Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log: trojan


  • This topic is locked This topic is locked
11 replies to this topic

#1 melbb

melbb

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 09 February 2009 - 04:21 AM

Super anti-spywared detected a trojan labeled as trojan-unclassified-packed/suspicious.process. Just want to see if this is real or not. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:33 AM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122676128734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233149306890
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11265 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 14 February 2009 - 08:08 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the DDS logs
-the F-Secure scan log

Please give me an update on the symptoms. Also tell me of any changes you have made to this computer.

With Regards,
The Panda

#3 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 15 February 2009 - 12:17 PM

Here are the DDS logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/18/2008 1:55:41 PM
System Uptime: 2/14/2009 9:01:37 PM (12 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 284 GiB total, 225.179 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8030CE32D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8030CE32D100
Service: NIC1394

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTDK_CDRW5200B___________________________67U4____\5&112E410&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TDK CDRW5200B
PNP Device ID: IDE\CDROMTDK_CDRW5200B___________________________67U4____\5&112E410&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPHILIPS_DVD+RW_DVD8601__________________KD10____\594D443031363232303735313439553731305938
Manufacturer: (Standard CD-ROM drives)
Name: PHILIPS DVD+RW DVD8601
PNP Device ID: IDE\CDROMPHILIPS_DVD+RW_DVD8601__________________KD10____\594D443031363232303735313439553731305938
Service: cdrom

==== System Restore Points ===================

RP68: 11/27/2008 9:08:09 AM - System Checkpoint
RP69: 11/28/2008 9:18:59 AM - System Checkpoint
RP70: 11/29/2008 9:49:34 AM - System Checkpoint
RP71: 11/30/2008 10:25:03 AM - System Checkpoint
RP72: 12/1/2008 10:56:33 AM - System Checkpoint
RP73: 12/2/2008 11:04:33 AM - System Checkpoint
RP74: 12/3/2008 11:09:13 AM - System Checkpoint
RP75: 12/4/2008 11:54:42 AM - System Checkpoint
RP76: 12/5/2008 12:10:19 PM - System Checkpoint
RP77: 12/6/2008 1:10:18 PM - System Checkpoint
RP100: 12/9/2008 4:26:42 AM - System Checkpoint
RP101: 12/10/2008 3:00:15 AM - Software Distribution Service 3.0
RP102: 12/11/2008 3:12:16 AM - System Checkpoint
RP103: 12/11/2008 10:48:41 PM - Software Distribution Service 3.0
RP104: 12/12/2008 11:10:51 PM - System Checkpoint
RP105: 12/14/2008 12:11:55 AM - System Checkpoint
RP106: 12/15/2008 1:10:51 AM - System Checkpoint
RP107: 12/16/2008 2:10:51 AM - System Checkpoint
RP108: 12/17/2008 3:10:51 AM - System Checkpoint
RP109: 12/18/2008 4:10:50 AM - System Checkpoint
RP110: 12/18/2008 8:24:08 AM - Software Distribution Service 3.0
RP111: 12/19/2008 8:26:34 AM - System Checkpoint
RP112: 12/20/2008 8:52:43 AM - System Checkpoint
RP113: 12/21/2008 9:49:46 AM - System Checkpoint
RP114: 12/22/2008 9:50:10 AM - System Checkpoint
RP115: 12/23/2008 9:59:40 AM - System Checkpoint
RP116: 12/24/2008 10:32:19 AM - System Checkpoint
RP117: 12/25/2008 11:01:01 AM - System Checkpoint
RP118: 12/26/2008 12:01:01 PM - System Checkpoint
RP119: 12/27/2008 1:01:01 PM - System Checkpoint
RP120: 12/28/2008 2:02:09 PM - System Checkpoint
RP121: 12/29/2008 3:01:02 PM - System Checkpoint
RP122: 12/30/2008 5:13:12 PM - System Checkpoint
RP123: 12/31/2008 6:01:47 PM - System Checkpoint
RP124: 1/1/2009 6:10:14 PM - System Checkpoint
RP125: 1/2/2009 8:24:33 PM - System Checkpoint
RP126: 1/3/2009 8:33:42 PM - System Checkpoint
RP127: 1/4/2009 8:35:10 PM - System Checkpoint
RP128: 1/5/2009 9:19:21 PM - System Checkpoint
RP129: 1/6/2009 9:56:34 PM - System Checkpoint
RP130: 1/7/2009 11:21:05 PM - System Checkpoint
RP131: 1/8/2009 11:35:55 PM - System Checkpoint
RP132: 1/10/2009 12:03:31 AM - System Checkpoint
RP133: 1/11/2009 12:45:13 AM - System Checkpoint
RP134: 1/12/2009 1:45:12 AM - System Checkpoint
RP135: 1/13/2009 2:45:14 AM - System Checkpoint
RP136: 1/14/2009 3:00:15 AM - Software Distribution Service 3.0
RP137: 1/14/2009 11:15:19 PM - Software Distribution Service 3.0
RP138: 1/16/2009 12:14:14 AM - System Checkpoint
RP139: 1/17/2009 1:12:55 AM - System Checkpoint
RP140: 1/18/2009 2:12:56 AM - System Checkpoint
RP141: 1/19/2009 3:12:56 AM - System Checkpoint
RP142: 1/20/2009 4:12:55 AM - System Checkpoint
RP143: 1/21/2009 5:12:56 AM - System Checkpoint
RP144: 1/22/2009 6:12:56 AM - System Checkpoint
RP145: 1/23/2009 7:12:56 AM - System Checkpoint
RP146: 1/24/2009 8:12:56 AM - System Checkpoint
RP147: 1/25/2009 10:01:24 AM - System Checkpoint
RP148: 1/26/2009 10:14:01 AM - System Checkpoint
RP149: 1/27/2009 10:52:09 AM - System Checkpoint
RP150: 1/28/2009 8:19:49 AM - Restore Operation
RP151: 1/28/2009 9:20:15 AM - Software Distribution Service 3.0
RP152: 1/29/2009 9:45:58 AM - System Checkpoint
RP153: 1/30/2009 10:45:58 AM - System Checkpoint
RP154: 1/31/2009 11:16:47 AM - System Checkpoint
RP155: 2/1/2009 12:15:12 PM - System Checkpoint
RP156: 2/2/2009 1:16:16 PM - System Checkpoint
RP157: 2/3/2009 1:20:05 PM - System Checkpoint
RP158: 2/4/2009 2:44:12 PM - System Checkpoint
RP159: 2/5/2009 2:53:50 PM - System Checkpoint
RP160: 2/5/2009 5:06:51 PM - Removed iTunes
RP161: 2/5/2009 5:31:51 PM - Removed Apple Mobile Device Support
RP162: 2/5/2009 5:34:13 PM - Removed Apple Software Update
RP163: 2/6/2009 6:20:02 PM - System Checkpoint
RP164: 2/7/2009 6:30:31 PM - System Checkpoint
RP165: 2/8/2009 7:29:26 PM - System Checkpoint
RP166: 2/9/2009 7:50:54 PM - System Checkpoint
RP167: 2/10/2009 8:37:26 PM - System Checkpoint
RP168: 2/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP169: 2/12/2009 3:00:15 AM - Software Distribution Service 3.0
RP170: 2/13/2009 3:18:05 AM - System Checkpoint
RP171: 2/14/2009 3:00:15 AM - Software Distribution Service 3.0
RP172: 2/14/2009 10:40:13 AM - Software Distribution Service 3.0
RP173: 2/14/2009 3:14:51 PM - Restore Operation
RP174: 2/14/2009 3:17:21 PM - Restore Operation
RP175: 2/14/2009 3:26:22 PM - Restore Operation
RP176: 2/14/2009 9:05:52 PM - Restore Operation

==== Installed Programs ======================

3ivx MPEG-4 5.0.3 (remove only)
a-squared Free 2.0
ABBYY FineReader 5.0 Sprint
Acronis True Image Home
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Adorons Easy Security
Amazon MP3 Downloader 1.0.3
ATI Display Driver
Audio Mid Recorder 3.7.2
Avira AntiVir Personal – Free Antivirus
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
BroadJump Client Foundation
CambridgeSoft ChemDraw Ultra 11.0
CCleaner (remove only)
CheckIt Diagnostics
Cheetah DVD Burner
Cheetah WMA Installer
COMODO Firewall Pro
COMODO SafeSurf
CyberScrub® Privacy Suite™ 5.1
DA920EN
Debugging Tools for Windows (x86)
Dell AIO Printer A920
Dell Networking Guide
Dell ResourceCD
ERUNT 1.1j
ESET Online Scanner
FaxTools
FlipShare
Garmin POI Loader
Garmin WebUpdater
getPlus®_ocx
Google Toolbar for Internet Explorer
GPS Image Tracker
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP DeskJet 610C Series (Remove only)
Inkscape 0.46
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
ISI ResearchSoft - Export Helper
Jalview
Java™ 6 Update 7
LOTR The Return of the King tm
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Spearhead
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Word 2000 SR-1
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
MobileMe Control Panel
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
MWSnap 3
Nero
Netscape Internet Service
Netscape Web Accelerator
NetZero Internet
nLite 1.4.9.1
Olympus Digital Wave Player
PandoraRecovery (Remove Only)
PeaZip 1.9.1
Picture Package Music Transfer
Qualxserve Service Agreement
QuickTime
RealPlayer
SafeMedia Add-on for Acronis True Image 11 Home
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
TDK Digital MixMaster
TWC Customer Controls
UCSF Chimera 1.2065
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VSO CopyToDVD 3
WD Diagnostics
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 8.0
Word in Works Suite add-in
Yahoo! Install Manager
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/9/2009 4:13:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook
2/9/2009 4:25:18 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2/11/2009 3:04:08 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool - February 2009 (KB890830).
2/14/2009 10:37:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom

==== End Of File ===========================


DDS (Ver_09-02-01.01) - NTFSx86
Run by Melanie Beebe at 9:27:47.00 on Sun 02/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://webmail.netzero.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Privacy Suite RiskMonitor]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
StartupFolder: c:\docume~1\melani~1.000\startm~1\programs\startup\autoru~1\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122676128734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233149306890
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.bitdefender.com/scan/Msie/bitdefender.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38562.640150463
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - hxxps://oca.microsoft.com/en/secure/ocarpt.CAB
DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - hxxp://images.fotki.com/activex/FotkiUploader.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: AutorunsDisabled\sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-7-21 11840]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-6-19 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-6-19 31504]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-7-21 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-7-21 147201]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-1-15 3744]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-6-19 618232]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-10-5 439616]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-1-15 3904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-8 206096]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-7-21 49472]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2007-6-7 421496]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-01-28 12:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-28 12:21 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-28 12:21 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-28 12:21 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-28 12:21 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-28 12:21 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-28 12:20 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-28 12:20 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-28 12:20 <DIR> --d----- C:\fbdf643ed0af98ec408b0f6d
2009-01-27 16:26 <DIR> --d----- C:\EOrganizer
2009-01-23 20:05 <DIR> --d----- c:\docume~1\melani~1.000\applic~1\GetRightToGo

==================== Find3M ====================

2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-09 15:39 441,760 a------- c:\windows\system32\drivers\timntr.sys
2009-01-09 15:39 44,384 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-01-09 15:39 132,224 a------- c:\windows\system32\drivers\snapman.sys
2009-01-09 15:39 368,480 a------- c:\windows\system32\drivers\tdrpman.sys
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 15:38 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys
2008-12-20 15:38 101,776 a------- c:\windows\system32\drivers\cmdguard.sys
2008-12-20 15:38 147,192 a------- c:\windows\system32\guard32.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2006-12-27 21:18 194,376 a------- c:\docume~1\melani~1.000\applic~1\shb.dat
2004-08-26 21:32 141 a------- c:\program files\pcdocrx_order.html

============= FINISH: 9:28:35.79 ===============





Here is the F-Secure log:

Scanning Report
Sunday, February 15, 2009 09:43:27 - 11:02:45
Computer name: CT18M51
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 48556
System: 5327
Not scanned: 10
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\SQLITE_9KNYDHZQHKZNPXO
C:\WINDOWS\TEMP\SQLITE_EITWITSV6FJ9EU7
C:\WINDOWS\TEMP\SQLITE_GQIHSNLR1BUJ9ZI
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 15 February 2009 - 12:18 PM

Hello melbb.

Are you able to run F-Secure Online scan?

If not, we'll go without it.

With Regards,
The Panda

#5 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 15 February 2009 - 12:20 PM

Just posted it.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 15 February 2009 - 12:27 PM

Hello.

I was pretty sure that wasn't there.. anyways..

You logs look clean, are you having any issues at the moment?

Update Java to Version 6 Update 12
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer here. Choose "Windows"

Delete the installer after use.

With Regards,
The Panda

#7 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 16 February 2009 - 10:48 AM

I did the java update. Computer seems fine. Only problem is windows doesn't recognize my dvd and cd roms anymore, but I assume it is unrelated. Thanks for the help.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 16 February 2009 - 02:15 PM

Hello.

Only problem is windows doesn't recognize my dvd and cd roms anymore.

Does sound unrelated. Let's see what we can do though.

Click on Start -> Run -> devmgmt.msc
In the Device Manager, do you see any yellow warning marks beside any entries?

With Regards,
The Panda

#9 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 16 February 2009 - 03:04 PM

There were yellow exclamation points and the device manager said error 39, windows cannot load the drivers because they are corrupt or missing. I tried updating the drivers and also uninstalling and reinstalling, to no avail. So I posted on the hardware forum and someone suggested deleting the upper and lower filters in the registry. That fixed it.

Thanks again. I guess the trojan was a false positive.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 17 February 2009 - 11:41 AM

That's good to hear.

Any other issues at the moment?

With Regards,
The Panda

#11 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 17 February 2009 - 12:47 PM

Everything is fine. Thanks for your help.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 17 February 2009 - 03:15 PM

Welcome.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users