Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run Online AV Acanners (Trojan.Banker)


  • This topic is locked This topic is locked
9 replies to this topic

#1 MHz

MHz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 17 March 2009 - 06:41 PM

Hello, I am unable to install anything (Flash, Java, ActiveX, etc) from my web browser. Pressing the "Install" button just closes the pop-up window. Therefore, I am unable to run online AV scans; Kaspersky, F-Secure, Panda, they all fail. Additionally, an MBAM scan indicates the presence of "Trojan.Banker". Any help will be greatly appreciated.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Stuart at 19:31:00.23 on Tue 03/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.210 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Stuart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\System32\browseui.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://74.92.182.42/activex/AMC.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-4-30 372816]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-12 138680]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-12 352920]
S3 cpuz130;cpuz130;\??\c:\docume~1\stuart\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\stuart\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S4 Microsoft Java Runtime Environment;Microsoft Java Runtime Environment;"c:\windows\java\mstdc.exe" --> c:\windows\java\mstdc.exe [?]

=============== Created Last 30 ================

2009-03-15 01:52 <DIR> --d----- C:\ComboFix
2009-03-14 21:51 250 a------- c:\windows\gmer.ini
2009-03-14 19:58 <DIR> --d----- c:\program files\iPod
2009-03-14 19:57 <DIR> --d----- c:\program files\iTunes
2009-03-14 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 19:52 <DIR> --d----- c:\program files\Bonjour
2009-03-14 13:07 <DIR> a-dshr-- C:\cmdcons
2009-03-14 13:04 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-13 11:03 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-13 10:26 <DIR> --d----- c:\windows\system32\scripting
2009-03-13 10:26 <DIR> --d----- c:\windows\l2schemas
2009-03-13 10:26 <DIR> --d----- c:\windows\system32\en
2009-03-13 09:40 <DIR> --d----- c:\program files\Windows Resource Kits
2009-03-13 09:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-13 09:08 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-13 09:08 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-13 09:08 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-13 09:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-13 09:07 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-13 09:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-13 09:07 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-13 09:07 <DIR> --d----- C:\319078924ed352f6b7c0
2009-03-13 09:02 <DIR> --d----- c:\program files\MSXML 6.0
2009-03-13 01:12 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-11 20:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 20:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 20:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 02:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-10 17:25 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-10 16:47 <DIR> --d----- c:\program files\CCleaner
2009-03-10 16:45 <DIR> --d----- C:\Utilities
2009-03-05 15:38 100 a------- c:\windows\system32\wh
2009-03-04 16:48 <DIR> --d----- c:\docume~1\stuart\applic~1\Malwarebytes
2009-03-04 16:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 18:01 <DIR> --d----- c:\program files\common files\ODBC

==================== Find3M ====================

2009-03-14 21:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-13 10:30 89,443 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 23:29 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-08 14:23 79,872 a--sh--- c:\windows\system32\nevibuni.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-01 19:57 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-01 19:55 8 ---shr-- c:\docume~1\alluse~1\applic~1\61DFA2E930.sys
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 01:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 01:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-06-30 00:17 6,530,575 a------- c:\program files\Adobe.zip
2007-09-06 09:29 23,402,288 a------- c:\program files\AdbeRdr810_en_US.exe
2006-04-29 23:48 161 a---h--- c:\documents and settings\stuart\hpothb07.dat
2005-04-22 23:10 5,561,273 a------- c:\program files\TechSmith.zip
2004-03-04 22:26 1,293,028 a------- c:\program files\mp3cnvsetup.exe
2004-03-02 17:48 5,737,365 a------- c:\program files\LimeWireWin.exe
2003-03-25 22:26 19,556 a------- c:\program files\04B_24__.TTF
2003-03-25 22:24 17,892 a------- c:\program files\04B_03B_.TTF
2002-10-04 16:09 204,800 a------- c:\windows\inf\FXPlugin.dll
2001-08-05 01:19 105,084 a------- c:\program files\SCRIPTIN.TTF
1999-12-08 23:04 19,260 a------- c:\program files\04B_03__.TTF
1998-08-02 01:28 57,448 a------- c:\program files\Uptown__.ttf
1998-04-08 11:47 32,484 a------- c:\program files\punkass_.ttf

============= FINISH: 19:31:11.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 24 March 2009 - 07:12 PM

Hi MHz,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool (I see Combofix entry) or have made a major change to the system since your last post. In case you have run other tools please provide the logs if available. Also tell me how is the current condition of your computer.

  • I see on the log you have beside Avast antivirus and ZoneAlarm firewall entries related to Norton antivirus. Tell me if Norton entries are the remains of previously uninstalled Norton.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 MHz

MHz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 24 March 2009 - 07:35 PM

Hello farbar, and thanks for your help. I apologize for my second post. The answers to your questions:

1. I have not run any tool since my original post. In fact, I shut down the computer after I posted so that NO changes would be made. Combofix was run prior to the original post.

2. Norton AV has been removed from the machine; however, there is still an entry for Norton WMI Update that I have thus far been unable to remove. When I attempt to do so, I get the following message: "A product that requires Norton WMI Update is still installed on this system."

3. My RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stuart at 2009-03-24 20:26:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 510 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:25 PM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Stuart\Desktop\RSIT.exe
C:\Program Files\trend micro\Stuart.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://74.92.182.42/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Harry Potter and the Goblet of Fire Movie Countdown - http://www.mugglenet.com/countdown/gof-countdown.php?o=nov18

--
End of file - 9057 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-04-14 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-08-30 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-04-14 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe [2002-04-24 1544192]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-02-19 755472]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-18 180269]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-16 531272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\PROGRA~1\AIM\aim.exe [2005-08-05 67160]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\PROGRA~1\QUICKT~1\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-18 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.5.lnk]
C:\Program Files\LimeWire\LimeWire 4.0.5\LimeWire.exe -startup []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\JAVA.EXE"="C:\WINDOWS\SYSTEM32\JAVA.EXE:*:Enabled:JAVA"
"C:\Program Files\AIM\AIM95_c4\aim.exe"="C:\Program Files\AIM\AIM95_c4\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\AIM\aim_c002.exe"="C:\Program Files\AIM\aim_c002.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim_c003.exe"="C:\Program Files\AIM\aim_c003.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim_c004.exe"="C:\Program Files\AIM\aim_c004.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim_c005.exe"="C:\Program Files\AIM\aim_c005.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim_c006.exe"="C:\Program Files\AIM\aim_c006.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\Program Files\AIM\AIM95_c3\aim.exe"="C:\Program Files\AIM\AIM95_c3\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{103b51f2-c919-11db-802c-000d5664e46c}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\nevibuni.dll
2009-03-24 20:26:02 ----D---- C:\Program Files\trend micro
2009-03-24 20:26:01 ----D---- C:\rsit
2009-03-15 01:53:26 ----SHD---- C:\RECYCLER
2009-03-15 01:52:39 ----D---- C:\ComboFix
2009-03-15 01:51:52 ----D---- C:\32788R22FWJFW
2009-03-15 00:10:58 ----A---- C:\ComboFix.txt
2009-03-14 21:51:42 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-03-14 21:51:42 ----A---- C:\WINDOWS\gmer.ini
2009-03-14 21:51:42 ----A---- C:\WINDOWS\gmer.dll
2009-03-14 21:51:41 ----A---- C:\WINDOWS\gmer.exe
2009-03-14 19:58:18 ----D---- C:\Program Files\iPod
2009-03-14 19:57:56 ----D---- C:\Program Files\iTunes
2009-03-14 19:57:56 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 19:52:11 ----D---- C:\Program Files\Bonjour
2009-03-14 13:08:07 ----A---- C:\Boot.bak
2009-03-14 13:07:53 ----RASHD---- C:\cmdcons
2009-03-14 13:05:24 ----D---- C:\WINDOWS\ERDNT
2009-03-14 13:04:11 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-13 22:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-13 22:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-13 16:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-03-13 16:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-13 10:43:20 ----D---- C:\WINDOWS\Prefetch
2009-03-13 10:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-13 10:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-13 10:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-13 10:35:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-13 10:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-13 10:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-13 10:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-13 10:35:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-13 10:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-13 10:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-13 10:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-13 10:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-13 10:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-13 10:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-13 10:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-13 10:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-13 10:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-13 10:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-13 10:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-13 10:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-13 10:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-13 10:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-13 10:26:24 ----D---- C:\WINDOWS\system32\scripting
2009-03-13 10:26:22 ----D---- C:\WINDOWS\l2schemas
2009-03-13 10:26:21 ----D---- C:\WINDOWS\system32\en
2009-03-13 10:26:21 ----D---- C:\Program Files\msn
2009-03-13 09:40:19 ----D---- C:\Program Files\Windows Resource Kits
2009-03-13 09:21:51 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-13 09:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-13 09:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-13 09:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-13 09:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-13 09:09:02 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-13 09:08:55 ----D---- C:\Program Files\MSBuild
2009-03-13 09:08:41 ----D---- C:\Program Files\Reference Assemblies
2009-03-13 09:08:00 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-13 09:07:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-13 09:07:59 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-13 09:07:57 ----D---- C:\319078924ed352f6b7c0
2009-03-13 09:02:24 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-03-13 09:02:15 ----D---- C:\Program Files\MSXML 6.0
2009-03-13 01:12:13 ----D---- C:\Program Files\MSXML 4.0
2009-03-13 01:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-03-13 01:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-03-13 01:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-03-12 07:20:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-03-11 20:54:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-11 19:50:49 ----D---- C:\Program Files\HijackThis
2009-03-11 02:29:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-10 17:25:24 ----D---- C:\Program Files\EsetOnlineScanner
2009-03-10 16:47:07 ----D---- C:\Program Files\CCleaner
2009-03-10 16:45:02 ----D---- C:\Utilities
2009-03-04 16:48:42 ----D---- C:\Documents and Settings\Stuart\Application Data\Malwarebytes
2009-03-04 16:48:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-02 21:08:15 ----D---- C:\Program Files\Alwil Software
2009-02-25 18:01:54 ----D---- C:\Program Files\Common Files\ODBC
2009-02-03 21:36:51 ----D---- C:\WINDOWS\system32\Adobe
2009-02-01 23:02:53 ----D---- C:\Documents and Settings\Stuart\Application Data\Corel
2009-02-01 23:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2009-02-01 22:52:50 ----D---- C:\Program Files\Common Files\Corel
2009-02-01 22:07:49 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-01 19:41:49 ----D---- C:\Program Files\Corel
2009-02-01 19:08:53 ----D---- C:\Documents and Settings\Stuart\Application Data\InstallShield
2009-01-27 19:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-01-27 19:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-01-27 19:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-01-27 19:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-01-27 19:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-27 19:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-27 19:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-01-27 19:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-01-27 19:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-01-27 19:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-01-27 18:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-27 18:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-01-27 18:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-01-27 18:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-01-27 18:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-01-27 18:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-01-27 18:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-01-27 18:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-01-27 18:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-01-27 18:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-01-27 18:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-01-27 18:55:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-01-27 11:48:45 ----D---- C:\WINDOWS\system32\Futuremark
2009-01-27 11:48:42 ----D---- C:\Program Files\Common Files\Futuremark Shared
2009-01-26 08:49:24 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-25 23:18:10 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-01-25 19:46:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-25 19:46:39 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-25 19:46:39 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-25 19:46:20 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-25 19:46:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-25 19:46:12 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-25 19:46:11 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-25 19:46:09 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-25 19:46:08 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-25 19:46:08 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-25 19:46:02 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-25 19:45:47 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-25 19:45:47 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-25 19:45:47 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-25 19:45:45 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-01-25 19:45:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-25 19:45:42 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-25 19:45:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-25 19:45:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-25 19:45:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-25 19:45:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-25 19:44:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-25 19:44:56 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-25 19:44:54 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-25 19:44:54 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-25 19:44:54 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-25 19:44:53 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-25 19:44:37 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-25 19:44:36 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-25 19:43:59 ----A---- C:\WINDOWS\006172_.tmp
2009-01-25 19:43:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-25 19:43:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-25 19:43:55 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-25 19:43:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-25 19:43:48 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-25 19:43:46 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-25 19:43:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-25 19:43:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-25 19:43:40 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-25 19:43:31 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-25 19:43:30 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-25 19:43:17 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-25 18:26:14 ----D---- C:\Program Files\QuickTime
2009-01-25 18:22:52 ----D---- C:\Program Files\Apple Software Update
2009-01-25 18:21:57 ----D---- C:\Program Files\Common Files\Apple
2009-01-25 18:21:56 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-25 17:43:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-25 17:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-01-25 17:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

======List of files/folders modified in the last 3 months======

2009-03-24 20:26:02 ----AD---- C:\Program Files
2009-03-24 20:23:08 ----D---- C:\WINDOWS\Temp
2009-03-24 20:19:56 ----D---- C:\WINDOWS\Internet Logs
2009-03-18 00:06:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-16 08:44:26 ----D---- C:\WINDOWS
2009-03-16 07:48:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-15 01:56:32 ----SHD---- C:\WINDOWS\Installer
2009-03-15 01:56:24 ----D---- C:\Config.Msi
2009-03-15 01:55:58 ----AD---- C:\WINDOWS\SYSTEM32
2009-03-15 01:52:56 ----SHD---- C:\System Volume Information
2009-03-15 01:52:56 ----D---- C:\WINDOWS\system32\Restore
2009-03-15 01:43:04 ----D---- C:\WINDOWS\WinSxS
2009-03-15 01:42:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-15 01:42:38 ----D---- C:\Program Files\Common Files\Adobe
2009-03-15 01:42:37 ----D---- C:\Program Files\Adobe
2009-03-15 00:03:17 ----A---- C:\WINDOWS\system.ini
2009-03-15 00:00:59 ----D---- C:\WINDOWS\system32\DRIVERS
2009-03-15 00:00:59 ----D---- C:\WINDOWS\AppPatch
2009-03-15 00:00:46 ----AD---- C:\Program Files\Common Files
2009-03-14 20:17:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-14 19:59:00 ----HD---- C:\WINDOWS\INF
2009-03-14 19:58:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-14 14:31:26 ----D---- C:\Program Files\Java
2009-03-14 14:27:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-14 14:27:14 ----D---- C:\WINDOWS\Wireless
2009-03-14 13:13:41 ----D---- C:\WINDOWS\system32\CONFIG
2009-03-14 13:08:07 ----RASH---- C:\BOOT.INI
2009-03-13 22:19:31 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-03-13 20:52:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-13 17:02:51 ----D---- C:\WINDOWS\Debug
2009-03-13 16:26:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-13 10:45:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-13 10:44:30 ----D---- C:\Program Files\Windows Media Player
2009-03-13 10:42:15 ----RSD---- C:\WINDOWS\Fonts
2009-03-13 10:42:15 ----D---- C:\WINDOWS\system32\WBEM
2009-03-13 10:42:15 ----D---- C:\WINDOWS\system32\Setup
2009-03-13 10:38:31 ----D---- C:\WINDOWS\SECURITY
2009-03-13 10:33:12 ----D---- C:\Program Files\Messenger
2009-03-13 10:27:00 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-13 10:26:45 ----D---- C:\WINDOWS\network diagnostic
2009-03-13 10:26:45 ----AD---- C:\WINDOWS\system32\INETSRV
2009-03-13 10:26:44 ----D---- C:\WINDOWS\Help
2009-03-13 10:26:44 ----AD---- C:\WINDOWS\IME
2009-03-13 10:26:27 ----D---- C:\WINDOWS\system32\en-US
2009-03-13 10:26:26 ----AD---- C:\WINDOWS\system32\USMT
2009-03-13 10:26:20 ----D---- C:\WINDOWS\system32\bits
2009-03-13 10:26:20 ----D---- C:\WINDOWS\peernet
2009-03-13 10:26:20 ----D---- C:\Program Files\Movie Maker
2009-03-13 10:22:49 ----AD---- C:\WINDOWS\system32\NPP
2009-03-13 10:22:49 ----AD---- C:\WINDOWS\MUI
2009-03-13 10:22:48 ----AD---- C:\WINDOWS\MSAGENT
2009-03-13 10:22:47 ----D---- C:\WINDOWS\SRCHASST
2009-03-13 10:22:44 ----D---- C:\Program Files\NetMeeting
2009-03-13 10:22:43 ----D---- C:\WINDOWS\system32\Com
2009-03-13 10:22:39 ----D---- C:\Program Files\Windows NT
2009-03-13 10:22:39 ----D---- C:\Program Files\Outlook Express
2009-03-13 10:22:36 ----D---- C:\Program Files\Common Files\System
2009-03-13 10:22:18 ----AD---- C:\WINDOWS\system32\OOBE
2009-03-13 10:22:16 ----AD---- C:\WINDOWS\SYSTEM
2009-03-13 10:20:49 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-13 10:20:46 ----RSD---- C:\WINDOWS\assembly
2009-03-13 10:18:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-13 10:07:55 ----D---- C:\WINDOWS\EHome
2009-03-13 09:27:24 ----D---- C:\Program Files\Internet Explorer
2009-03-13 09:19:45 ----D---- C:\WINDOWS\ie7updates
2009-03-13 09:08:20 ----D---- C:\WINDOWS\system32\SPOOL
2009-03-11 21:54:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-11 21:17:12 ----SD---- C:\WINDOWS\Tasks
2009-03-11 21:13:02 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-03-11 21:12:53 ----D---- C:\Program Files\Norton AntiVirus
2009-03-11 02:29:30 ----D---- C:\Documents and Settings\Stuart\Application Data\SUPERAntiSpyware.com
2009-03-11 02:28:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-10 20:42:11 ----D---- C:\WINDOWS\Minidump
2009-03-09 23:17:31 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-03-09 18:55:22 ----SHD---- C:\WINDOWS\CSC
2009-03-03 23:00:21 ----D---- C:\Program Files\Symantec AntiVirus
2009-03-02 23:19:32 ----D---- C:\Program Files\SearchRelevant
2009-03-02 23:15:35 ----D---- C:\Program Files\LimeShop
2009-03-02 21:06:21 ----D---- C:\Program Files\AIM
2009-02-03 21:38:17 ----D---- C:\Documents and Settings\Stuart\Application Data\Adobe
2009-02-01 22:06:50 ----D---- C:\WINDOWS\system32\Macromed
2009-02-01 22:06:50 ----AD---- C:\WINDOWS\system32\MUI
2009-01-27 11:48:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-26 09:05:02 ----D---- C:\Program Files\Lavasoft
2009-01-26 09:04:47 ----D---- C:\Documents and Settings\Stuart\Application Data\Lavasoft
2009-01-26 09:04:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-26 08:48:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-25 23:15:21 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-01-25 17:46:11 ----D---- C:\Program Files\Xfire
2009-01-25 17:46:08 ----D---- C:\Program Files\support.com
2009-01-25 17:45:04 ----D---- C:\Program Files\Modem Helper
2009-01-25 17:44:59 ----D---- C:\Program Files\Microsoft Office
2009-01-25 17:44:57 ----D---- C:\Program Files\LimeWire
2009-01-25 17:44:43 ----D---- C:\Program Files\Jasc Software Inc
2009-01-25 17:44:34 ----D---- C:\Program Files\Creative
2009-01-25 17:44:34 ----D---- C:\Program Files\Common Files\Vbox
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-02-19 372816]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-02 1063936]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-07-02 202368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-03-06 28256]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-02 631680]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Stuart\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-08-17 153631]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-02 20648]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2006-02-19 1693448]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-14 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
S4 Microsoft Java Runtime Environment;Microsoft Java Runtime Environment; C:\WINDOWS\java\mstdc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 24 March 2009 - 08:07 PM

Hi again,

You could have posted the Combofix and MBAM log.
We will attend to IE install problem the next round. First lets do some cleaning and see some logs.

BTW: It is too late here, I'm going to get some sleep, will look the logs ove tomorrow.
  • Go to start => Run => Copy/paste the following lines one by one in the run box and click OK after each line.

    sc delete cpuz130
    sc delete "Microsoft Java Runtime Environment"
    cmd /c del /a /f "C:\WINDOWS\tasks\rpc.job"


  • To remove Norton leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Delete your copy of Combofix from your desktop if you still have it and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Run Hijackthis downloaded by RSIT (your version is outdated). If you don't know how go to start > Run and copy and paste the following and click OK:

    "C:\Program Files\trend micro\Stuart.exe"

    Click "Do a system scan and safe a logfile". Post the content of the log.
Please include in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 MHz

MHz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 24 March 2009 - 10:10 PM

Farbar, I ran the commands as instructed, downloaded and ran the Norton Removal Tool, ran the requested scans, deleted the old Combofix, and downloaded a fresh one. Everything appeared to work without any problems. Here are the logs:

Malwarebytes' Anti-Malware 1.34
Database version: 1893
Windows 5.1.2600 Service Pack 3

3/24/2009 10:22:19 PM
mbam-log-2009-03-24 (22-22-19).txt

Scan type: Quick Scan
Objects scanned: 79354
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 09-03-23.01 - Stuart 2009-03-24 22:25:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.242 [GMT -4:00]
Running from: c:\documents and settings\Stuart\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090324-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 20:26 . 2009-03-24 20:26 <DIR> d-------- C:\rsit
2009-03-24 20:26 . 2009-03-24 20:26 <DIR> d-------- c:\program files\trend micro
2009-03-14 21:51 . 2009-03-14 22:18 250 --a------ c:\windows\gmer.ini
2009-03-14 19:58 . 2009-03-14 19:58 <DIR> d-------- c:\program files\iPod
2009-03-14 19:57 . 2009-03-14 19:58 <DIR> d-------- c:\program files\iTunes
2009-03-14 19:57 . 2009-03-14 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 19:52 . 2009-03-14 19:52 <DIR> d-------- c:\program files\Bonjour
2009-03-14 13:04 . 2009-03-14 13:04 <DIR> d-------- c:\windows\SYSTEM32\LogFiles
2009-03-13 11:03 . 2009-01-09 15:19 1,089,593 --------- c:\windows\SYSTEM32\DLLCACHE\ntprint.cat
2009-03-13 10:26 . 2009-03-13 10:26 <DIR> d-------- c:\windows\SYSTEM32\scripting
2009-03-13 10:26 . 2009-03-13 10:26 <DIR> d-------- c:\windows\SYSTEM32\en
2009-03-13 10:26 . 2009-03-13 10:26 <DIR> d-------- c:\windows\l2schemas
2009-03-13 09:40 . 2009-03-13 09:40 <DIR> d-------- c:\program files\Windows Resource Kits
2009-03-13 09:09 . 2009-03-13 09:09 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2009-03-13 09:08 . 2009-03-13 09:08 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-13 09:08 . 2009-03-13 09:08 <DIR> d-------- c:\program files\MSBuild
2009-03-13 09:08 . 2008-07-06 06:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2009-03-13 09:08 . 2008-07-06 08:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2009-03-13 09:08 . 2008-07-06 08:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2009-03-13 09:07 . 2009-03-13 09:08 <DIR> d-------- C:\319078924ed352f6b7c0
2009-03-13 09:07 . 2008-07-06 08:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2009-03-13 09:07 . 2008-07-06 08:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2009-03-13 09:07 . 2008-07-06 08:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2009-03-13 09:07 . 2008-07-06 08:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2009-03-13 09:02 . 2009-03-13 09:02 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-13 01:12 . 2009-03-13 01:12 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-11 20:54 . 2009-03-11 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-11 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-11 02:29 . 2009-03-11 02:29 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-10 17:25 . 2009-03-10 23:01 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-10 16:47 . 2009-03-10 16:47 <DIR> d-------- c:\program files\CCleaner
2009-03-10 16:45 . 2009-03-13 09:40 <DIR> d-------- C:\Utilities
2009-03-05 15:38 . 2009-03-06 19:38 100 --a------ c:\windows\SYSTEM32\wh
2009-03-04 16:48 . 2009-03-04 16:48 <DIR> d-------- c:\documents and settings\Stuart\Application Data\Malwarebytes
2009-03-04 16:48 . 2009-03-04 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-02 21:08 . 2009-03-02 21:08 <DIR> d-------- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 05:42 --------- d-----w c:\program files\Common Files\Adobe
2009-03-15 01:08 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-14 23:58 --------- d-----w c:\program files\Common Files\Apple
2009-03-14 18:31 --------- d-----w c:\program files\Java
2009-03-11 06:29 --------- d-----w c:\documents and settings\Stuart\Application Data\SUPERAntiSpyware.com
2009-03-11 06:28 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-10 03:29 2,516 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2009-03-08 18:23 79,872 --sha-w c:\windows\SYSTEM32\nevibuni.dll
2009-03-04 03:00 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-03 03:19 --------- d-----w c:\program files\SearchRelevant
2009-03-03 03:15 --------- d-----w c:\program files\LimeShop
2009-03-03 01:06 --------- d-----w c:\program files\AIM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-02 03:04 --------- d-----w c:\documents and settings\Stuart\Application Data\Corel
2009-02-02 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-02 02:56 --------- d-----w c:\program files\Common Files\Corel
2009-02-02 02:52 --------- d-----w c:\program files\Corel
2009-02-01 23:57 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-02-01 23:55 8 --sh--r c:\documents and settings\All Users\Application Data\61DFA2E930.sys
2009-02-01 23:08 --------- d-----w c:\documents and settings\Stuart\Application Data\InstallShield
2009-01-27 23:37 --------- d-----w c:\program files\QuickTime
2009-01-27 15:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 15:48 --------- d-----w c:\program files\Common Files\Futuremark Shared
2009-01-26 13:05 --------- d-----w c:\program files\Lavasoft
2009-01-26 13:04 --------- d-----w c:\documents and settings\Stuart\Application Data\Lavasoft
2009-01-26 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-26 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-01-26 03:15 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-25 22:22 --------- d-----w c:\program files\Apple Software Update
2009-01-25 22:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-25 21:46 --------- d-----w c:\program files\Xfire
2009-01-25 21:46 --------- d-----w c:\program files\support.com
2009-01-25 21:45 --------- d-----w c:\program files\Modem Helper
2009-01-25 21:44 --------- d-----w c:\program files\LimeWire
2009-01-25 21:44 --------- d-----w c:\program files\Jasc Software Inc
2009-01-25 21:44 --------- d-----w c:\program files\Creative
2009-01-25 21:44 --------- d-----w c:\program files\Common Files\Vbox
2009-01-17 01:35 3,594,752 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-30 04:17 6,530,575 ----a-w c:\program files\Adobe.zip
2007-09-06 13:29 23,402,288 ----a-w c:\program files\AdbeRdr810_en_US.exe
2006-04-30 03:48 161 ---ha-w c:\documents and settings\Stuart\hpothb07.dat
2005-04-23 03:10 5,561,273 ----a-w c:\program files\TechSmith.zip
2004-03-05 02:26 1,293,028 ----a-w c:\program files\mp3cnvsetup.exe
2004-03-02 21:48 5,737,365 ----a-w c:\program files\LimeWireWin.exe
2003-03-26 02:26 19,556 ----a-w c:\program files\04B_24__.TTF
2003-03-26 02:24 17,892 ----a-w c:\program files\04B_03B_.TTF
2002-10-04 20:09 204,800 ----a-w c:\windows\INF\FXPlugin.dll
2001-08-05 05:19 105,084 ----a-w c:\program files\SCRIPTIN.TTF
1999-12-09 03:04 19,260 ----a-w c:\program files\04B_03__.TTF
1998-08-02 05:28 57,448 ----a-w c:\program files\Uptown__.ttf
1998-04-08 15:47 32,484 ----a-w c:\program files\punkass_.ttf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\progra~1\AIM\aim.exe" [2005-08-05 67160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [2002-04-24 1544192]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-02-19 755472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-18 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-02-25 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.5.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LimeWire 4.0.5.lnk
backup=c:\windows\pss\LimeWire 4.0.5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\progra~1\QUICKT~1\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-17 11:43 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-18 22:22 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\AIM95_c4\\aim.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim_c002.exe"=
"c:\\Program Files\\AIM\\aim_c003.exe"=
"c:\\Program Files\\AIM\\aim_c004.exe"=
"c:\\Program Files\\AIM\\aim_c005.exe"=
"c:\\Program Files\\AIM\\aim_c006.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14983:TCP"= 14983:TCP:BitComet 14983 TCP
"14983:UDP"= 14983:UDP:BitComet 14983 UDP

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2009-03-12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2009-03-12 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{103b51f2-c919-11db-802c-000d5664e46c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.yahoo.com
mWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://74.92.182.42/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 22:30:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-24 22:33:52
ComboFix-quarantined-files.txt 2009-03-25 02:33:03
ComboFix2.txt 2009-03-15 04:10:58

Pre-Run: 19,202,703,360 bytes free
Post-Run: 19,196,682,240 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
219 --- E O F --- 2009-03-14 02:19:35


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:42 PM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Stuart.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://74.92.182.42/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Harry Potter and the Goblet of Fire Movie Countdown - http://www.mugglenet.com/countdown/gof-countdown.php?o=nov18

--
End of file - 8085 bytes


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 25 March 2009 - 08:10 AM

Thanks for the detailed feedback.

We are going to try an online scanner.
  • Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

    cmd /c del /a /f "C:\WINDOWS\system32\nevibuni.dll
    cmd /c del /a /f "c:\program files\LimeWireWin.exe"


  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • To remove temporary files, disable browser add-ons, and reset all the changed settings:
    • Close all the open windows.
    • Go to start => Control Panel.
    • Open Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Click Reset again and OK.
  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    • Click on I Agree.
    • If an Active X warning box will appear Click on Install.
      Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
      "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
      Click on that and select: Install Active x.
    • Now Click On Start Scan. Please wait as it might take some time.
    • If it found anything when it finished click Click here to export the scan report
    • Give the report a name and save it. The file will be a .HTML file.
    • Please attach the file to your reply.
    • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
    • Highlight the file and click Open then press the green UPLOAD button.
  • Please copy and paste a fresh Hijackthis log to your reply.


#7 MHz

MHz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 25 March 2009 - 06:28 PM

Hello again farbar. I have done as instructed: I ran an HJT scan and the Browser Helper Object mentioned was present, so I "Fixed" (is that 'fixed' as in repaired, or 'fixed' as in like what one has done to a household pet?) it. I removed the temp files, browser add-ons, and reset the settings. And here is where progress was most prominent: I was able to run a Bit Defender scan (the report is attached [as an HTML file]). Lastly, a fresh HJT scan was run, the log follows.

Thank you immensely for your assistance thus far.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:00 PM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Stuart.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://74.92.182.42/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: Harry Potter and the Goblet of Fire Movie Countdown - http://www.mugglenet.com/countdown/gof-countdown.php?o=nov18

--
End of file - 8855 bytes

Attached Files



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 26 March 2009 - 03:46 AM

well done MHz. :thumbup2:

Good news you were able to install the Active X and run the scan.

is that 'fixed' as in repaired, or 'fixed' as in like what one has done to a household pet?


In this case it is not certainly the former, could have been the latter, to be precise it is more getting rid of the remains.

Everything looks good.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.

Please let me know Combofix uninstalled properly.

Happy Surfing!

#9 MHz

MHz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 26 March 2009 - 05:31 PM

Thank you for your help. Combofix appeared to have uninstalled without any problems. Take Care.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 26 March 2009 - 05:39 PM

You are welcome, glad I could help. You take care too.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users