Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009


  • This topic is locked This topic is locked
12 replies to this topic

#1 abc12345xyz

abc12345xyz

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 16 March 2009 - 12:06 PM

Hello,

Short Background:
I had a virus Spyware Protect 2009. After posting my problem in Am I infected? What do I do?, I was helped by boopme and was asked to run ATF Cleaner, Malwarebytes Anti-Malware, SUPERAntiSpyware Free, SmitfraudFix, and dds. I could not run SmitfraudFix, and dds. So, then I was asked to run RSIT, and now I am posting my log.txt file in this forum.

(For complete background, please go to this link http://www.bleepingcomputer.com/forums/t/209360/spyware-protect-2009/)

Scanning Results:
Logfile of random's system information tool 1.05 (written by random/random)
Run by kuwait at 2009-03-16 19:53:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 60 GB (51%) free of 117 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:40 PM, on 3/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kuwait\Desktop\RSIT.exe
C:\Program Files\trend micro\kuwait.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:\\www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gcuz/EeZQexth3U
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\3e03803a1.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69E1B4A9-B8ED-450C-AF67-03FF49D4FC18}: NameServer = 195.226.228.72 195.226.228.74
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:TLLX...r/7350_1024.jpg

--
End of file - 7726 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareBot Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll []
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tweak UI"=C:\WINDOWS\system32\TWEAKUI.CPL [2000-06-18 106544]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-10-25 61440]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2009-02-26 590848]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-03-27 111928]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-08-06 860160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2007-11-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
C:\WINDOWS\system32\TWEAKUI.CPL [2000-06-18 106544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe"="C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe:*:Enabled:iaxdialer"
"C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe"="C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03da7d1f-46bc-11dc-94d9-de602a712dc5}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901e4c06-5570-11dc-94fe-bbb90e4877fb}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ebe7b55-2598-11dc-9485-b02ba35ffb0a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 1 months======

2009-03-16 19:14:29 ----D---- C:\Program Files\trend micro
2009-03-16 19:14:27 ----D---- C:\rsit
2009-03-10 17:51:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-10 17:51:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-10 17:51:27 ----D---- C:\Documents and Settings\kuwait\Application Data\SUPERAntiSpyware.com
2009-03-09 23:31:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-09 23:26:42 ----D---- C:\My Downloads
2009-03-09 23:04:46 ----D---- C:\Documents and Settings\kuwait\Application Data\Malwarebytes
2009-03-09 23:02:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-07 20:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 20:12:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-02 20:09:11 ----D---- C:\Documents and Settings\kuwait\Application Data\GetRightToGo
2009-03-02 20:01:37 ----D---- C:\Program Files\Enigma Software Group
2009-02-24 23:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

======List of files/folders modified in the last 1 months======

2009-03-16 19:48:55 ----D---- C:\Program Files\Mozilla Firefox
2009-03-16 19:48:44 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-03-16 19:16:15 ----D---- C:\WINDOWS\Prefetch
2009-03-16 19:14:29 ----RD---- C:\Program Files
2009-03-16 00:42:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-16 00:42:00 ----D---- C:\Documents and Settings\kuwait\Application Data\Skype
2009-03-15 18:26:03 ----D---- C:\WINDOWS
2009-03-13 22:13:55 ----D---- C:\WINDOWS\Temp
2009-03-13 22:13:54 ----D---- C:\WINDOWS\system32
2009-03-11 18:20:42 ----D---- C:\WINDOWS\system32\drivers
2009-03-10 21:45:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-10 18:20:21 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-10 17:51:44 ----SHD---- C:\WINDOWS\Installer
2009-03-10 17:51:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-09 23:29:37 ----D---- C:\Documents and Settings\kuwait\Application Data\Mozilla
2009-03-09 23:23:59 ----D---- C:\Program Files\Common Files
2009-03-09 22:38:35 ----D---- C:\WINDOWS\Minidump
2009-03-09 18:29:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2009-03-07 20:42:09 ----D---- C:\temp
2009-03-07 20:41:59 ----D---- C:\Program Files\Windows Media Player
2009-03-05 19:51:34 ----D---- C:\Documents and Settings\kuwait\Application Data\AVG7
2009-03-01 18:41:01 ----SD---- C:\WINDOWS\Tasks
2009-03-01 18:26:23 ----HD---- C:\WINDOWS\inf
2009-02-28 18:22:43 ----D---- C:\WINDOWS\system
2009-02-26 23:04:31 ----RHD---- C:\$VAULT$.AVG
2009-02-26 22:04:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-25 11:59:43 ----D---- C:\Documents and Settings\kuwait\Application Data\Macromedia
2009-02-24 23:00:41 ----A---- C:\WINDOWS\imsins.BAK
2009-02-24 23:00:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-24 22:12:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-17 23:08:39 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-02-17 23:08:24 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-08-30 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-08-30 27776]
R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2007-12-21 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-08-30 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-08-11 9856]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 SDManager;SDManager; \??\C:\Program Files\SpywareDetector\SDManager.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZSMC303;USB PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-10-27 390849]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-26 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-08-30 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-21 406528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-24 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2004-08-04 26112]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


Please tell me what to do next?


Thank you.

Edited by abc12345xyz, 16 March 2009 - 12:12 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:36 AM

Posted 27 March 2009 - 08:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 29 March 2009 - 12:32 PM

Dear Orange Blossom,

Thank you for replying and it is also okay that you are replying me late, at least someone is ready to help me out. As I mentioned in my first post that, I had a virus Spyware Protect 2009. After posting my problem in Am I infected? What do I do?, I was helped by boopme and was asked to run ATF Cleaner, Malwarebytes Anti-Malware, SUPERAntiSpyware Free, SmitfraudFix, and dds. I could not run SmitfraudFix, and dds. So, then I was asked to run RSIT, and I have also posted my log.txt file in my above post. If you want the new log.txt, I can also do that.

(For complete background, please go to this link http://www.bleepingcomputer.com/forums/t/209360/spyware-protect-2009/)

Please tell me what to do next?


Thank you.

Edited by abc12345xyz, 29 March 2009 - 12:32 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:36 AM

Posted 29 March 2009 - 12:53 PM

Hello there,

Yes, please post the new RSIT log. Sorry about not catching that you couldn't run DDS.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 30 March 2009 - 12:11 PM

New RSIT log
Logfile of random's system information tool 1.06 (written by random/random)
Run by kuwait at 2009-03-30 19:53:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (51%) free of 117 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:30 PM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
C:\Documents and Settings\kuwait\Desktop\RSIT.exe
C:\Program Files\trend micro\kuwait.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gcuz/EeZQexth3U
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\3e03803a1.dll"" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-796845957-1644491937-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69E1B4A9-B8ED-450C-AF67-03FF49D4FC18}: NameServer = 195.226.228.72 195.226.228.74
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:TLLX...r/7350_1024.jpg

--
End of file - 15131 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareBot Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll []
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-10-25 61440]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-03-27 111928]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-08-06 860160]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"= []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2007-11-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
TWEAKUI.CPL,TweakMeUp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe"="C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe:*:Enabled:iaxdialer"
"C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe"="C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03da7d1f-46bc-11dc-94d9-de602a712dc5}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901e4c06-5570-11dc-94fe-bbb90e4877fb}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ebe7b55-2598-11dc-9485-b02ba35ffb0a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 1 months======

2009-03-30 19:52:34 ----D---- C:\Program Files\trend micro
2009-03-30 19:52:33 ----D---- C:\rsit
2009-03-30 00:25:58 ----A---- C:\WINDOWS\system32\srusd.dll
2009-03-30 00:25:57 ----A---- C:\WINDOWS\system32\fnfilter.dll
2009-03-29 18:42:18 ----D---- C:\Program Files\AVG
2009-03-28 22:16:16 ----D---- C:\AVGTemp
2009-03-24 21:02:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-24 20:42:49 ----D---- C:\Documents and Settings\kuwait\Application Data\AVG7
2009-03-24 20:42:18 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2009-03-22 23:20:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-16 20:16:57 ----D---- C:\Documents and Settings\kuwait\Application Data\skypePM
2009-03-16 20:15:30 ----D---- C:\Program Files\Common Files\Skype
2009-03-16 20:15:28 ----RD---- C:\Program Files\Skype
2009-03-16 20:15:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-10 17:51:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-10 17:51:27 ----D---- C:\Documents and Settings\kuwait\Application Data\SUPERAntiSpyware.com
2009-03-09 23:26:42 ----D---- C:\My Downloads
2009-03-09 23:04:46 ----D---- C:\Documents and Settings\kuwait\Application Data\Malwarebytes
2009-03-09 23:02:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-07 20:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 20:12:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-02 20:09:11 ----D---- C:\Documents and Settings\kuwait\Application Data\GetRightToGo

======List of files/folders modified in the last 1 months======

2009-03-30 19:53:49 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-03-30 19:52:34 ----RD---- C:\Program Files
2009-03-30 19:50:01 ----D---- C:\WINDOWS\system32\drivers
2009-03-30 19:50:01 ----D---- C:\WINDOWS\system32
2009-03-30 19:50:01 ----D---- C:\WINDOWS
2009-03-30 00:33:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 00:26:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-30 00:25:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-29 22:29:36 ----D---- C:\WINDOWS\Prefetch
2009-03-29 18:42:06 ----SHD---- C:\WINDOWS\Installer
2009-03-29 00:16:00 ----D---- C:\Documents and Settings\kuwait\Application Data\Skype
2009-03-27 18:40:34 ----D---- C:\Program Files\Mozilla Firefox
2009-03-24 22:40:29 ----D---- C:\WINDOWS\Minidump
2009-03-24 20:51:53 ----D---- C:\WINDOWS\system
2009-03-24 20:36:26 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-24 20:24:13 ----SHD---- C:\RECYCLER
2009-03-23 22:55:03 ----HD---- C:\WINDOWS\inf
2009-03-23 22:51:35 ----D---- C:\Program Files\SweetIM
2009-03-23 22:51:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-22 22:55:02 ----D---- C:\WINDOWS\Temp
2009-03-22 22:29:56 ----D---- C:\WINDOWS\WinSxS
2009-03-22 22:29:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-16 20:15:30 ----D---- C:\Program Files\Common Files
2009-03-09 23:29:37 ----D---- C:\Documents and Settings\kuwait\Application Data\Mozilla
2009-03-07 20:42:09 ----D---- C:\temp
2009-03-07 20:41:59 ----D---- C:\Program Files\Windows Media Player
2009-03-01 18:41:01 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-29 107912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-08-11 9856]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-29 325640]
S1 SDManager;SDManager; \??\C:\Program Files\SpywareDetector\SDManager.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZSMC303;USB PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-10-27 390849]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-24 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2004-08-04 26112]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

New Problems:
I had AVG 7.5 free edition and probably you know that its support is expiring on 12 April 2009. So I try to install AVG 8.0 and 8.5, but both of them stopped in the beginning of installation. I tried many times to install/repair but it always stopped during installation. And I cannot even uninstall AVG 8.0/8.5 to start the fresh installation.

#6 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:36 AM

Posted 31 March 2009 - 10:09 AM

Hi,

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#7 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 01 April 2009 - 10:42 AM

Dear lusitano,

First of all thank you for assisting me.

Please Note that, after clicking on the icon and accepting the disclaimer, I was not asked for anything else.

Below is the ComboFix Log File:

ComboFix 09-03-31.02 - kuwait 2009-04-01 17:39:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.511.297 [GMT 3:00]
Running from: c:\documents and settings\kuwait\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\3e03803a1.dll
c:\windows\NIRCMD.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-30 19:52 . 2009-03-30 19:52 <DIR> d-------- C:\rsit
2009-03-30 19:52 . 2009-03-30 19:55 <DIR> d-------- c:\program files\trend micro
2009-03-30 00:25 . 2001-08-17 22:36 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-30 00:25 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-30 00:25 . 2001-08-17 22:36 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-30 00:25 . 2001-08-17 22:36 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-30 00:25 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-30 00:25 . 2001-08-17 13:53 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-29 18:55 . 2009-03-29 18:55 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-29 18:55 . 2009-03-29 18:55 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-29 18:42 . 2009-03-29 18:42 <DIR> d-------- c:\program files\AVG
2009-03-28 22:16 . 2009-03-28 22:16 <DIR> d-------- C:\AVGTemp
2009-03-24 21:02 . 2009-03-27 13:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 21:02 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 21:02 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-24 20:42 . 2009-03-24 20:42 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AVG7
2009-03-24 20:42 . 2009-03-24 20:47 <DIR> d-------- c:\documents and settings\kuwait\Application Data\AVG7
2009-03-24 20:42 . 2009-03-30 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2009-03-22 23:20 . 2009-03-30 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-16 20:16 . 2009-03-30 22:50 <DIR> d-------- c:\documents and settings\kuwait\Application Data\skypePM
2009-03-16 20:16 . 2009-03-16 20:16 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> dr------- c:\program files\Skype
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-10 17:51 . 2009-03-23 22:51 <DIR> d-------- c:\documents and settings\kuwait\Application Data\SUPERAntiSpyware.com
2009-03-10 17:51 . 2009-03-10 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-09 23:26 . 2009-03-24 21:52 <DIR> d-------- C:\My Downloads
2009-03-09 23:04 . 2009-03-09 23:04 <DIR> d-------- c:\documents and settings\kuwait\Application Data\Malwarebytes
2009-03-09 23:02 . 2009-03-09 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-07 20:25 . 2009-03-07 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 20:12 . 2009-03-09 23:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-02 20:09 . 2009-03-02 20:09 <DIR> d-------- c:\documents and settings\kuwait\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 20:49 --------- d-----w c:\documents and settings\kuwait\Application Data\Skype
2009-03-23 19:51 --------- d-----w c:\program files\SweetIM
2009-03-23 19:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-26 19:04 --------- d--h--w c:\program files\InstallShield Installation Information
2001-08-23 12:00 94,784 --sh--w c:\windows\twain.dll
2004-08-03 21:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-03 21:56 1,028,096 --sh--w c:\windows\system32\mfc42.dll
2004-08-03 21:56 54,784 --sh--w c:\windows\system32\msvcirt.dll
2004-08-03 21:56 413,696 --sh--w c:\windows\system32\msvcp60.dll
2004-08-03 21:56 343,040 --sh--w c:\windows\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w c:\windows\system32\oleaut32.dll
2004-08-03 21:56 83,456 --sh--w c:\windows\system32\olepro32.dll
2004-08-03 21:56 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 180,269 2006-08-11 12:47:25 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 256,576 2006-10-30 06:36:36 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 06:36:36 c:\program files\iTunes\iTunesHelper.exe

----a-w 282,624 2006-10-25 15:58:18 c:\program files\QuickTime\bak\qttask.exe

----a-w 3,084,288 2005-08-19 16:34:02 c:\program files\Yahoo!\Messenger\bak\ypager.exe

----a-w 15,360 2004-08-03 21:56:50 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-03 21:56:50 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="~" [X]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [N/A]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 c:\windows\system32\TWEAKUI.CPL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-08-24 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
c:\windows\svchost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\progra~1\mcafee.com\agent\McAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\progra~1\McAfee.com\Agent\mcregwiz.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\progra~1\mcafee.com\agent\McUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
c:\program files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
c:\progra~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\5.bin\mwsoemon.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 08:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 13:48 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\progra~1\mcafee.com\vso\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
c:\documents and settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
c:\program files\Yahoo!\Messenger\ypager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
-ra------ 2000-06-18 23:03 106544 c:\windows\system32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sawa2Call\\Dialer\\Resources\\iaxdialer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-29 107912]
R3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [2008-09-06 77824]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-29 325640]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\AdwareBot Scheduled Scan.job
- c:\program files\AdwareBot\AdwareBot.exe []

2009-03-05 c:\windows\Tasks\AdwareBot Scheduled Scan.job
- c:\program files\AdwareBot []

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-03-01 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-avgrsstarter - avgrsstx.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwZp95Uj5JDwvJltcUBZZMdrmdq0G2Ps42eNYDJwPUq/+v4x7LBexPpVjgANmbblD/702GeZ5TAvBr7kNOUgcuz/EeZQexth3U
IE: &Search
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kuwait\Application Data\Mozilla\Firefox\Profiles\akikxgvw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 17:43:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-04-01 17:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 14:47:31

Pre-Run: 62,000,652,288 bytes free
Post-Run: 62,611,193,856 bytes free

228 --- E O F --- 2009-02-24 20:00:42

#8 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:36 AM

Posted 01 April 2009 - 12:22 PM

Hello,

1. Please uninstall (if exist) any of the following program(s) using Add/Remove Programs if they are present.
To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

My Web Search
AdwareBot




2. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


3. Now, close any open browsers.
  • Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\progra~1\MYWEBS~1
c:\program files\AdwareBot
File::
c:\windows\Tasks\AdwareBot Scheduled Scan.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Post them along with a new HijackThis log.
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#9 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 02 April 2009 - 11:29 AM

I didn't see My Web Search, and AdwareBot in Add/Remove Programs.

Before running the ComboFix, I accidentally double clicked on SmitfraudFix, but then I cancel the window without doing anything (by the way this time it was working. I was not getting any errors on this).

ComboFix Report:
ComboFix 09-03-31.02 - kuwait 2009-04-02 17:23:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.511.204 [GMT 3:00]
Running from: c:\documents and settings\kuwait\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kuwait\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\Tasks\AdwareBot Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\AdwareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-01 18:06 . 2009-04-01 18:13 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-04-01 18:06 . 2009-04-01 18:06 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-30 19:52 . 2009-03-30 19:55 <DIR> d-------- c:\program files\trend micro
2009-03-30 00:25 . 2001-08-17 22:36 99,328 --a------ c:\windows\system32\srusd.dll
2009-03-30 00:25 . 2001-08-17 22:36 99,328 --a--c--- c:\windows\system32\dllcache\srusd.dll
2009-03-30 00:25 . 2001-08-17 22:36 71,680 --a------ c:\windows\system32\fnfilter.dll
2009-03-30 00:25 . 2001-08-17 22:36 71,680 --a--c--- c:\windows\system32\dllcache\fnfilter.dll
2009-03-30 00:25 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys
2009-03-30 00:25 . 2001-08-17 13:53 6,784 --a--c--- c:\windows\system32\dllcache\serscan.sys
2009-03-29 18:55 . 2009-03-29 18:55 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-29 18:55 . 2009-03-29 18:55 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-29 18:42 . 2009-03-29 18:42 <DIR> d-------- c:\program files\AVG
2009-03-24 21:02 . 2009-03-27 13:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 21:02 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 21:02 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-22 23:20 . 2009-04-01 18:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-16 20:16 . 2009-03-30 22:50 <DIR> d-------- c:\documents and settings\kuwait\Application Data\skypePM
2009-03-16 20:16 . 2009-03-16 20:16 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> dr------- c:\program files\Skype
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-16 20:15 . 2009-03-16 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-10 17:51 . 2009-03-23 22:51 <DIR> d-------- c:\documents and settings\kuwait\Application Data\SUPERAntiSpyware.com
2009-03-10 17:51 . 2009-03-10 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-09 23:26 . 2009-04-02 17:20 <DIR> d-------- C:\My Downloads
2009-03-09 23:04 . 2009-03-09 23:04 <DIR> d-------- c:\documents and settings\kuwait\Application Data\Malwarebytes
2009-03-09 23:02 . 2009-03-09 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-07 20:25 . 2009-03-07 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 20:12 . 2009-03-09 23:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-02 20:09 . 2009-03-02 20:09 <DIR> d-------- c:\documents and settings\kuwait\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 20:49 --------- d-----w c:\documents and settings\kuwait\Application Data\Skype
2009-03-23 19:51 --------- d-----w c:\program files\SweetIM
2009-03-23 19:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-26 19:04 --------- d--h--w c:\program files\InstallShield Installation Information
2001-08-23 12:00 94,784 --sh--w c:\windows\twain.dll
2004-08-03 21:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-03 21:56 1,028,096 --sh--w c:\windows\system32\mfc42.dll
2004-08-03 21:56 54,784 --sh--w c:\windows\system32\msvcirt.dll
2004-08-03 21:56 413,696 --sh--w c:\windows\system32\msvcp60.dll
2004-08-03 21:56 343,040 --sh--w c:\windows\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w c:\windows\system32\oleaut32.dll
2004-08-03 21:56 83,456 --sh--w c:\windows\system32\olepro32.dll
2004-08-03 21:56 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 180,269 2006-08-11 12:47:25 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 256,576 2006-10-30 06:36:36 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 256,576 2006-10-30 06:36:36 c:\program files\iTunes\iTunesHelper.exe

----a-w 282,624 2006-10-25 15:58:18 c:\program files\QuickTime\bak\qttask.exe

----a-w 3,084,288 2005-08-19 16:34:02 c:\program files\Yahoo!\Messenger\bak\ypager.exe

----a-w 15,360 2004-08-03 21:56:50 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-03 21:56:50 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="~" [X]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 c:\windows\system32\TWEAKUI.CPL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-08-24 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-01 18:06 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
c:\windows\svchost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\progra~1\mcafee.com\agent\McAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\progra~1\McAfee.com\Agent\mcregwiz.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\progra~1\mcafee.com\agent\McUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
c:\program files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 08:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 13:48 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\progra~1\mcafee.com\vso\mcvsshld.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
c:\documents and settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
c:\program files\Yahoo!\Messenger\ypager.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
-ra------ 2000-06-18 23:03 106544 c:\windows\system32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sawa2Call\\Dialer\\Resources\\iaxdialer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 SDManager;SDManager; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-29 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-29 107912]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-01 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-01 298264]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ServiceLayer
*Deregistered* - sf
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-03-01 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwZp95Uj5JDwvJltcUBZZMdrmdq0G2Ps42eNYDJwPUq/+v4x7LBexPpVjgANmbblD/702GeZ5TAvBr7kNOUgcuz/EeZQexth3U
IE: &Search
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kuwait\Application Data\Mozilla\Firefox\Profiles\akikxgvw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 17:26:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-02 17:28:45
ComboFix-quarantined-files.txt 2009-04-02 14:28:19

Pre-Run: 61,695,385,600 bytes free
Post-Run: 62,333,296,640 bytes free

329 --- E O F --- 2009-04-01 17:07:51

HijackThis Report:
Logfile of random's system information tool 1.06 (written by random/random)
Run by kuwait at 2009-04-02 17:52:57
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (51%) free of 117 GB
Total RAM: 511 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:23, on 4/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kuwait\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\kuwait.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...gcuz/EeZQexth3U
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69E1B4A9-B8ED-450C-AF67-03FF49D4FC18}: NameServer = 195.226.228.72 195.226.228.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:TLLX...r/7350_1024.jpg

--
End of file - 7205 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-29 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll []
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"BigDog303"=C:\WINDOWS\VM303_STI.EXE [2005-10-25 61440]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-03-27 111928]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-01 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=~ []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2007-11-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2004-08-06 860160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
TWEAKUI.CPL,TweakMeUp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Documents and Settings\kuwait\Desktop\setups\VoipBuster.com\VoipBuster\voipbuster.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-01 10520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe"="C:\Program Files\Sawa2Call\Dialer\Resources\iaxdialer.exe:*:Enabled:iaxdialer"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-04-02 17:52:57 ----D---- C:\rsit
2009-04-02 17:42:04 ----SHD---- C:\RECYCLER
2009-04-02 17:40:43 ----D---- C:\WINDOWS\temp
2009-04-02 17:40:41 ----A---- C:\ComboFix.txt
2009-04-02 17:23:08 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-02 17:23:03 ----D---- C:\Qoobox
2009-04-01 20:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-04-01 20:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB903235$
2009-04-01 18:06:24 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-01 17:38:37 ----A---- C:\WINDOWS\zip.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\VFIND.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\SWSC.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\SWREG.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\sed.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\grep.exe
2009-04-01 17:38:37 ----A---- C:\WINDOWS\fdsv.exe
2009-04-01 17:38:33 ----D---- C:\WINDOWS\ERDNT
2009-03-30 19:52:34 ----D---- C:\Program Files\trend micro
2009-03-30 00:25:58 ----A---- C:\WINDOWS\system32\srusd.dll
2009-03-30 00:25:57 ----A---- C:\WINDOWS\system32\fnfilter.dll
2009-03-29 18:42:18 ----D---- C:\Program Files\AVG
2009-03-24 21:02:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 23:20:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-16 20:16:57 ----D---- C:\Documents and Settings\kuwait\Application Data\skypePM
2009-03-16 20:15:30 ----D---- C:\Program Files\Common Files\Skype
2009-03-16 20:15:28 ----RD---- C:\Program Files\Skype
2009-03-16 20:15:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-10 17:51:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-10 17:51:27 ----D---- C:\Documents and Settings\kuwait\Application Data\SUPERAntiSpyware.com
2009-03-09 23:26:42 ----D---- C:\My Downloads
2009-03-09 23:04:46 ----D---- C:\Documents and Settings\kuwait\Application Data\Malwarebytes
2009-03-09 23:02:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-07 20:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-05 20:12:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2009-04-02 17:54:51 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-04-02 17:53:05 ----D---- C:\WINDOWS\Prefetch
2009-04-02 17:44:38 ----D---- C:\Program Files\Mozilla Firefox
2009-04-02 17:40:44 ----D---- C:\WINDOWS\system32
2009-04-02 17:40:43 ----D---- C:\WINDOWS
2009-04-02 17:38:18 ----A---- C:\WINDOWS\system.ini
2009-04-02 17:37:40 ----D---- C:\WINDOWS\system32\drivers
2009-04-02 17:37:40 ----D---- C:\WINDOWS\AppPatch
2009-04-02 17:37:34 ----D---- C:\Program Files\Common Files
2009-04-02 17:36:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-02 17:35:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-02 17:25:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-02 17:24:32 ----SD---- C:\WINDOWS\Tasks
2009-04-01 20:07:50 ----HD---- C:\WINDOWS\inf
2009-04-01 20:07:37 ----A---- C:\WINDOWS\imsins.BAK
2009-04-01 19:33:48 ----D---- C:\WINDOWS\Minidump
2009-04-01 17:50:48 ----SHD---- C:\System Volume Information
2009-04-01 17:50:48 ----D---- C:\WINDOWS\system32\Restore
2009-04-01 17:41:46 ----D---- C:\WINDOWS\system32\config
2009-03-30 23:49:09 ----D---- C:\Documents and Settings\kuwait\Application Data\Skype
2009-03-30 19:52:34 ----RD---- C:\Program Files
2009-03-30 00:26:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-29 18:42:06 ----SHD---- C:\WINDOWS\Installer
2009-03-24 20:51:53 ----D---- C:\WINDOWS\system
2009-03-24 20:36:26 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-23 22:51:35 ----D---- C:\Program Files\SweetIM
2009-03-23 22:51:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-22 22:29:56 ----D---- C:\WINDOWS\WinSxS
2009-03-22 22:29:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-09 23:29:37 ----D---- C:\Documents and Settings\kuwait\Application Data\Mozilla
2009-03-07 20:42:09 ----D---- C:\temp
2009-03-07 20:41:59 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-29 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-01 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-29 107912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-08-11 9856]
R3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
R4 catchme;catchme; \??\C:\DOCUME~1\kuwait\LOCALS~1\Temp\catchme.sys []
S1 SDManager;SDManager; \??\C:\Program Files\SpywareDetector\SDManager.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-06-13 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-06-13 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-06-13 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-06-13 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 ZSMC303;USB PC Camera H; C:\WINDOWS\System32\Drivers\usbVM303.sys [2005-10-27 390849]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-04-01 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-01 298264]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-24 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2004-08-04 26112]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


Also, I forgot to mention in my last post that, after running the ComboFix yesterday, I was able to install AVG 8.5.283 without any problems.


Now what next I have to do?

Edited by abc12345xyz, 02 April 2009 - 11:32 AM.


#10 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:36 AM

Posted 02 April 2009 - 01:17 PM

Hello,

How your computer its running now?

Regards
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#11 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 04 April 2009 - 12:02 PM

Computer is running much better, but still little slow.

Another thing is that MSN Windows is not opening automatically when windows starts, even though in the options of MSN it is already checked marked.

Is my computer safe now? All the viruses, infections, torjons, keyloggers, and all other nasty things are removed?

#12 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:36 AM

Posted 13 April 2009 - 07:07 AM

Is my computer safe now? All the viruses, infections, torjons, keyloggers, and all other nasty things are removed?

Good job, yours logs are clean :thumbup2:

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Here are some additional recomendations that will enhance your safety
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Glad i was able to help and please let me know if you still need assistence.Posted Image
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#13 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:11:36 AM

Posted 23 April 2009 - 07:41 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users