Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need to rid my cpu of Mebroot Traojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 CurtDZ

CurtDZ

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 29 March 2009 - 05:24 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/213731/is-there-any-way-to-remove-mebroot-trojan/ ~ OB

Below is the DDS log i ran. My problem is there is a mebroot trojan being picked up by my NOD Smart Security while Malware Bytes and Super Anti-Spyware AND Spybot S&D have said al was clear no infections. NOD picks it up constantly and I have the updated version of smart security. Any help to remove this evil off of my cpu would be greatly appreciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:12:37.96 on Sun 03/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.230 [GMT -4:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TurboFTP\tftpsvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3115
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: []
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: []
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [Power2GoExpress] NA
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab53083.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: mlJYoOGA - mlJYoOGA.dll
Notify: xxyXrsPJ - xxyXrsPJ.dll
AppInit_DLLs: c:\windows\system32\guvutoho.dll ofctmn.dll c:\windows\system32\jotuwasi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\zibemupe.dll c:\windows\system32\tuhuhodi.dll c:\windows\system32\guvutoho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\gsdccrs7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-25 28544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2006-8-30 152576]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

=============== Created Last 30 ================

2009-03-27 03:00 286,208 a------- c:\program files\gmer.exe
2009-03-27 01:28 3,496,632 a------- c:\program files\Shockwave_Installer_Slim.exe
2009-03-26 20:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-26 20:49 1,409 a------- c:\windows\QTFont.for
2009-03-25 19:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-25 19:35 --d----- c:\program files\Panda Security
2009-03-25 19:34 175,504 a------- c:\program files\activescan2_en.exe
2009-03-24 23:57 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-24 23:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 23:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 23:57 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-24 23:57 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 23:55 2,876,728 a------- c:\program files\mbam-setup.exe
2009-03-22 23:25 --d----- C:\alsige
2009-03-22 22:53 --d----- c:\docume~1\owner\applic~1\ESET
2009-03-22 22:51 --d----- c:\program files\ESET
2009-03-22 22:47 --d----- c:\program files\n_o_d32new_70years
2009-03-20 20:43 2,204 a------- c:\windows\system32\tmp.reg
2009-03-20 20:16 2,324 a------- C:\SmithFraud Info.rtf
2009-03-20 19:59 --d----- C:\VundoFix Backups
2009-03-20 18:09 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-20 18:08 --d----- c:\program files\SUPERAntiSpyware
2009-03-20 18:08 --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-20 18:05 --d----- c:\program files\SUPER_Pro.1154.V4P2.1.RES
2009-03-20 03:10 153 a------- c:\windows\wininit.ini
2009-03-20 02:36 --d----- c:\program files\Spybot - Search & Destroy
2009-03-20 02:36 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-20 00:29 16,409,960 a------- c:\program files\spybotsd162.exe
2009-03-19 18:09 0 a------- c:\windows\system32\mapisvc.inf
2009-03-19 16:52 --d----- c:\program files\Spyware_Doctor_6.0.0.386
2009-03-18 14:22 1,211,904 a------- c:\program files\RapidUploader.exe
2009-03-17 02:29 1,845,948 a------- C:\miss kitty..wmv
2009-03-16 17:43 --d----- C:\thebizz
2009-03-15 04:19 --d----- c:\program files\McFunSoft Video Capture 6.8.1.569
2009-03-15 04:18 413,760 a------- c:\windows\system32\MPG4c32.dll
2009-03-15 04:18 316,640 a------- c:\windows\system32\WMSysPr9.prx
2009-03-15 04:18 425,984 a------- c:\windows\system32\xvid.dll
2009-03-15 04:17 --d----- c:\program files\Video Capture Convert Split Merge Burn Studio
2009-03-14 16:03 --d----- C:\blackandblue
2009-03-12 17:36 367 a------- C:\passwords.rtf
2009-03-12 00:58 --d----- C:\Scripts
2009-03-12 00:32 --d----- C:\cgd
2009-03-11 04:03 18,557,678 a------- c:\program files\VideoStudio.exe
2009-03-11 04:03 451 a------- c:\program files\McFunSoft Video Capture 6.8.1.569.zip
2009-03-10 12:03 --d----- c:\docume~1\owner\applic~1\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-03-08 20:11 4,712,891 a------- C:\100_0629.MOV
2009-03-08 20:11 6,405,082 a------- C:\100_0628.MOV
2009-03-07 17:48 182,784 a------- C:\dr flights 5-09.doc
2009-03-03 00:35 --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-03-03 00:21 13,440,584 a------- c:\program files\Install_AIM.exe
2009-03-01 16:46 65,973,672 a------- C:\100_0381.MOV

==================== Find3M ====================

2009-03-22 21:27 19,661,682 a------- c:\program files\n_o_d32new_70years.rar
2009-03-20 01:11 800,514 a------- c:\program files\GIF.www.neoskull.com.rar
2009-03-20 00:26 5,477,380 a------- c:\program files\SUPER_Pro.1154.V4P2.1.RES.rar
2009-03-20 00:18 2,588,807 a------- c:\program files\Micro.rar
2009-03-18 14:28 543 a------- c:\program files\log.xml
2009-03-18 14:28 129 a------- c:\program files\settings.ini
2009-03-16 02:27 100,000,000 a------- c:\program files\DWCS4.part1.rar
2009-03-16 02:24 49,859,334 a------- c:\program files\DWCS4.part2.rar
2009-02-26 15:50 34,440,759 a------- c:\program files\Lavasoft.Ad-Aware.Anniversary.Edition.v8.0.Full.Working.zip
2009-02-25 00:17 2,556,877 a------- c:\program files\friendblasterpro_v10_3_0.zip
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-02 01:11 12,642,115 a------- c:\program files\AVG.AS.Plus.43.BY.SOFT-BEST.NET.rar
2008-12-29 15:59 726,008 a------- c:\documents and settings\owner\gotomypc_438.exe
2008-12-29 04:38 8,466,146 a------- c:\program files\Ibit__AdvncdSystmCrePro3.1.1.rar
2008-12-27 15:32 8,981,504 a------- c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-12-23 01:17 2,904,384 a------- c:\program files\ca_yahooantispy_211_setup_en.exe
2008-12-07 15:35 1,851,544 a------- c:\program files\install_flash_player.exe
2008-12-03 22:15 436,800 a------- c:\program files\msgr9us.exe
2008-10-17 15:50 3,889,824 a------- c:\program files\downloadable_install_wizard.exe
2008-09-15 03:12 29,962,241 ac------ c:\program files\SUPERsetup.exe
2008-08-27 01:04 3,636,033 ac------ c:\program files\FileZilla_3.1.1.1_win32-setup.exe
2008-07-30 19:13 234,136 ac------ c:\program files\prismsetup.exe
2008-07-28 15:00 7,499,056 ac------ c:\program files\Firefox Setup 3.0.1.exe
2008-07-26 19:31 9,032,208 ac------ c:\program files\winamp554_full_emusic-7plus_en-us.exe
2008-05-11 21:44 3,124,473 ac------ c:\program files\FileZilla_3.0.9.3_win32-setup.exe
2008-04-23 21:04 3,121,465 ac------ c:\program files\FileZilla_3.0.9.2_win32-setup.exe
2008-03-16 18:55 3,124,922 ac------ c:\program files\FileZilla_3.0.8_win32-setup.exe
2008-03-12 19:27 4,523,064 ac------ c:\program files\PandoSetup.exe
2008-02-22 02:15 5,960 ac------ c:\docume~1\owner\applic~1\wklnhst.dat
2008-02-04 21:25 0 ac------ c:\program files\FileZilla_3.0.6_win32-setup.exe
2008-01-13 19:01 0 ac------ c:\program files\FileZilla_3.0.5.2_win32-setup.exe
2008-01-12 02:01 14,078,208 ac------ c:\program files\TU2008TrialEN.exe
2007-12-28 16:05 2,954,261 ac------ c:\program files\FileZilla_3.0.4.1_win32-setup.exe
2007-12-28 16:03 3,095,401 ac------ c:\program files\Portable Filezilla.exe
2007-09-06 00:25 15,681,090 ac------ c:\program files\WmrProInstall_8_0.exe
2007-09-06 00:18 3,420,998 ac------ c:\program files\WmrInstall_11_3.exe
2007-08-23 01:41 159,379 ac------ c:\program files\USBdrv.EXE
2007-08-22 14:39 4,871,611 ac------ c:\program files\mrcaptor.exe
2007-08-06 21:48 5,352,642 ac------ c:\program files\Total_Video_Converter_3.10.zip
2007-08-04 00:17 14,579,256 ac------ c:\program files\snagitup.exe
2007-07-24 22:05 2,437,248 ac------ c:\program files\yahoo_antispy_01.14.00_us_setup_.exe
2007-04-28 15:11 19,994,184 ac------ c:\program files\QuickTimeInstaller.exe
2007-04-24 23:39 7,932,168 ac------ c:\program files\pal_install_r17707.exe
2007-04-18 22:03 2,816,764 ac------ c:\program files\youtubed_setup.exe
2007-04-18 21:54 2,534,448 ac------ c:\program files\blaze-gif-creator.exe
2007-04-07 03:03 6,006,832 ac------ c:\program files\Firefox Setup 2.0.0.3.exe
2007-04-07 03:02 177,811 ac------ c:\program files\webdeveloper.xpi
2007-04-02 10:37 5,373,784 ac------ c:\program files\tvc.exe
2007-04-02 10:36 4,500 ac------ c:\program files\TVC310reg.rar
2007-02-02 16:27 5,408,600 ac------ c:\program files\tbftp.exe
2007-01-14 12:50 6,653,000 ac------ c:\program files\winamp532_full_emusic-7plus.exe
2006-12-24 23:20 50,896,944 ac------ c:\program files\drv_gc_w01_ENU.exe
2006-11-25 20:03 78,384 ac------ c:\program files\MySpaceIM_Setup.exe
2006-10-22 13:31 337 ac------ c:\docume~1\owner\applic~1\internaldb1942.dat
2006-10-22 06:43 13,046 ac------ c:\docume~1\owner\applic~1\internaldb5436.dat
2006-10-22 06:43 0 ac------ c:\docume~1\owner\applic~1\internaldb4604.dat
2006-10-22 04:06 179,200 ac------ c:\docume~1\owner\applic~1\internaldb4827.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb8253.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb3902.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb153.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb2391.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb6334.dat
2006-09-10 03:09 4,279,120 ac------ c:\program files\LimeWirePro.exe
2006-08-31 00:12 13,905,464 ac------ c:\program files\snagit.exe
2006-08-30 23:10 1,749,266 ac------ c:\program files\mgutil_433.exe
2006-08-30 22:05 19,193,560 ac------ c:\program files\nsb-install-8-1.exe
2006-08-30 20:20 9,359,560 ac------ c:\program files\Install_MSN_Messenger.exe
2006-08-30 18:59 3,800,811 ac------ c:\program files\wace265i.exe
2006-08-30 18:45 181,752 ac------ c:\program files\yinst_current.exe
2000-11-15 09:21 178,688 ac------ c:\program files\hjsplit.exe
2005-07-14 16:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll
2005-06-26 19:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-22 02:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-08-05 05:59 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 18:15:45.84 ===============

Edited by Orange Blossom, 30 March 2009 - 12:12 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:08 AM

Posted 07 April 2009 - 01:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 10 April 2009 - 11:39 PM

thank u for not 4getting about me. the DDS log is below


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 0:31:20.40 on Sat 04/11/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3115
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [<NO NAME>]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [Power2GoExpress] NA
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab53984.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab53083.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: mlJYoOGA - mlJYoOGA.dll
Notify: xxyXrsPJ - xxyXrsPJ.dll
AppInit_DLLs: c:\windows\system32\guvutoho.dll ofctmn.dll c:\windows\system32\jotuwasi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\zibemupe.dll c:\windows\system32\tuhuhodi.dll c:\windows\system32\guvutoho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\gsdccrs7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-09 20:58 <DIR> --d----- C:\Thick Klique Relaunch
2009-04-09 20:11 4,497,605 a------- C:\Illustrator.rar
2009-03-27 03:00 286,208 a------- c:\program files\gmer.exe
2009-03-27 01:28 3,496,632 a------- c:\program files\Shockwave_Installer_Slim.exe
2009-03-26 20:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-26 20:49 1,409 a------- c:\windows\QTFont.for
2009-03-25 19:36 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-25 19:35 <DIR> --d----- c:\program files\Panda Security
2009-03-25 19:34 175,504 a------- c:\program files\activescan2_en.exe
2009-03-24 23:57 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-24 23:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 23:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 23:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-24 23:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 23:55 2,876,728 a------- c:\program files\mbam-setup.exe
2009-03-22 23:25 <DIR> --d----- C:\alsige
2009-03-22 22:53 <DIR> --d----- c:\docume~1\owner\applic~1\ESET
2009-03-22 22:51 <DIR> --d----- c:\program files\ESET
2009-03-22 22:47 <DIR> --d----- c:\program files\n_o_d32new_70years
2009-03-20 20:43 2,204 a------- c:\windows\system32\tmp.reg
2009-03-20 20:16 2,324 a------- C:\SmithFraud Info.rtf
2009-03-20 19:59 <DIR> --d----- C:\VundoFix Backups
2009-03-20 18:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-20 18:08 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-20 18:08 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-20 18:05 <DIR> --d----- c:\program files\SUPER_Pro.1154.V4P2.1.RES
2009-03-20 03:10 153 a------- c:\windows\wininit.ini
2009-03-20 02:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-20 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-20 00:29 16,409,960 a------- c:\program files\spybotsd162.exe
2009-03-19 18:09 0 a------- c:\windows\system32\mapisvc.inf
2009-03-19 16:52 <DIR> --d----- c:\program files\Spyware_Doctor_6.0.0.386
2009-03-18 14:22 1,211,904 a------- c:\program files\RapidUploader.exe
2009-03-17 02:29 1,845,948 a------- C:\miss kitty..wmv
2009-03-16 17:43 <DIR> --d----- C:\thebizz
2009-03-15 04:19 <DIR> --d----- c:\program files\McFunSoft Video Capture 6.8.1.569
2009-03-15 04:18 413,760 a------- c:\windows\system32\MPG4c32.dll
2009-03-15 04:18 316,640 a------- c:\windows\system32\WMSysPr9.prx
2009-03-15 04:18 425,984 a------- c:\windows\system32\xvid.dll
2009-03-15 04:17 <DIR> --d----- c:\program files\Video Capture Convert Split Merge Burn Studio
2009-03-14 16:03 <DIR> --d----- C:\blackandblue
2009-03-12 17:36 367 a------- C:\passwords.rtf
2009-03-12 00:58 <DIR> --d----- C:\Scripts
2009-03-12 00:32 <DIR> --d----- C:\cgd

==================== Find3M ====================

2009-03-22 21:27 19,661,682 a------- c:\program files\n_o_d32new_70years.rar
2009-03-20 01:11 800,514 a------- c:\program files\GIF.www.neoskull.com.rar
2009-03-20 00:26 5,477,380 a------- c:\program files\SUPER_Pro.1154.V4P2.1.RES.rar
2009-03-20 00:18 2,588,807 a------- c:\program files\Micro.rar
2009-03-18 14:28 543 a------- c:\program files\log.xml
2009-03-18 14:28 129 a------- c:\program files\settings.ini
2009-03-16 02:27 100,000,000 a------- c:\program files\DWCS4.part1.rar
2009-03-16 02:24 49,859,334 a------- c:\program files\DWCS4.part2.rar
2009-03-11 04:04 18,557,678 a------- c:\program files\VideoStudio.exe
2009-03-11 04:03 451 a------- c:\program files\McFunSoft Video Capture 6.8.1.569.zip
2009-03-03 00:32 13,440,584 a------- c:\program files\Install_AIM.exe
2009-02-26 15:50 34,440,759 a------- c:\program files\Lavasoft.Ad-Aware.Anniversary.Edition.v8.0.Full.Working.zip
2009-02-25 00:17 2,556,877 a------- c:\program files\friendblasterpro_v10_3_0.zip
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-02 01:11 12,642,115 a------- c:\program files\AVG.AS.Plus.43.BY.SOFT-BEST.NET.rar
2008-12-29 15:59 726,008 a------- c:\documents and settings\owner\gotomypc_438.exe
2008-12-29 04:38 8,466,146 a------- c:\program files\Ibit__AdvncdSystmCrePro3.1.1.rar
2008-12-27 15:32 8,981,504 a------- c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-12-23 01:17 2,904,384 a------- c:\program files\ca_yahooantispy_211_setup_en.exe
2008-12-07 15:35 1,851,544 a------- c:\program files\install_flash_player.exe
2008-12-03 22:15 436,800 a------- c:\program files\msgr9us.exe
2008-10-17 15:50 3,889,824 a------- c:\program files\downloadable_install_wizard.exe
2008-09-15 03:12 29,962,241 ac------ c:\program files\SUPERsetup.exe
2008-08-27 01:04 3,636,033 ac------ c:\program files\FileZilla_3.1.1.1_win32-setup.exe
2008-07-30 19:13 234,136 ac------ c:\program files\prismsetup.exe
2008-07-28 15:00 7,499,056 ac------ c:\program files\Firefox Setup 3.0.1.exe
2008-07-26 19:31 9,032,208 ac------ c:\program files\winamp554_full_emusic-7plus_en-us.exe
2008-05-11 21:44 3,124,473 ac------ c:\program files\FileZilla_3.0.9.3_win32-setup.exe
2008-04-23 21:04 3,121,465 ac------ c:\program files\FileZilla_3.0.9.2_win32-setup.exe
2008-03-16 18:55 3,124,922 ac------ c:\program files\FileZilla_3.0.8_win32-setup.exe
2008-03-12 19:27 4,523,064 ac------ c:\program files\PandoSetup.exe
2008-02-22 02:15 5,960 ac------ c:\docume~1\owner\applic~1\wklnhst.dat
2008-02-04 21:25 0 ac------ c:\program files\FileZilla_3.0.6_win32-setup.exe
2008-01-13 19:01 0 ac------ c:\program files\FileZilla_3.0.5.2_win32-setup.exe
2008-01-12 02:01 14,078,208 ac------ c:\program files\TU2008TrialEN.exe
2007-12-28 16:05 2,954,261 ac------ c:\program files\FileZilla_3.0.4.1_win32-setup.exe
2007-12-28 16:03 3,095,401 ac------ c:\program files\Portable Filezilla.exe
2007-09-06 00:25 15,681,090 ac------ c:\program files\WmrProInstall_8_0.exe
2007-09-06 00:18 3,420,998 ac------ c:\program files\WmrInstall_11_3.exe
2007-08-23 01:41 159,379 ac------ c:\program files\USBdrv.EXE
2007-08-22 14:39 4,871,611 ac------ c:\program files\mrcaptor.exe
2007-08-06 21:48 5,352,642 ac------ c:\program files\Total_Video_Converter_3.10.zip
2007-08-04 00:17 14,579,256 ac------ c:\program files\snagitup.exe
2007-07-24 22:05 2,437,248 ac------ c:\program files\yahoo_antispy_01.14.00_us_setup_.exe
2007-04-28 15:11 19,994,184 ac------ c:\program files\QuickTimeInstaller.exe
2007-04-24 23:39 7,932,168 ac------ c:\program files\pal_install_r17707.exe
2007-04-18 22:03 2,816,764 ac------ c:\program files\youtubed_setup.exe
2007-04-18 21:54 2,534,448 ac------ c:\program files\blaze-gif-creator.exe
2007-04-07 03:03 6,006,832 ac------ c:\program files\Firefox Setup 2.0.0.3.exe
2007-04-07 03:02 177,811 ac------ c:\program files\webdeveloper.xpi
2007-04-02 10:37 5,373,784 ac------ c:\program files\tvc.exe
2007-04-02 10:36 4,500 ac------ c:\program files\TVC310reg.rar
2007-02-02 16:27 5,408,600 ac------ c:\program files\tbftp.exe
2007-01-14 12:50 6,653,000 ac------ c:\program files\winamp532_full_emusic-7plus.exe
2006-12-24 23:20 50,896,944 ac------ c:\program files\drv_gc_w01_ENU.exe
2006-11-25 20:03 78,384 ac------ c:\program files\MySpaceIM_Setup.exe
2006-10-22 13:31 337 ac------ c:\docume~1\owner\applic~1\internaldb1942.dat
2006-10-22 06:43 13,046 ac------ c:\docume~1\owner\applic~1\internaldb5436.dat
2006-10-22 06:43 0 ac------ c:\docume~1\owner\applic~1\internaldb4604.dat
2006-10-22 04:06 179,200 ac------ c:\docume~1\owner\applic~1\internaldb4827.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb8253.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb3902.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb153.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb2391.dat
2006-10-14 19:47 0 ac------ c:\docume~1\owner\applic~1\internaldb6334.dat
2006-09-10 03:09 4,279,120 ac------ c:\program files\LimeWirePro.exe
2006-08-31 00:12 13,905,464 ac------ c:\program files\snagit.exe
2006-08-30 23:10 1,749,266 ac------ c:\program files\mgutil_433.exe
2006-08-30 22:05 19,193,560 ac------ c:\program files\nsb-install-8-1.exe
2006-08-30 20:20 9,359,560 ac------ c:\program files\Install_MSN_Messenger.exe
2006-08-30 18:59 3,800,811 ac------ c:\program files\wace265i.exe
2006-08-30 18:45 181,752 ac------ c:\program files\yinst_current.exe
2000-11-15 09:21 178,688 ac------ c:\program files\hjsplit.exe
2005-07-14 16:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll
2005-06-26 19:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-22 02:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
2008-08-05 05:59 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 0:36:28.29 ===============

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 11 April 2009 - 12:58 AM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

You say you have Malwarebytes' Anti-Malware, please update it and do a full scan instead of a quick one.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 13 April 2009 - 10:29 PM

ComboFix 09-04-14.01 - Owner 04/13/2009 23:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.505 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MPG4c32.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-13 21:33 . 2009-04-13 21:37 85367427 ----a-w C:\Adobe.ilustratorCS3.rar
2009-04-10 00:58 . 2009-04-10 22:11 -------- d-----w C:\Thick Klique Relaunch
2009-04-10 00:11 . 2009-04-10 00:11 4497605 ----a-w C:\Illustrator.rar
2009-03-27 07:35 . 2009-03-27 07:35 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\ESET
2009-03-27 00:49 . 2009-03-30 05:23 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-27 00:49 . 2009-03-27 00:49 1409 ----a-w c:\windows\QTFont.for
2009-03-26 18:59 . 2009-03-26 18:59 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-03-25 23:36 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-03-25 03:57 . 2009-03-25 03:57 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-25 03:57 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 03:57 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 03:57 . 2009-03-25 03:57 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 03:25 . 2009-04-10 17:52 -------- d-----w C:\alsige
2009-03-23 02:53 . 2009-03-23 02:53 -------- d-----w c:\documents and settings\Owner\Application Data\ESET
2009-03-23 02:51 . 2009-03-23 02:51 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-21 00:16 . 2009-03-21 00:16 2324 ----a-w C:\SmithFraud Info.rtf
2009-03-20 23:59 . 2009-03-20 23:59 -------- d-----w C:\VundoFix Backups
2009-03-20 22:09 . 2009-03-20 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 22:08 . 2009-03-20 22:08 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-20 07:10 . 2009-03-20 07:10 153 ----a-w c:\windows\wininit.ini
2009-03-20 06:36 . 2009-04-13 21:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 22:09 . 2009-03-19 22:09 0 ----a-w c:\windows\system32\mapisvc.inf
2009-03-17 06:29 . 2009-03-17 06:30 1845948 ----a-w C:\miss kitty..wmv
2009-03-16 21:43 . 2009-03-21 23:06 -------- d-----w C:\thebizz
2009-03-15 08:18 . 2003-06-05 21:30 316640 ----a-w c:\windows\system32\WMSysPr9.prx
2009-03-15 08:18 . 2002-11-25 21:53 425984 ----a-w c:\windows\system32\xvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 21:53 . 2009-03-25 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 21:42 . 2009-04-13 21:42 -------- d-----w c:\program files\CCleaner
2009-04-13 20:49 . 2009-04-13 20:48 3190688 ----a-w c:\program files\ccsetup218.exe
2009-04-13 03:48 . 2005-01-10 01:26 526120 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 19:01 . 2007-12-28 20:07 -------- d-----w c:\documents and settings\Owner\Application Data\FileZilla
2009-04-06 00:45 . 2006-12-14 22:54 990 ---ha-w C:\IPH.PH
2009-03-27 07:42 . 2008-12-29 13:47 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-27 05:28 . 2009-03-27 05:28 3496632 ----a-w c:\program files\Shockwave_Installer_Slim.exe
2009-03-26 23:01 . 2009-03-20 22:08 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-26 19:28 . 2009-03-26 19:28 6918 ----a-w C:\ActiveScan.txt
2009-03-25 23:35 . 2009-03-25 23:35 -------- d-----w c:\program files\Panda Security
2009-03-25 23:34 . 2009-03-25 23:34 175504 ----a-w c:\program files\activescan2_en.exe
2009-03-25 03:56 . 2009-03-25 03:55 2876728 ----a-w c:\program files\mbam-setup.exe
2009-03-23 07:02 . 2008-02-23 04:56 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-23 02:51 . 2009-03-23 02:51 -------- d-----w c:\program files\ESET
2009-03-23 02:47 . 2009-03-23 02:47 -------- d-----w c:\program files\n_o_d32new_70years
2009-03-23 01:30 . 2009-03-12 21:36 367 ----a-w C:\passwords.rtf
2009-03-23 01:27 . 2009-03-23 01:26 19661682 ----a-w c:\program files\n_o_d32new_70years.rar
2009-03-21 09:02 . 2009-02-26 20:55 -------- d-----w c:\program files\Lavasoft
2009-03-21 09:02 . 2009-02-26 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-21 09:00 . 2006-12-30 02:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 02:25 . 2009-02-26 22:00 11442 ----a-w C:\aaw7boot.log
2009-03-21 01:02 . 2009-03-21 00:43 3453 ----a-w C:\rapport.txt
2009-03-21 00:53 . 2006-02-10 17:15 -------- d-----w c:\program files\Google
2009-03-21 00:12 . 2009-03-20 23:59 136 ----a-w C:\VundoFix.txt
2009-03-20 22:07 . 2006-08-31 04:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 22:05 . 2009-03-20 22:05 -------- d-----w c:\program files\SUPER_Pro.1154.V4P2.1.RES
2009-03-20 12:08 . 2009-03-27 07:00 286208 ----a-w c:\program files\gmer.exe
2009-03-20 06:38 . 2009-03-20 06:36 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 05:11 . 2009-03-20 05:11 800514 ----a-w c:\program files\GIF.www.neoskull.com.rar
2009-03-20 04:30 . 2009-03-20 04:29 16409960 ----a-w c:\program files\spybotsd162.exe
2009-03-20 04:26 . 2009-03-20 04:25 5477380 ----a-w c:\program files\SUPER_Pro.1154.V4P2.1.RES.rar
2009-03-20 04:18 . 2009-03-20 04:17 2588807 ----a-w c:\program files\Micro.rar
2009-03-19 21:44 . 2006-02-10 17:27 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-19 21:44 . 2006-02-10 17:27 -------- d-----w c:\program files\McAfee
2009-03-19 20:52 . 2009-03-19 20:52 -------- d-----w c:\program files\Spyware_Doctor_6.0.0.386
2009-03-18 18:28 . 2009-03-18 18:28 543 ----a-w c:\program files\log.xml
2009-03-18 18:28 . 2009-03-18 18:28 129 ----a-w c:\program files\settings.ini
2009-03-18 18:23 . 2009-03-18 18:22 1211904 ----a-w c:\program files\RapidUploader.exe
2009-03-16 06:27 . 2009-03-16 06:22 100000000 ----a-w c:\program files\DWCS4.part1.rar
2009-03-16 06:24 . 2009-03-16 06:21 49859334 ----a-w c:\program files\DWCS4.part2.rar
2009-03-15 08:23 . 2009-03-15 08:17 -------- d-----w c:\program files\Video Capture Convert Split Merge Burn Studio
2009-03-15 08:19 . 2009-03-15 08:19 -------- d-----w c:\program files\McFunSoft Video Capture 6.8.1.569
2009-03-11 08:04 . 2009-03-11 08:03 18557678 ----a-w c:\program files\VideoStudio.exe
2009-03-11 08:03 . 2009-03-11 08:03 451 ----a-w c:\program files\McFunSoft Video Capture 6.8.1.569.zip
2009-03-10 22:11 . 2006-12-07 06:17 -------- d-----w c:\program files\Windows Defender
2009-03-10 16:03 . 2009-03-10 16:03 -------- d-----w c:\documents and settings\Owner\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-03-10 16:03 . 2009-03-10 16:03 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-07 21:48 . 2009-03-07 21:48 182784 ----a-w C:\dr flights 5-09.doc
2009-03-03 04:37 . 2006-12-14 22:54 -------- d-----w c:\program files\AIM6
2009-03-03 04:35 . 2006-02-10 17:25 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-03 04:35 . 2009-03-03 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-03-03 04:33 . 2006-02-10 17:24 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-03 04:32 . 2009-03-03 04:21 13440584 ----a-w c:\program files\Install_AIM.exe
2009-03-01 08:39 . 2009-03-01 20:46 65973672 ----a-w C:\100_0381.MOV
2009-02-27 07:45 . 2009-02-27 07:44 1167903 ----a-w C:\VenusRevolutionCatalougePROOF.pdf
2009-02-26 21:20 . 2009-02-26 20:52 -------- d-----w c:\program files\Lavasoft.Ad-Aware.Anniversary.Edition.v8.0.Full.Working
2009-02-26 19:50 . 2009-02-26 19:45 34440759 ----a-w c:\program files\Lavasoft.Ad-Aware.Anniversary.Edition.v8.0.Full.Working.zip
2009-02-25 04:24 . 2009-02-25 04:20 -------- d-----w c:\program files\FriendBlasterPro
2009-02-25 04:17 . 2009-02-25 04:17 2556877 ----a-w c:\program files\friendblasterpro_v10_3_0.zip
2009-02-19 18:25 . 2009-02-19 18:08 2196 ----a-w C:\2257.php
2009-02-19 18:06 . 2009-02-19 18:06 1813 ----a-w C:\2257.htm
2009-02-13 11:13 . 2006-08-31 02:26 -------- d-----w c:\program files\Adobe Illustrator CS CE v11
2009-02-09 11:13 . 2005-01-09 23:48 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 12:11 . 2009-03-09 00:11 4712891 ----a-w C:\100_0629.MOV
2009-02-08 12:10 . 2009-03-09 00:11 6405082 ----a-w C:\100_0628.MOV
2009-02-02 05:11 . 2009-02-02 05:11 12642115 ----a-w c:\program files\AVG.AS.Plus.43.BY.SOFT-BEST.NET.rar
2009-01-30 04:10 . 2009-01-30 04:11 57965 ----a-w C:\star 2.jpg
2009-01-30 04:09 . 2009-01-30 04:10 55140 ----a-w C:\star 1.jpg
2009-01-29 02:32 . 2009-01-29 02:32 16601 ----a-w C:\tk_traffic.jpg
2008-12-29 19:59 . 2008-12-29 19:59 726008 ----a-w c:\documents and settings\Owner\gotomypc_438.exe
2008-12-29 08:38 . 2008-12-29 08:38 8466146 ----a-w c:\program files\Ibit__AdvncdSystmCrePro3.1.1.rar
2008-12-27 19:32 . 2008-12-27 19:32 8981504 ----a-w c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-12-23 05:17 . 2008-12-23 05:17 2904384 ----a-w c:\program files\ca_yahooantispy_211_setup_en.exe
2008-12-07 19:35 . 2007-06-16 05:41 1851544 ----a-w c:\program files\install_flash_player.exe
2008-12-04 02:15 . 2008-12-04 02:15 436800 ----a-w c:\program files\msgr9us.exe
2008-10-17 19:50 . 2008-10-17 19:50 3889824 ----a-w c:\program files\downloadable_install_wizard.exe
2008-09-15 07:12 . 2008-09-15 07:10 29962241 -c--a-w c:\program files\SUPERsetup.exe
2008-08-27 05:04 . 2008-08-27 05:04 3636033 -c--a-w c:\program files\FileZilla_3.1.1.1_win32-setup.exe
2008-07-30 23:13 . 2008-07-30 23:13 234136 -c--a-w c:\program files\prismsetup.exe
2008-07-28 19:00 . 2008-07-28 18:59 7499056 -c--a-w c:\program files\Firefox Setup 3.0.1.exe
2008-07-26 23:31 . 2008-07-26 23:31 9032208 -c--a-w c:\program files\winamp554_full_emusic-7plus_en-us.exe
2008-05-12 01:44 . 2008-05-12 01:44 3124473 -c--a-w c:\program files\FileZilla_3.0.9.3_win32-setup.exe
2008-04-24 01:04 . 2008-04-24 01:04 3121465 -c--a-w c:\program files\FileZilla_3.0.9.2_win32-setup.exe
2008-03-16 22:55 . 2008-03-16 22:55 3124922 -c--a-w c:\program files\FileZilla_3.0.8_win32-setup.exe
2008-03-12 23:27 . 2008-03-12 23:26 4523064 -c--a-w c:\program files\PandoSetup.exe
2008-02-22 06:15 . 2006-09-25 01:34 5960 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-02-05 01:25 . 2008-02-05 01:25 0 -c--a-w c:\program files\FileZilla_3.0.6_win32-setup.exe
2008-01-13 23:01 . 2008-01-13 23:01 0 -c--a-w c:\program files\FileZilla_3.0.5.2_win32-setup.exe
2008-01-12 06:01 . 2008-01-12 06:00 14078208 -c--a-w c:\program files\TU2008TrialEN.exe
2007-12-28 20:05 . 2007-12-28 20:05 2954261 -c--a-w c:\program files\FileZilla_3.0.4.1_win32-setup.exe
2007-12-28 20:03 . 2007-12-28 20:02 3095401 -c--a-w c:\program files\Portable Filezilla.exe
2007-09-06 04:25 . 2007-09-06 04:25 15681090 -c--a-w c:\program files\WmrProInstall_8_0.exe
2007-09-06 04:18 . 2007-09-06 04:18 3420998 -c--a-w c:\program files\WmrInstall_11_3.exe
2007-08-23 05:41 . 2007-08-23 05:41 159379 -c--a-w c:\program files\USBdrv.EXE
2007-08-22 18:39 . 2007-09-07 03:02 4871611 -c--a-w c:\program files\mrcaptor.exe
2007-08-07 01:48 . 2007-08-07 01:49 5352642 -c--a-w c:\program files\Total_Video_Converter_3.10.zip
2007-08-04 04:17 . 2007-02-10 03:03 14579256 -c--a-w c:\program files\snagitup.exe
2007-07-25 02:05 . 2007-07-25 02:05 2437248 -c--a-w c:\program files\yahoo_antispy_01.14.00_us_setup_.exe
2007-04-28 19:11 . 2006-08-31 06:26 19994184 -c--a-w c:\program files\QuickTimeInstaller.exe
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\ie7\wininet.dll
[-] 2006-10-17 18:33 818688 FED30AFC65931E390B3C90DC63E29E42 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 14:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\system32\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\system32\dllcache\wininet.dll

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2004-08-10 19:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2004-08-10 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\system32\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\system32\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-26 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-1-1 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-03-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-20 23:36 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.enc"= ITIG726.acm
"VIDC.FMVC"= fmcodec.dll
"vidc.xvid"= xvid.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MySpaceIM"=c:\program files\MySpace\IM\MySpaceIM.exe
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" /Minimized
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
"SoundMan"=SOUNDMAN.EXE
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Maxtor\\OneTouch Status\\MaxMenuMgr.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\Integrator.exe"=
"c:\\Program Files\\Seagate\\Basics\\Basics Status\\MaxMenuMgrBasics.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56664:TCP"= 56664:TCP:Pando P2P TCP Listening Port
"56664:UDP"= 56664:UDP:Pando P2P UDP Listening Port

R0 Lbd;Lbd; [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-20 55024]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S2 EyelineService;Eyeline Service;c:\program files\NCH Software\Eyeline\eyeline.exe [2008-07-30 425988]
S2 TBFTPSyncService;TurboFTP Sync Service;c:\program files\TurboFTP\tftpsvc.exe [2006-12-23 847872]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-29 603904]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cdc2481-9a57-11da-8810-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45e3a50b-0457-11de-8b21-0016b52421a9}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ad9f33c-aeb1-11dd-8ab6-0016b52421a9}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33fa3a5-a3c0-11da-8d87-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2cfd88d-93f1-11dd-8a9d-001225926619}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-mlJYoOGA - mlJYoOGA.dll
Notify-xxyXrsPJ - xxyXrsPJ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3115
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsdccrs7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(1572)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\TurboFTP\tbshex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 03:21

Pre-Run: 2,734,600,192 bytes free
Post-Run: 2,741,145,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

470 --- E O F --- 2009-04-07 00:51

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 13 April 2009 - 10:52 PM

Any change in the problem?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 14 April 2009 - 05:09 PM

unfortunately ESET still picks it up same mebroot trojan in the MBR sectors each and every time even after runnin the ccleaner and combofix :thumbup2:

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 14 April 2009 - 06:27 PM

Download this tool and save it to your Desktop

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 16 April 2009 - 03:46 AM

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0xdf937c1 size 0x1aa !
copy of MBR has been found in sector 62 !

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 16 April 2009 - 09:14 AM

Scan with ESET and see if it still picks up the Trojan.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 22 April 2009 - 04:25 PM

CurtDZ do you still need help?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 26 April 2009 - 09:33 PM

my apologies, had to go out of town but yes I do, ESET still picks it up after a scan, nothing else does :thumbup2:

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 27 April 2009 - 02:28 AM

Please download [url="http://www.freedrweb.com/cureit//"%20rel=nofollow"]Dr.Web CureIt[/url] and save it to your desktop. DO NOT perform a scan yet.
[url="http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html"%20rel=nofollow"]alternate download link[/url]

Reboot your computer safe mode.

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to download the Full version Free Trial, just ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and unheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
If you cannot boot into safe mode, then perform your scan in normal mode..
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:09:08 AM

Posted 27 April 2009 - 02:30 AM

Forgot to mention, that after running DrWeb CureIt, run ESET and see if it still detects the trojan.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 CurtDZ

CurtDZ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 30 April 2009 - 02:01 PM

thank u Mr Hoov, i think that has done it :thumbup2: i ran DrWeb but it didnt give me a log but after I restarted and ran ESET, NO MORE INFECTIONS YAY!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users