Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vundo and/or toseeka redirector or ?


  • This topic is locked This topic is locked
8 replies to this topic

#1 dualdiagnosis

dualdiagnosis

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 08 March 2009 - 02:47 PM

Hi- Let a friend borrow laptop for a while, it came back very slow and with pop ups, browser redirectors, flashing video artifacts, and other assorted problems. Ran AVG, F-Prot, Trojan Hunter, Malware Anti, Panda, Ad-Aware, Spyware Blaster, SUPERAntiSpyware, Kaspersky, Full Geek Squad MRI, etc, etc..., even tried combofix which sped up computer, but am still having redirect issues from google and yahoo search pages.

Help!

Here is the dds report, along with the attach upload-


DDS (Ver_09-02-01.01) - NTFSx86
Run by Adrian at 12:25:46.75 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.261 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\CAPM1RSK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ariel Nava\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [readericon10] c:\program files\multimedia card reader\readericon10.exe
StartupFolder: c:\docume~1\arieln~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\arieln~1\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\myst iv - revelation\support\register\na\RegistrationReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\canonp~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153629523406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arieln~1\applic~1\mozilla\firefox\profiles\dv7omh5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\ariel nava\application data\mozilla\firefox\profiles\dv7omh5c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ariel nava\application data\mozilla\firefox\profiles\dv7omh5c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: XUL Cache: {93393A93-8E4F-48F9-BD14-7230EDC35041} - c:\documents and settings\ariel nava\local settings\application data\{93393A93-8E4F-48F9-BD14-7230EDC35041}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-3-3 592224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-11 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-11 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-11 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-11 298264]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2008-4-21 45960]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-9 122368]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-1-17 24635]
S2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]
S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2007-10-19 22912]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

=============== Created Last 30 ================

2009-03-07 22:03 <DIR> --d----- c:\program files\Multimedia Card Reader
2009-03-07 19:24 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-03-07 19:24 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-03-07 19:24 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-03-07 19:24 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-03-07 19:24 8,192 a------- c:\windows\system32\kbdkor.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd101c.dll
2009-03-07 19:24 5,632 a------- c:\windows\system32\kbd103.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd106.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd101b.dll
2009-03-06 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 21:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 21:11 <DIR> --d----- c:\docume~1\arieln~1\applic~1\SUPERAntiSpyware.com
2009-03-06 21:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-06 20:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-06 09:20 <DIR> --d----- C:\cmdcons
2009-03-06 09:18 161,792 a------- c:\windows\SWREG.exe
2009-03-06 09:18 98,816 a------- c:\windows\sed.exe
2009-03-04 00:03 <DIR> --d----- C:\VundoFix Backups
2009-03-03 21:34 <DIR> --d----- c:\docume~1\arieln~1\applic~1\FRISK Software
2009-03-03 20:49 <DIR> --d----- c:\docume~1\arieln~1\applic~1\TrojanHunter
2009-03-03 19:04 592,224 a------- c:\windows\system32\drivers\FStopW.sys
2009-03-03 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FRISK Software
2009-03-03 19:04 <DIR> --d----- c:\program files\FRISK Software
2009-03-03 18:57 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-02-12 00:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-11 23:56 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 23:56 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-11 23:56 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-11 23:56 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-11 23:56 <DIR> --d----- c:\program files\AVG
2009-02-11 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-11 19:21 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-11 19:20 626,688 a------- c:\windows\system32\msvcr80.dll
2009-02-11 14:11 <DIR> --d----- c:\program files\AskSBar
2009-02-11 01:13 552 a------- c:\windows\system32\d3d8caps.dat
2009-02-11 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2009-02-11 00:11 <DIR> --d----- c:\docume~1\arieln~1\applic~1\Malwarebytes
2009-02-11 00:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-11 00:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 00:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-09 18:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-07 00:12 60,568 a---h--- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2009-01-05 19:49 2,709 a------- c:\windows\esoyavej.dll
2009-01-05 14:00 2,709 a------- c:\windows\evosacevezuyoca.dll
2009-01-05 00:22 2,709 a------- c:\windows\oyunosesoxi.dll
2009-01-04 22:14 2,709 a------- c:\windows\ipozuyocadisayi.dll
2009-01-04 20:06 2,709 a------- c:\windows\ogiqeniware.dll
2009-01-04 19:04 2,709 a------- c:\windows\imalewizut.dll
2009-01-04 18:02 2,709 a------- c:\windows\isebituk.dll
2009-01-04 17:00 2,709 a------- c:\windows\udofoyeje.dll
2009-01-04 15:58 2,709 a------- c:\windows\iyikawasaxov.dll
2009-01-04 14:56 2,709 a------- c:\windows\usujegozuxecugu.dll
2009-01-04 13:54 2,709 a------- c:\windows\ununazil.dll
2009-01-04 12:52 2,709 a------- c:\windows\egeyatupek.dll
2009-01-04 11:56 2,709 a------- c:\windows\ihogarorohugewu.dll
2009-01-04 11:53 2,709 a------- c:\windows\icikusadiyu.dll
2009-01-04 11:50 2,709 a------- c:\windows\Xgagolalocupu.dat
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-12 12:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 12:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-13 16:24 24 a------- c:\documents and settings\ariel nava\jagex_runescape_preferences.dat
2008-06-01 18:52 284 a------- c:\docume~1\arieln~1\applic~1\ViewerApp.dat
2008-03-14 20:26 724,984 a------- c:\documents and settings\ariel nava\gotomypc_437.exe
2007-07-20 10:42 152 ac------ c:\docume~1\arieln~1\applic~1\wklnhst.dat
2007-01-25 13:49 722,176 a------- c:\documents and settings\ariel nava\gotomypc_428.exe
2006-12-18 10:22 774,144 ac------ c:\program files\RngInterstitial.dll
2006-11-16 17:50 92,064 a------- c:\documents and settings\ariel nava\mqdmmdm.sys
2006-11-16 17:50 79,328 a------- c:\documents and settings\ariel nava\mqdmserd.sys
2006-11-16 17:50 66,656 a------- c:\documents and settings\ariel nava\mqdmbus.sys
2006-11-16 17:50 25,600 a------- c:\documents and settings\ariel nava\usbsermptxp.sys
2006-11-16 17:50 22,768 a------- c:\documents and settings\ariel nava\usbsermpt.sys
2006-11-16 17:50 9,232 a------- c:\documents and settings\ariel nava\mqdmmdfl.sys
2006-11-16 17:50 6,208 a------- c:\documents and settings\ariel nava\mqdmcmnt.sys
2006-11-16 17:50 5,936 a------- c:\documents and settings\ariel nava\mqdmwhnt.sys
2006-11-16 17:50 4,048 a------- c:\documents and settings\ariel nava\mqdmcr.sys
2006-10-08 19:33 208,896 a------- c:\program files\NRPG RatioMaster.exe
2006-09-29 21:24 563,712 a------- c:\documents and settings\ariel nava\gotomypc_370.exe
2006-08-17 22:10 81,920 ac------ c:\docume~1\arieln~1\applic~1\ezpinst.exe
2006-08-17 22:10 47,360 ac------ c:\docume~1\arieln~1\applic~1\pcouffin.sys

============= FINISH: 12:26:45.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:31 PM

Posted 12 March 2009 - 05:32 PM

Hello Dualdiagnosis and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 dualdiagnosis

dualdiagnosis
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 March 2009 - 05:49 PM

Hi- Thanks for the reply. Here is the first log-

GooredFix v1.92 by jpshortstuff
Log created at 15:44 on 12/03/2009 running Option #2 (Adrian)
Firefox version 3.0.7 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{93393A93-8E4F-48F9-BD14-7230EDC35041}"="C:\Documents and Settings\Ariel Nava\Local Settings\Application Data\{93393A93-8E4F-48F9-BD14-7230EDC35041}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Ariel Nava\Local Settings\Application Data\{93393A93-8E4F-48F9-BD14-7230EDC35041}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

ComboFix coming up

#4 dualdiagnosis

dualdiagnosis
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 March 2009 - 06:07 PM

Ok, combofix log-

ComboFix 09-03-10.03 - Adrian 2009-03-12 15:51:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -7:00]
Running from: c:\documents and settings\Ariel Nava\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-08 16:51 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-08 16:50 . 2009-03-08 16:51 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-08 16:50 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\program files\Samsung
2009-03-07 22:03 . 2009-03-07 22:03 <DIR> d-------- c:\program files\Multimedia Card Reader
2009-03-07 19:24 . 2001-08-17 23:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-07 19:24 . 2008-04-13 18:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-07 19:24 . 2008-04-13 18:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-07 19:24 . 2001-08-17 15:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-07 19:24 . 2001-08-17 15:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\SUPERAntiSpyware.com
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 21:09 . 2009-03-06 21:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-06 20:38 . 2009-03-06 23:28 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-04 00:03 . 2009-03-04 00:03 <DIR> d-------- C:\VundoFix Backups
2009-03-03 21:34 . 2009-03-03 21:34 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\FRISK Software
2009-03-03 20:49 . 2009-03-03 20:49 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\TrojanHunter
2009-03-03 19:04 . 2009-03-03 19:04 <DIR> d-------- c:\program files\FRISK Software
2009-03-03 19:04 . 2009-03-03 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\FRISK Software
2009-03-03 19:04 . 2008-03-28 15:06 592,224 --a------ c:\windows\system32\drivers\FStopW.sys
2009-03-03 18:57 . 2009-03-03 18:57 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-02-21 21:06 . 2009-02-21 21:06 <DIR> d-------- c:\program files\UBISOFT
2009-02-19 13:20 . 2009-02-19 13:20 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-12 00:21 . 2009-03-01 04:20 <DIR> d--h----- C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 16:14 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-03-12 16:14 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-03-10 16:31 --------- d-----w c:\documents and settings\NetworkService\Application Data\VMware
2009-03-08 23:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 15:58 --------- d-----w c:\program files\Avi2Dvd
2009-03-06 15:57 --------- d-----w c:\program files\CACE Technologies
2009-03-05 04:25 --------- d-----w c:\program files\ophcrack
2009-03-04 22:08 --------- d-----w c:\program files\Apoint
2009-02-21 03:20 --------- d-----w c:\program files\PPMate
2009-02-21 02:46 --------- d-----w c:\program files\Color Schemer Studio
2009-02-20 02:58 --------- d-----w c:\documents and settings\Ariel Nava\Application Data\VMware
2009-02-13 04:54 --------- d-----w c:\program files\Safari
2009-02-12 06:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-12 06:56 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-12 06:56 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-12 06:56 --------- d-----w c:\program files\AVG
2009-02-12 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-12 06:12 --------- d-----w c:\program files\Spyware Doctor
2009-02-11 21:11 --------- d-----w c:\program files\AskSBar
2009-02-11 16:51 --------- d-----w c:\program files\Total Video Converter
2009-02-11 07:26 --------- d-----w c:\documents and settings\All Users\Application Data\Geek Squad
2009-02-11 07:11 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 07:11 --------- d-----w c:\documents and settings\Ariel Nava\Application Data\Malwarebytes
2009-02-11 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 01:40 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 01:40 --------- d-----w c:\program files\Java
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 03:43 --------- d-----w c:\program files\SopCast
2009-02-06 03:29 --------- d-----w c:\program files\Bonjour
2009-02-04 04:09 --------- d-----w c:\program files\MSECache
2009-02-01 01:12 --------- d-----w c:\program files\TVAnts
2009-01-15 00:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-06 02:49 2,709 ----a-w c:\windows\esoyavej.dll
2009-01-05 21:00 2,709 ----a-w c:\windows\evosacevezuyoca.dll
2009-01-05 07:22 2,709 ----a-w c:\windows\oyunosesoxi.dll
2009-01-05 05:14 2,709 ----a-w c:\windows\ipozuyocadisayi.dll
2009-01-05 03:06 2,709 ----a-w c:\windows\ogiqeniware.dll
2009-01-05 02:04 2,709 ----a-w c:\windows\imalewizut.dll
2009-01-05 01:02 2,709 ----a-w c:\windows\isebituk.dll
2009-01-05 00:00 2,709 ----a-w c:\windows\udofoyeje.dll
2009-01-04 22:58 2,709 ----a-w c:\windows\iyikawasaxov.dll
2009-01-04 21:56 2,709 ----a-w c:\windows\usujegozuxecugu.dll
2009-01-04 20:54 2,709 ----a-w c:\windows\ununazil.dll
2009-01-04 19:52 2,709 ----a-w c:\windows\egeyatupek.dll
2009-01-04 18:56 2,709 ----a-w c:\windows\ihogarorohugewu.dll
2009-01-04 18:53 2,709 ----a-w c:\windows\icikusadiyu.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 19:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 19:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-13 23:24 24 ----a-w c:\documents and settings\Ariel Nava\jagex_runescape_preferences.dat
2008-06-02 01:52 284 ----a-w c:\documents and settings\Ariel Nava\Application Data\ViewerApp.dat
2008-03-15 03:26 724,984 ----a-w c:\documents and settings\Ariel Nava\gotomypc_437.exe
2007-07-20 17:42 152 -c--a-w c:\documents and settings\Ariel Nava\Application Data\wklnhst.dat
2007-01-25 20:49 722,176 ----a-w c:\documents and settings\Ariel Nava\gotomypc_428.exe
2006-12-18 17:22 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-11-17 00:50 92,064 ----a-w c:\documents and settings\Ariel Nava\mqdmmdm.sys
2006-11-17 00:50 9,232 ----a-w c:\documents and settings\Ariel Nava\mqdmmdfl.sys
2006-11-17 00:50 79,328 ----a-w c:\documents and settings\Ariel Nava\mqdmserd.sys
2006-11-17 00:50 66,656 ----a-w c:\documents and settings\Ariel Nava\mqdmbus.sys
2006-11-17 00:50 6,208 ----a-w c:\documents and settings\Ariel Nava\mqdmcmnt.sys
2006-11-17 00:50 5,936 ----a-w c:\documents and settings\Ariel Nava\mqdmwhnt.sys
2006-11-17 00:50 4,048 ----a-w c:\documents and settings\Ariel Nava\mqdmcr.sys
2006-11-17 00:50 25,600 ----a-w c:\documents and settings\Ariel Nava\usbsermptxp.sys
2006-11-17 00:50 22,768 ----a-w c:\documents and settings\Ariel Nava\usbsermpt.sys
2006-10-09 02:33 208,896 ----a-w c:\program files\NRPG RatioMaster.exe
2006-09-30 04:24 563,712 ----a-w c:\documents and settings\Ariel Nava\gotomypc_370.exe
2006-08-18 05:10 81,920 -c--a-w c:\documents and settings\Ariel Nava\Application Data\ezpinst.exe
2006-08-18 05:10 47,360 -c--a-w c:\documents and settings\Ariel Nava\Application Data\pcouffin.sys
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-06_ 8.37.01.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2007-05-03 19:53:24 57,344 ----a-w c:\windows\devcon.exe
- 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2009-02-12 11:04:00 12,288 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-12 15:49:47 12,288 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-02-12 11:04:00 135,168 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-12 15:49:47 135,168 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-12 11:04:00 11,264 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-12 15:49:47 11,264 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-02-12 11:04:00 27,136 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-12 15:49:47 27,136 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-02-12 11:04:00 4,096 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-12 15:49:47 4,096 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-02-12 11:04:00 794,624 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-12 15:49:48 794,624 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-02-12 11:04:00 249,856 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-12 15:49:47 249,856 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-02-12 11:04:00 61,440 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-12 15:49:47 61,440 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-02-12 11:04:00 23,040 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-12 15:49:48 23,040 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-02-12 11:04:00 286,720 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-12 15:49:47 286,720 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-12 11:04:00 409,600 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-12 15:49:47 409,600 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-08 05:03:21 25,214 ----a-r c:\windows\Installer\{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}\ARPPRODUCTICON.exe
+ 2009-03-08 05:03:21 65,536 ----a-r c:\windows\Installer\{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}\NewShortcut1_4E1DD1CAABDC4767810C969508F70997.exe
+ 2009-03-07 04:11:30 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-07 04:11:30 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2007-05-03 19:53:28 286,720 ----a-w c:\windows\system32\amicon.dll
+ 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-04-13 19:45:38 26,368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-04-13 18:45:38 26,368 ----a-w c:\windows\system32\drivers\usbstor.sys
+ 2008-04-13 19:45:38 26,368 ----a-w c:\windows\system32\drivers\USBSTOR.SYS
- 2009-02-20 02:57:04 298,848 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-12 16:13:36 298,848 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-07-27 22:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2008-02-11 17:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 17:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 21:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 16:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2009-01-01 21:03:12 88,962 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-12 16:19:03 88,962 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-01 21:03:12 483,440 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-12 16:19:03 483,440 ----a-w c:\windows\system32\perfh009.dat
+ 2008-04-13 19:45:38 26,368 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\USBSTOR.SYS
+ 2005-08-31 00:57:18 58,320 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\ss_bus.sys
+ 2005-08-31 00:58:50 6,144 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\ss_cmnt.sys
+ 2005-08-31 00:58:56 8,304 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\ss_mdfl.sys
+ 2005-08-31 00:59:00 94,000 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\ss_mdm.sys
+ 2005-08-27 01:07:28 81,920 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2005-08-31 00:57:14 5,808 ----a-w c:\windows\system32\Samsung_USB_Drivers\1\ss_whnt.sys
+ 2005-08-30 08:47:38 58,320 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\ssm_bus.sys
+ 2005-08-30 08:49:28 6,176 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\ssm_cmnt.sys
+ 2005-08-30 08:49:34 8,336 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\ssm_mdfl.sys
+ 2005-08-30 08:49:38 94,000 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\ssm_mdm.sys
+ 2005-08-30 08:46:16 81,920 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2005-08-30 08:47:34 5,840 ----a-w c:\windows\system32\Samsung_USB_Drivers\2\ssm_whnt.sys
+ 2005-12-22 19:24:50 80,272 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdbus.sys
+ 2005-12-22 19:24:52 11,877 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdcmnt.sys
+ 2005-12-22 19:24:52 10,864 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdmdfl.sys
+ 2005-12-22 19:24:52 137,884 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdmdm.sys
+ 2005-12-22 19:24:52 108,003 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdserd.sys
+ 2005-12-22 19:24:52 65,536 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2005-12-22 19:24:54 11,188 ----a-w c:\windows\system32\Samsung_USB_Drivers\3\sscdwhnt.sys
+ 2006-07-21 19:12:56 66,672 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdbus.sys
+ 2006-07-21 19:15:26 6,208 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdcmnt.sys
+ 2006-07-21 19:13:48 9,232 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdmdfl.sys
+ 2006-07-21 19:13:52 100,304 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdmdm.sys
+ 2006-07-21 19:14:40 91,744 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdmgmt.sys
+ 2006-07-21 19:15:28 89,584 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdobex.sys
+ 2006-07-21 19:15:56 53,760 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2006-07-21 19:12:52 5,872 ----a-w c:\windows\system32\Samsung_USB_Drivers\5\sssdwhnt.sys
+ 2007-01-08 01:10:28 66,880 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\ssbcbus.sys
+ 2007-01-08 01:11:16 6,272 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\ssbccmnt.sys
+ 2007-01-08 01:11:18 9,360 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\ssbcmdfl.sys
+ 2007-01-08 01:11:22 100,864 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\ssbcmdm.sys
+ 2007-01-08 01:11:48 55,296 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
+ 2007-01-08 01:10:24 5,936 ----a-w c:\windows\system32\Samsung_USB_Drivers\6\ssbcwhnt.sys
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2006-09-26 01:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 03:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 16:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-06-12 06:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-12 01:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-12 16:14:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_760.dat
+ 2009-03-12 16:14:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e58.dat
+ 2009-03-12 16:14:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f10.dat
+ 2009-03-12 16:14:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f20.dat
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Ariel Nava\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-08-04 438272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2006-03-13 30208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 23:56 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon PC1200 iC D600 iR1200G Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK
backup=c:\windows\pss\Canon PC1200 iC D600 iR1200G Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-02-11 23:56 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 12:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-PROT Antivirus Tray application]
--a------ 2008-04-21 16:25 1597832 c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-29 14:33 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-06-29 14:33 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-05 12:33 5207368 c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-12-11 17:36 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2008-03-25 20:08 1047712 c:\program files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-18 10:06 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-10-31 11:19 378784 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a------ 2003-04-19 21:08 28672 c:\windows\SONYSYS\VAIO Recovery\Partseal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2005-10-11 22:36 151552 c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2008-08-08 16:35 55856 c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2008-08-08 16:36 72240 c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 c:\program files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\NRPG RatioMaster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\VMISrv.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Shared Documents\\wap54g_setupwiz\\wap54gSetupwiz\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Ariel Nava\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-03-03 592224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-11 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-11 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-11 298264]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2008-04-21 45960]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-17 24635]
S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2007-10-19 22912]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5053cfd3-b459-11dc-b3f7-00166f5c05c7}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}]
\Shell\AutoRun\command - e:\sony\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 15:59:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-927921942-866893264-1231614377-1006\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:01,43,92,80,c1,d1,7a,52,55,97,24,04,6c,97,52,91,d0,2a,7e,8e,
a1,a6,5e,24,41,20,76,79,4f,d3,ea,9c,f9,3f,1b,5c,a1,9a,5b,cf,78,90,97,5f,e8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-03-12 16:03:49
ComboFix-quarantined-files.txt 2009-03-12 23:02:36
ComboFix2.txt 2009-03-06 16:38:38

Pre-Run: 7,735,390,208 bytes free
Post-Run: 7,738,580,992 bytes free

436 --- E O F --- 2009-03-12 15:49:52


Thanks, let me know what's next.

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:31 PM

Posted 13 March 2009 - 06:21 PM

Hello Dualdiagnosis,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/209445/infected-with-vundo-andor-toseeka-redirector-or/
Collect::
c:\windows\esoyavej.dll
c:\windows\evosacevezuyoca.dll
File::
c:\windows\oyunosesoxi.dll
c:\windows\ipozuyocadisayi.dll
c:\windows\ogiqeniware.dll
c:\windows\imalewizut.dll
c:\windows\isebituk.dll
c:\windows\udofoyeje.dll
c:\windows\iyikawasaxov.dll
c:\windows\usujegozuxecugu.dll
c:\windows\ununazil.dll
c:\windows\egeyatupek.dll
c:\windows\ihogarorohugewu.dll
c:\windows\icikusadiyu.dll

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Additionally, ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : [list]1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic=202813
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :thumbup2:

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 dualdiagnosis

dualdiagnosis
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 13 March 2009 - 07:09 PM

New Combofix log- :)

ComboFix 09-03-13.01 - Adrian 2009-03-13 16:51:19.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.317 [GMT -7:00]
Running from: c:\documents and settings\Ariel Nava\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ariel Nava\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\egeyatupek.dll
c:\windows\icikusadiyu.dll
c:\windows\ihogarorohugewu.dll
c:\windows\imalewizut.dll
c:\windows\ipozuyocadisayi.dll
c:\windows\isebituk.dll
c:\windows\iyikawasaxov.dll
c:\windows\ogiqeniware.dll
c:\windows\oyunosesoxi.dll
c:\windows\udofoyeje.dll
c:\windows\ununazil.dll
c:\windows\usujegozuxecugu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\egeyatupek.dll
c:\windows\esoyavej.dll
c:\windows\evosacevezuyoca.dll
c:\windows\icikusadiyu.dll
c:\windows\ihogarorohugewu.dll
c:\windows\imalewizut.dll
c:\windows\ipozuyocadisayi.dll
c:\windows\isebituk.dll
c:\windows\iyikawasaxov.dll
c:\windows\ogiqeniware.dll
c:\windows\oyunosesoxi.dll
c:\windows\udofoyeje.dll
c:\windows\ununazil.dll
c:\windows\usujegozuxecugu.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-08 16:51 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-08 16:50 . 2009-03-08 16:51 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-08 16:50 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-08 16:49 . 2009-03-08 16:49 <DIR> d-------- c:\program files\Samsung
2009-03-07 22:03 . 2009-03-07 22:03 <DIR> d-------- c:\program files\Multimedia Card Reader
2009-03-07 19:24 . 2001-08-17 23:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-07 19:24 . 2001-08-17 23:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-07 19:24 . 2008-04-13 18:09 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-07 19:24 . 2008-04-13 18:09 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-07 19:24 . 2001-08-17 15:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-07 19:24 . 2001-08-17 15:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-07 19:24 . 2001-08-17 15:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\SUPERAntiSpyware.com
2009-03-06 21:11 . 2009-03-06 21:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 21:09 . 2009-03-06 21:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-06 20:38 . 2009-03-06 23:28 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-04 00:03 . 2009-03-04 00:03 <DIR> d-------- C:\VundoFix Backups
2009-03-03 21:34 . 2009-03-03 21:34 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\FRISK Software
2009-03-03 20:49 . 2009-03-03 20:49 <DIR> d-------- c:\documents and settings\Ariel Nava\Application Data\TrojanHunter
2009-03-03 19:04 . 2009-03-03 19:04 <DIR> d-------- c:\program files\FRISK Software
2009-03-03 19:04 . 2009-03-03 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\FRISK Software
2009-03-03 19:04 . 2008-03-28 15:06 592,224 --a------ c:\windows\system32\drivers\FStopW.sys
2009-03-03 18:57 . 2009-03-03 18:57 <DIR> d-------- c:\program files\TrojanHunter 5.0
2009-02-21 21:06 . 2009-02-21 21:06 <DIR> d-------- c:\program files\UBISOFT
2009-02-19 13:20 . 2009-02-19 13:20 <DIR> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 16:14 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-03-12 16:14 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-03-10 16:31 --------- d-----w c:\documents and settings\NetworkService\Application Data\VMware
2009-03-08 23:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 15:58 --------- d-----w c:\program files\Avi2Dvd
2009-03-06 15:57 --------- d-----w c:\program files\CACE Technologies
2009-03-05 04:25 --------- d-----w c:\program files\ophcrack
2009-03-04 22:08 --------- d-----w c:\program files\Apoint
2009-02-21 03:20 --------- d-----w c:\program files\PPMate
2009-02-21 02:46 --------- d-----w c:\program files\Color Schemer Studio
2009-02-20 02:58 --------- d-----w c:\documents and settings\Ariel Nava\Application Data\VMware
2009-02-13 04:54 --------- d-----w c:\program files\Safari
2009-02-12 06:56 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-12 06:56 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-12 06:56 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-12 06:56 --------- d-----w c:\program files\AVG
2009-02-12 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-12 06:12 --------- d-----w c:\program files\Spyware Doctor
2009-02-11 21:11 --------- d-----w c:\program files\AskSBar
2009-02-11 16:51 --------- d-----w c:\program files\Total Video Converter
2009-02-11 07:26 --------- d-----w c:\documents and settings\All Users\Application Data\Geek Squad
2009-02-11 07:11 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 07:11 --------- d-----w c:\documents and settings\Ariel Nava\Application Data\Malwarebytes
2009-02-11 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 01:40 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 01:40 --------- d-----w c:\program files\Java
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 03:43 --------- d-----w c:\program files\SopCast
2009-02-06 03:29 --------- d-----w c:\program files\Bonjour
2009-02-04 04:09 --------- d-----w c:\program files\MSECache
2009-02-01 01:12 --------- d-----w c:\program files\TVAnts
2009-01-15 00:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-13 23:24 24 ----a-w c:\documents and settings\Ariel Nava\jagex_runescape_preferences.dat
2008-06-02 01:52 284 ----a-w c:\documents and settings\Ariel Nava\Application Data\ViewerApp.dat
2008-03-15 03:26 724,984 ----a-w c:\documents and settings\Ariel Nava\gotomypc_437.exe
2007-07-20 17:42 152 -c--a-w c:\documents and settings\Ariel Nava\Application Data\wklnhst.dat
2007-01-25 20:49 722,176 ----a-w c:\documents and settings\Ariel Nava\gotomypc_428.exe
2006-12-18 17:22 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-11-17 00:50 92,064 ----a-w c:\documents and settings\Ariel Nava\mqdmmdm.sys
2006-11-17 00:50 9,232 ----a-w c:\documents and settings\Ariel Nava\mqdmmdfl.sys
2006-11-17 00:50 79,328 ----a-w c:\documents and settings\Ariel Nava\mqdmserd.sys
2006-11-17 00:50 66,656 ----a-w c:\documents and settings\Ariel Nava\mqdmbus.sys
2006-11-17 00:50 6,208 ----a-w c:\documents and settings\Ariel Nava\mqdmcmnt.sys
2006-11-17 00:50 5,936 ----a-w c:\documents and settings\Ariel Nava\mqdmwhnt.sys
2006-11-17 00:50 4,048 ----a-w c:\documents and settings\Ariel Nava\mqdmcr.sys
2006-11-17 00:50 25,600 ----a-w c:\documents and settings\Ariel Nava\usbsermptxp.sys
2006-11-17 00:50 22,768 ----a-w c:\documents and settings\Ariel Nava\usbsermpt.sys
2006-10-09 02:33 208,896 ----a-w c:\program files\NRPG RatioMaster.exe
2006-09-30 04:24 563,712 ----a-w c:\documents and settings\Ariel Nava\gotomypc_370.exe
2006-08-18 05:10 81,920 -c--a-w c:\documents and settings\Ariel Nava\Application Data\ezpinst.exe
2006-08-18 05:10 47,360 -c--a-w c:\documents and settings\Ariel Nava\Application Data\pcouffin.sys
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Ariel Nava\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-08-04 438272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2006-03-13 30208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-11 23:56 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon PC1200 iC D600 iR1200G Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK
backup=c:\windows\pss\Canon PC1200 iC D600 iR1200G Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-02-11 23:56 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 12:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-PROT Antivirus Tray application]
--a------ 2008-04-21 16:25 1597832 c:\program files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-29 14:33 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-06-29 14:33 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-05 12:33 5207368 c:\program files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-12-11 17:36 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2008-03-25 20:08 1047712 c:\program files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-18 10:06 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-10-31 11:19 378784 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a------ 2003-04-19 21:08 28672 c:\windows\SONYSYS\VAIO Recovery\Partseal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2005-10-11 22:36 151552 c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2008-08-08 16:35 55856 c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2008-08-08 16:36 72240 c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 c:\program files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\NRPG RatioMaster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\VMISrv.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Shared Documents\\wap54g_setupwiz\\wap54gSetupwiz\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Ariel Nava\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-03-03 592224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-11 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-11 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-11 298264]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2008-04-21 45960]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-17 24635]
S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2007-10-19 22912]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5053cfd3-b459-11dc-b3f7-00166f5c05c7}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}]
\Shell\AutoRun\command - e:\sony\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Ariel Nava\Application Data\Mozilla\Firefox\Profiles\dv7omh5c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 16:55:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-927921942-866893264-1231614377-1006\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:01,43,92,80,c1,d1,7a,52,55,97,24,04,6c,97,52,91,d0,2a,7e,8e,
a1,a6,5e,24,41,20,76,79,4f,d3,ea,9c,f9,3f,1b,5c,a1,9a,5b,cf,78,90,97,5f,e8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-03-13 16:59:55
ComboFix-quarantined-files.txt 2009-03-13 23:58:37
ComboFix2.txt 2009-03-12 23:03:50
ComboFix3.txt 2009-03-06 16:38:38

Pre-Run: 7,701,164,032 bytes free
Post-Run: 7,682,387,968 bytes free

331 --- E O F --- 2009-03-12 15:49:52




New DDS log-
:thumbup2:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Adrian at 17:02:23.84 on Fri 03/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.390 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\WINDOWS\system32\CAPM1RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\xampp\filezillaftp\filezillaserver.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ariel Nava\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [readericon10] c:\program files\multimedia card reader\readericon10.exe
StartupFolder: c:\docume~1\arieln~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\canonp~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153629523406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arieln~1\applic~1\mozilla\firefox\profiles\dv7omh5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\ariel nava\application data\mozilla\firefox\profiles\dv7omh5c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ariel nava\application data\mozilla\firefox\profiles\dv7omh5c.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-3-3 592224]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-11 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-11 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-11 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-11 298264]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2008-4-21 45960]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-9-9 122368]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-1-17 24635]
S2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]
S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2007-10-19 22912]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

=============== Created Last 30 ================

2009-03-08 16:51 174,592 a------- c:\windows\system32\framedyn.dll
2009-03-08 16:50 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-03-08 16:50 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-03-08 16:49 <DIR> --d----- c:\program files\Samsung
2009-03-07 22:03 <DIR> --d----- c:\program files\Multimedia Card Reader
2009-03-07 19:24 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-03-07 19:24 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-03-07 19:24 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-03-07 19:24 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-03-07 19:24 8,192 a------- c:\windows\system32\kbdkor.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd101c.dll
2009-03-07 19:24 5,632 a------- c:\windows\system32\kbd103.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-03-07 19:24 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd106.dll
2009-03-07 19:24 6,144 a------- c:\windows\system32\kbd101b.dll
2009-03-06 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 21:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 21:11 <DIR> --d----- c:\docume~1\arieln~1\applic~1\SUPERAntiSpyware.com
2009-03-06 21:09 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-06 20:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-06 09:20 <DIR> --d----- C:\cmdcons
2009-03-06 09:18 161,792 a------- c:\windows\SWREG.exe
2009-03-06 09:18 98,816 a------- c:\windows\sed.exe
2009-03-04 00:03 <DIR> --d----- C:\VundoFix Backups
2009-03-03 21:34 <DIR> --d----- c:\docume~1\arieln~1\applic~1\FRISK Software
2009-03-03 20:49 <DIR> --d----- c:\docume~1\arieln~1\applic~1\TrojanHunter
2009-03-03 19:04 592,224 a------- c:\windows\system32\drivers\FStopW.sys
2009-03-03 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FRISK Software
2009-03-03 19:04 <DIR> --d----- c:\program files\FRISK Software
2009-03-03 18:57 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-02-12 00:21 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-11 23:56 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-11 23:56 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-11 23:56 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-11 23:56 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-11 23:56 <DIR> --d----- c:\program files\AVG
2009-02-11 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-11 19:21 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-11 19:20 626,688 a------- c:\windows\system32\msvcr80.dll

==================== Find3M ====================

2009-02-09 18:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 00:12 60,568 a---h--- c:\windows\system32\mlfcache.dat
2009-01-14 17:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 17:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-04 11:50 2,709 a------- c:\windows\Xgagolalocupu.dat
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-13 16:24 24 a------- c:\documents and settings\ariel nava\jagex_runescape_preferences.dat
2008-06-01 18:52 284 a------- c:\docume~1\arieln~1\applic~1\ViewerApp.dat
2008-03-14 20:26 724,984 a------- c:\documents and settings\ariel nava\gotomypc_437.exe
2007-07-20 10:42 152 ac------ c:\docume~1\arieln~1\applic~1\wklnhst.dat
2007-01-25 13:49 722,176 a------- c:\documents and settings\ariel nava\gotomypc_428.exe
2006-12-18 10:22 774,144 ac------ c:\program files\RngInterstitial.dll
2006-11-16 17:50 92,064 a------- c:\documents and settings\ariel nava\mqdmmdm.sys
2006-11-16 17:50 79,328 a------- c:\documents and settings\ariel nava\mqdmserd.sys
2006-11-16 17:50 66,656 a------- c:\documents and settings\ariel nava\mqdmbus.sys
2006-11-16 17:50 25,600 a------- c:\documents and settings\ariel nava\usbsermptxp.sys
2006-11-16 17:50 22,768 a------- c:\documents and settings\ariel nava\usbsermpt.sys
2006-11-16 17:50 9,232 a------- c:\documents and settings\ariel nava\mqdmmdfl.sys
2006-11-16 17:50 6,208 a------- c:\documents and settings\ariel nava\mqdmcmnt.sys
2006-11-16 17:50 5,936 a------- c:\documents and settings\ariel nava\mqdmwhnt.sys
2006-11-16 17:50 4,048 a------- c:\documents and settings\ariel nava\mqdmcr.sys
2006-10-08 19:33 208,896 a------- c:\program files\NRPG RatioMaster.exe
2006-09-29 21:24 563,712 a------- c:\documents and settings\ariel nava\gotomypc_370.exe
2006-08-17 22:10 81,920 ac------ c:\docume~1\arieln~1\applic~1\ezpinst.exe
2006-08-17 22:10 47,360 ac------ c:\docume~1\arieln~1\applic~1\pcouffin.sys

============= FINISH: 17:02:36.21 ===============

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:31 PM

Posted 14 March 2009 - 04:09 PM

Hello Dualdiagnosis,

Those logs look fine now. :thumbup2:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It might also be a good thing to remove those older Java versions :
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name (except off course the latest version 12).
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 dualdiagnosis

dualdiagnosis
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 14 March 2009 - 05:05 PM

Thanks for your help, everything seems ok so far. A couple of questions- What are these dll's that showed up?
c:\windows\esoyavej.dll
c:\windows\evosacevezuyoca.dll
File::
c:\windows\oyunosesoxi.dll
c:\windows\ipozuyocadisayi.dll
c:\windows\ogiqeniware.dll
c:\windows\imalewizut.dll
c:\windows\isebituk.dll
c:\windows\udofoyeje.dll
c:\windows\iyikawasaxov.dll
c:\windows\usujegozuxecugu.dll
c:\windows\ununazil.dll
c:\windows\egeyatupek.dll
c:\windows\ihogarorohugewu.dll
c:\windows\icikusadiyu.dll
Are they from a specific infection or are they just flagged as out of place? I tried to google them but got no info. Any recommendations on keeping clean?

Again thanks for the assistance.

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:31 PM

Posted 14 March 2009 - 06:04 PM

Hello Dualdiagnosis,

Those files were flagged because they were out of place, had unknown dll names and were all copies with a same size,
typical of malware files or leftovers. :thumbup2:

You protection is quite decent, but no protection is a 100% failsafe.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users