:29 --------- d-----w c:\program files\Norton 360
2009-01-02 04:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 03:25 --------- d-----w c:\documents and settings\Jay\Application Data\Symantec
2009-01-02 03:16 --------- d-----w c:\program files\Armagetron Advanced
2008-12-28 04:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-27 14:35 --------- d-----w c:\program files\AskBarDis
2008-12-27 13:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-24 20:05 --------- d-----w c:\program files\AIM Music Link
2008-12-22 20:44 --------- d-----w c:\program files\World of Warcraft
2008-12-22 03:33 --------- d-----w c:\program files\StepMania
2008-12-19 20:22 --------- d-----w c:\program files\Common Files\LogiShrd
2008-12-19 20:20 --------- d-----w c:\program files\Logitech
2008-12-19 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-12-19 19:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-19 14:36 --------- d-----w c:\program files\AIMTunes
2008-12-18 23:28 --------- d-----w c:\documents and settings\Jay\Application Data\Vivox
2008-12-16 04:05 --------- d-----w c:\program files\DVDVideoSoft
2008-12-16 04:05 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-15 02:30 --------- d-----w c:\documents and settings\Jay\Application Data\uTorrent
2008-12-13 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-13 04:56 --------- d-----w c:\documents and settings\Jay\Application Data\Vidalia
2008-12-13 04:51 --------- d-----w c:\documents and settings\Jay\Application Data\tor
2008-12-13 04:49 --------- d-----w c:\program files\VentSrv
2008-12-11 04:39 --------- d-----w c:\documents and settings\Jay\Application Data\PCF-VLC
2008-12-10 02:51 5 ----a-w c:\windows\system32\drivers\DELL_INS_9300.MRK
2008-12-10 02:51 5 ----a-w c:\windows\system32\drivers\1028_DELL_INS_9300.MRK
2008-12-07 23:37 --------- d-----w c:\program files\Vernier Software
2008-12-07 21:33 --------- d-----w c:\program files\Common Files\Vernier Software
2008-12-07 21:33 --------- d-----w c:\program files\Common Files\TI Shared
2008-12-07 01:42 --------- d-----w c:\program files\Image-Line
2008-12-07 01:34 --------- d-----w c:\program files\Outsim
2008-11-30 23:05 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-30 23:04 --------- d-----w c:\documents and settings\Jay\Application Data\Handy Software Lab
2008-11-30 23:04 --------- d-----w c:\documents and settings\All Users\Application Data\Handy Software Lab
2008-11-30 23:03 --------- d-----w c:\program files\Handy Software Lab
2008-11-30 20:53 --------- d-----w c:\program files\FrostWire
2008-11-30 04:01 --------- d-----w c:\documents and settings\Jay\Application Data\GameRanger
2008-11-29 18:24 --------- d-----w c:\program files\iTunes
2008-11-29 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 18:18 --------- d-----w c:\program files\iPod
2008-11-29 04:12 --------- d-----w c:\documents and settings\Jay\Application Data\Subversion
2008-11-29 04:09 --------- d-----w c:\program files\Gmod Mod Installer n
2008-11-26 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-15 16:26 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-15 16:26 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-09 05:06 30 ----a-w c:\documents and settings\Jay\jagex_runescape_preferences.dat
2008-06-23 17:49 61,224 -c--a-w c:\documents and settings\Jay\GoToAssistDownloadHelper.exe
2008-05-08 23:31 32 ----a-r c:\documents and settings\All Users\hash.dat
2008-01-19 04:05 22,328 ----a-w c:\documents and settings\Jay\Application Data\PnkBstrK.sys
2007-12-10 04:55 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-08 01:46 13,624 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-02-01 18:53 80 --sha-r c:\windows\system32\0AD577EF70.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_14.56.12.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-24 16:06:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-22 18:10 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]

c:\documents and settings\Jay\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\stickies\stickies.exe [2007-03-08 700416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Norton 360.lnk - c:\program files\Norton 360\MainStub.exe [2008-02-26 448864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 12:49 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqoLc]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Joost.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Joost.lnk
backup=c:\windows\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Jay\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 22:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 12:51 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
--a------ 2007-02-16 11:58 856064 c:\program files\I8kfanGUI\I8kfanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-31 22:08 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 08:35 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2007-08-26 01:02 11852288 c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Livestation"=c:\program files\Livestation\Livestation.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-09-10 14464]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-02-07 31616]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
R4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 814728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-25 24652]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2009-01-21 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2009-01-21 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2009-01-21 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2009-01-21 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2009-01-21 100648]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\R101351\ATIXPGAA.SYS [2007-09-10 12032]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-05-21 34576]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{6f4e23e9-8f05-410f-b1fe-ea770a36c6c0} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_10908.dll
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 17:31:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1532298954-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'lsass.exe'(1840)
c:\windows\system32\xfire_lsp_10908.dll
.
Completion time: 2009-01-24 17:36:08
ComboFix-quarantined-files.txt 2009-01-24 22:34:49
ComboFix2.txt 2009-01-22 19:58:55

Pre-Run: 7,929,417,728 bytes free
Post-Run: 8,002,486,272 bytes free

343 --- E O F --- 2008-12-19 10:50:45

#10 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 30 January 2009 - 04:35 PM

hi jayksofue,

looks like we are almost done here....


Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Jay\Shared\300 violin orchestra CD quality.mp3 C:\Documents and Settings\Jay\Shared\300 violin orchestra.mp3 
C:\Documents and Settings\Jay\Shared\jizzed in my pants snl - greatest hits.wma C:\Documents and Settings\Jay\Shared\jizzed in my pants snl.mp3 C:\Documents and Settings\Jay\Shared\shawty really luv it MTV.mp3 
C:\WINDOWS\system32\nabigeki.dll_old


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Also let me know how everything is running :thumbsup:

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#11 jayksofue

jayksofue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 30 January 2009 - 06:14 PM

ComboFix 09-01-21.04 - Jay 2009-01-30 18:09:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.942 [GMT -5:00]
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-28 22:32 . 2009-01-28 22:32 <DIR> d-------- C:\WINDOWS\LastGood
2009-01-22 18:10 . 2009-01-22 18:10 <DIR> d-------- C:\Program Files\Hotspot Shield
2009-01-21 23:51 . 2009-01-21 23:51 <DIR> d-------- C:\Documents and Settings\Jay\bluej
2009-01-21 23:50 . 2009-01-21 23:50 <DIR> d-------- C:\Program Files\Sun
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony Setup
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony
2009-01-21 21:25 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- C:\Program Files\Avanquest update
2009-01-21 21:18 . 2009-01-21 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-01-21 21:17 . 2009-01-21 21:25 <DIR> d-------- C:\Program Files\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2009-01-21 19:53 . 2009-01-21 19:53 <DIR> d-------- C:\BlueJ
2009-01-21 19:53 . 2008-01-18 16:16 110,504 --a------ C:\WINDOWS\system32\drivers\a016mdm.sys
2009-01-21 19:53 . 2008-01-18 16:16 104,488 --a------ C:\WINDOWS\system32\drivers\a016mgmt.sys
2009-01-21 19:53 . 2008-01-18 16:16 100,648 --a------ C:\WINDOWS\system32\drivers\a016obex.sys
2009-01-21 19:53 . 2008-01-18 16:16 83,880 --a------ C:\WINDOWS\system32\drivers\a016bus.sys
2009-01-21 19:53 . 2008-01-18 16:16 15,016 --a------ C:\WINDOWS\system32\drivers\a016mdfl.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016whnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016wh.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016cmnt.sys
2009-01-21 19:53 . 2008-01-18 16:16 12,200 --a------ C:\WINDOWS\system32\drivers\a016cm.sys
2009-01-11 18:26 . 2009-01-11 18:26 <DIR> d-------- C:\Program Files\First Class
2009-01-11 18:26 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2009-01-11 18:26 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2009-01-04 01:21 . 2009-01-04 01:22 1,085,440 --a------ C:\WINDOWS\system32\rn.tmp
2009-01-03 22:13 . 2009-01-03 22:13 <DIR> d-------- C:\Program Files\Security Task Manager
2009-01-03 22:13 . 2009-01-03 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-28 18:10 . 2008-12-31 18:19 327 --a------ C:\WINDOWS\wininit.ini
2008-12-28 12:49 . 2008-12-28 15:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-28 12:49 . 2008-12-28 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 12:02 . 2008-12-28 13:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-12-27 23:28 . 2008-12-27 23:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-12-27 09:53 . 2008-12-27 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-12-27 09:51 . 2008-12-27 23:19 <DIR> d-------- C:\Documents and Settings\Jay\.housecall6.6
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- C:\Program Files\DAP
2008-12-26 14:52 . 2008-12-27 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-26 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-26 14:49 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-26 14:49 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-26 14:39 . 2008-12-27 23:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-12-25 19:09 . 2008-12-25 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-12-19 15:20 . 2008-12-19 15:20 <DIR> d-------- C:\Program Files\Logitech
2008-12-18 18:28 . 2008-12-18 18:28 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Vivox
2008-12-15 23:05 . 2008-12-15 23:05 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-12-15 23:05 . 2008-12-15 23:05 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-12-15 23:05 . 2008-12-27 09:35 <DIR> d-------- C:\Program Files\AskBarDis
2008-12-15 23:05 . 2008-12-26 19:51 <DIR> d-------- C:\DVDVideoSoft
2008-12-15 23:05 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-12-10 23:39 . 2008-12-10 23:39 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\PCF-VLC
2008-12-09 21:51 . 2005-07-08 13:19 666 --a------ C:\WINDOWS\speed.reg
2008-12-09 21:51 . 2008-12-09 21:51 5 --a------ C:\WINDOWS\system32\drivers\DELL_INS_9300.MRK
2008-12-09 21:51 . 2008-12-09 21:51 5 --a------ C:\WINDOWS\system32\drivers\1028_DELL_INS_9300.MRK
2008-12-07 16:33 . 2008-12-07 16:33 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2008-12-07 16:33 . 2007-06-08 13:15 194,362 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-12-07 16:33 . 2007-06-08 13:15 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-12-07 16:33 . 2004-02-04 11:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2008-12-07 16:33 . 2007-01-10 13:23 17,424 --a------ C:\WINDOWS\system32\drivers\ezusb.sys
2008-12-07 16:33 . 2003-11-14 15:53 11,520 --a------ C:\WINDOWS\system32\drivers\wdmstub.sys
2008-12-07 16:32 . 2008-12-07 16:33 <DIR> d-------- C:\Program Files\Common Files\Vernier Software
2008-12-06 20:34 . 2008-12-06 20:34 <DIR> d-------- C:\Program Files\Outsim

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 23:03 --------- d-----w C:\Documents and Settings\Jay\Application Data\stickies
2009-01-30 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-30 01:34 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2009-01-30 01:30 --------- d-----w C:\Program Files\Steam
2009-01-30 00:57 --------- d-----w C:\Documents and Settings\Jay\Application Data\uTorrent
2009-01-29 03:27 --------- d-----w C:\Documents and Settings\Jay\Application Data\WTablet
2009-01-26 17:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-01-26 17:14 --------- d-----w C:\Documents and Settings\Jay\Application Data\Symantec
2009-01-26 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-26 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-25 23:11 --------- d-----w C:\Documents and Settings\Jay\Application Data\LimeWire
2009-01-22 04:49 --------- d-----w C:\Program Files\Java
2009-01-22 04:43 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-01-22 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-22 00:27 --------- d-----w C:\Program Files\FirstClass
2009-01-02 03:16 --------- d-----w C:\Program Files\Armagetron Advanced
2008-12-28 04:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-12-27 13:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-24 20:05 --------- d-----w C:\Program Files\AIM Music Link
2008-12-22 20:44 --------- d-----w C:\Program Files\World of Warcraft
2008-12-22 03:33 --------- d-----w C:\Program Files\StepMania
2008-12-19 20:22 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-12-19 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-12-19 14:36 --------- d-----w C:\Program Files\AIMTunes
2008-12-13 04:56 --------- d-----w C:\Documents and Settings\Jay\Application Data\Vidalia
2008-12-13 04:51 --------- d-----w C:\Documents and Settings\Jay\Application Data\tor
2008-12-13 04:49 --------- d-----w C:\Program Files\VentSrv
2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-12-07 23:37 --------- d-----w C:\Program Files\Vernier Software
2008-12-07 01:42 --------- d-----w C:\Program Files\Image-Line
2008-11-30 23:05 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-11-30 23:04 --------- d-----w C:\Documents and Settings\Jay\Application Data\Handy Software Lab
2008-11-30 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Handy Software Lab
2008-11-30 23:03 --------- d-----w C:\Program Files\Handy Software Lab
2008-11-30 20:53 --------- d-----w C:\Program Files\FrostWire
2008-11-30 04:01 --------- d-----w C:\Documents and Settings\Jay\Application Data\GameRanger
2008-11-29 18:24 --------- d-----w C:\Program Files\iTunes
2008-11-29 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 18:18 --------- d-----w C:\Program Files\iPod
2008-11-29 04:12 --------- d-----w C:\Documents and Settings\Jay\Application Data\Subversion
2008-11-29 04:09 --------- d-----w C:\Program Files\Gmod Mod Installer n
2008-11-15 16:26 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-11-15 16:26 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-11-09 05:06 30 ----a-w C:\Documents and Settings\Jay\jagex_runescape_preferences.dat
2008-10-23 12:36 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-06-23 17:49 61,224 -c--a-w C:\Documents and Settings\Jay\GoToAssistDownloadHelper.exe
2008-05-08 23:31 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2008-01-19 04:05 22,328 ----a-w C:\Documents and Settings\Jay\Application Data\PnkBstrK.sys
2007-12-10 04:55 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 16:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-02-01 18:53 80 --sha-r C:\WINDOWS\system32\0AD577EF70.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_14.56.12.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-13 16:54:40 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-26 15:17:35 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-13 16:54:42 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-26 15:17:36 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-13 16:54:41 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-26 15:17:35 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-13 16:54:41 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-26 15:17:35 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-13 16:54:41 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-26 15:17:35 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-13 16:54:42 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-26 15:17:36 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-13 16:54:42 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-26 15:17:36 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-13 16:54:41 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-26 15:17:35 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-13 16:54:41 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-26 15:17:35 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-13 16:54:42 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-26 15:17:36 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-13 16:54:42 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-26 15:17:36 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-13 16:54:40 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-26 15:17:35 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-12 02:00:42 41,752 ----a-w C:\WINDOWS\LastGood\system32\drivers\LVUSBSta.sys
- 2008-09-08 10:41:42 333,824 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2009-01-09 22:35:30 20,853,704 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2009-01-29 03:27:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_270.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-22 18:10 204248 --a------ C:\Program Files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 10:32 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 11:58 856064]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 12:51 50528]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 22:06 2321600]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 11:13 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 10:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 10:17 970752]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-21 23:43 136600]

C:\Documents and Settings\Jay\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:19 700416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-23 12:49 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqoLc]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Joost.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\Joost.lnk
backup=C:\WINDOWS\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Stickies.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\Stickies.lnk
backup=C:\WINDOWS\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jay^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Jay\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 22:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-06-19 12:51 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
--a------ 2007-02-16 11:58 856064 C:\Program Files\I8kfanGUI\I8kfanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-11-12 15:48 21760296 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-31 22:08 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 08:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2007-08-26 01:02 11852288 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Livestation"=C:\Program Files\Livestation\Livestation.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Documents and Settings\\Jay\\Desktop\\Freegate.exe"=
"C:\\Program Files\\Hotspot Shield\\bin\\openvpntray.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_11\\jre\\bin\\java.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\First Class\\fcc32.exe"=

R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-09-10 17:07:34 14464]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\WINDOWS\system32\drivers\vrtaucbl.sys [2008-02-07 23:48:01 31616]
R4 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2008-01-16 15:57:26 814728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-10-25 19:40:20 24652]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);C:\WINDOWS\system32\drivers\a016bus.sys [2009-01-21 19:53:13 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;C:\WINDOWS\system32\drivers\a016mdfl.sys [2009-01-21 19:53:15 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\a016mdm.sys [2009-01-21 19:53:15 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\a016mgmt.sys [2009-01-21 19:53:16 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\a016obex.sys [2009-01-21 19:53:16 100648]
S3 ATIXPGAA;ATIXPGAA;C:\DELL\drivers\R101351\ATIXPGAA.SYS [2007-09-10 08:57:33 12032]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2008-05-21 18:57:38 34576]
S3 SBRE;SBRE;\??\C:\WINDOWS\system32\drivers\SBREdrv.sys --> C:\WINDOWS\system32\drivers\SBREdrv.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-12-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{6f4e23e9-8f05-410f-b1fe-ea770a36c6c0} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_10908.dll
TCP: {0F6CD8A9-17CE-4861-81F6-C1BFEE2DEE86} = 10.10.176.1
FF - ProfilePath - C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\lnlozogw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: C:\Program Files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - plugin: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files\Picasa2\npPicasa2.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

#12 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 02 February 2009 - 04:37 PM

HI jayksofue,

it doesn't look like that deleted the files, lets try this one...

OTMoveIt3 by OldTimer

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy everything inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\Documents and Settings\Jay\Shared\300 violin orchestra CD quality.mp3 C:\Documents and Settings\Jay\Shared\300 violin orchestra.mp3 
    C:\Documents and Settings\Jay\Shared\jizzed in my pants snl - greatest hits.wma C:\Documents and Settings\Jay\Shared\jizzed in my pants snl.mp3 C:\Documents and Settings\Jay\Shared\shawty really luv it MTV.mp3 
    C:\WINDOWS\system32\nabigeki.dll_old
    C:\WINDOWS\system32\nabigeki.dll
    :Reg
    :Commands
    [purity]
    [emptytemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

===============================================

ComboFix Removal
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
===============================================

Please post the OTMoveIt3 log, and let me know how everything is running :thumbsup:

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image


#13 BHowett

BHowett

    Malware Hunter


  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 AM

Posted 07 February 2009 - 11:21 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Please do not PM me asking for support. Post on the forums instead :)
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!
Search the Forums | Forum Help
Posted Image
My help is always free, but if you feel I have helped you and would like to make a small donation, please click ---> Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users