Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot click links to websites (Unknown infection)


  • This topic is locked This topic is locked
16 replies to this topic

#1 spydertl182

spydertl182

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 05 April 2009 - 10:36 PM

OK, I thought I had the conficker worm but ran the Bitdefender removal program and it came up clean. When I installed the Windows update and conficker remover on a clean computer I copied it to a travel drive. As soon as I stuck the travel drive in the infected computer it gave me the blue screen of death. I restarted but the computer would never recognize the drive, even after changing USB ports. So then I tried to e-mail the files to myself and the files would never go through to my e-mail. I finally had to get into my sent mail folder on the infected computer and download them from that. I don't know what it is but these are the symptoms I have notice so far:

Will not allow me to go to any website clicked from a Google search. It brings up random websites, (toseeka.com, elle.com)
I can type in a website in the address bar and it opens fine
Will not allow me to open Spybot at all
Cannot open Malwarebytes


Windows has been trying to get me to install Service pack 3 and I have tried several times over the last few months and it always fails. I don't know if that has anything to do with it. DDS log below. Any help would be greatly appreciated!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Clay at 23:18:46.92 on Sun 04/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.61 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Clay\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uCustomizeSearch =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: ChaCha Toolbar: {5f2febcd-a902-66c2-8105-b22a4091e970} -
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &ATI TV: {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clay\applic~1\mozilla\firefox\profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\clay\application data\mozilla\firefox\profiles\qq3t3mmv.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-30 11840]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-14 353680]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-30 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-30 151297]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-30 52032]
S2 ASEService;Aluria Spyware Eliminator Service;c:\program files\aluria software\ase\aseserv.exe --> c:\program files\aluria software\ase\ASEserv.exe [?]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\tivobeacon.exe --> c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 ajiyare;ajiyare;\??\c:\windows\system32\wtqcque\ajiyare --> c:\windows\system32\wtqcque\ajiyare [?]
S3 fbfqwcl;fbfqwcl;\??\c:\windows\system32\kyihfp\fbfqwcl --> c:\windows\system32\kyihfp\fbfqwcl [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2005-3-3 83552]
S3 qewwfpf;qewwfpf;\??\c:\windows\system32\gklkyit\qewwfpf --> c:\windows\system32\gklkyit\qewwfpf [?]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2004-2-18 12032]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [2004-2-15 17152]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-7 44928]
S3 TLA13;TLA13;\??\c:\docume~1\clay\locals~1\temp\user.bak --> c:\docume~1\clay\locals~1\temp\user.bak [?]
S3 ubikagj;ubikagj;\??\c:\windows\system32\whqcij\ubikagj --> c:\windows\system32\whqcij\ubikagj [?]
S4 ggxetgfejtcfyu;ggxetgfejtcfyu;c:\windows\system32\jtcfyu\ggxetgfe.exe --> c:\windows\system32\jtcfyu\ggxetgfe.exe [?]
S4 iefntsfbmrq;iefntsfbmrq;c:\windows\system32\tsfbmrq\iefn.exe --> c:\windows\system32\tsfbmrq\iefn.exe [?]
S4 kgtfsqhccflm;kgtfsqhccflm;c:\windows\system32\hccflm\kgtfsq.exe --> c:\windows\system32\hccflm\kgtfsq.exe [?]
S4 kpnbdosyoy;kpnbdosyoy;c:\windows\system32\osyoy\kpnbd.exe --> c:\windows\system32\osyoy\kpnbd.exe [?]
S4 yxgfpthlhjq;yxgfpthlhjq;c:\windows\system32\lhjq\yxgfpth.exe --> c:\windows\system32\lhjq\yxgfpth.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-05 02:09 0 a------- c:\windows\system32\nfr.gpref
2009-04-05 02:09 0 a------- c:\windows\system32\nfr.assembly
2009-04-05 01:49 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-05 01:49 13,312 a------- c:\windows\system32\dll32.dll
2009-04-05 01:49 2 ----h--- c:\windows\t55ft2829f44.dat
2009-04-02 00:06 5 a--sh--- c:\windows\system32\efbdede0_s.dll
2009-04-02 00:06 5 a------- c:\windows\system32\fefeecbdef_s.ocx
2009-04-02 00:06 <DIR> --d----- c:\program files\jv16 PowerTools 2006
2009-04-01 15:44 150 a------- C:\353454543.bat
2009-03-31 23:09 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-31 23:09 1,409 a------- c:\windows\QTFont.for
2009-03-27 01:14 <DIR> --dsh--- c:\windows\system32\lowsec
2009-03-26 20:22 13,312 ----h--- c:\windows\ld03.exe
2009-03-19 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-03-15 14:50 24,576 a------- c:\windows\system32\stu2.exe

==================== Find3M ====================

2009-04-05 22:33 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-01-25 18:13 120,376 ac------ c:\docume~1\clay\applic~1\GDIPFONTCACHEV1.DAT
2008-11-19 17:34 5,632 ac-sh--- c:\program files\Thumbs.db
2008-06-29 21:52 15,771 a------- c:\documents and settings\clay\mpr2.dat
2008-06-29 21:52 15,771 a------- c:\documents and settings\clay\mpr.dat
2007-04-18 23:23 32 a----r-- c:\documents and settings\all users\hash.dat
2006-01-01 14:14 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 23:20:51.15 ===============

Attached Files


Edited by spydertl182, 05 April 2009 - 11:02 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:18 AM

Posted 15 April 2009 - 02:04 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 15 April 2009 - 10:40 PM

Thanks for getting back with me. The problem is still here but it seems to be slightly better than before. Before, I was not able to open, update, or run Spybot, Malwarebytes or some other antivirus programs. I was finally able to get Malwarebytes, Spybot and SuperAntiSpyware to work. MB found 25 items which I had it remove. I was also able to update Java. Before, when I did a google search and clicked on a result, the links were redirected to other sites. That seems to be gone now. I have also not been able to download the Microsoft Windows XP Service Pack 3, it hasn't let me do it for months so I don't know if that has anything to do with the problem. The computer is still acting strange and Internet Explorer will not display pages, it says "The page cannot be displayed". Thanks in advance for your help. The requested log is attached and below.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Clay at 23:29:24.26 on Wed 04/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.119 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uCustomizeSearch =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: ChaCha Toolbar: {5f2febcd-a902-66c2-8105-b22a4091e970} -
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &ATI TV: {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clay\applic~1\mozilla\firefox\profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\clay\application data\mozilla\firefox\profiles\qq3t3mmv.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-30 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-14 353680]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-30 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-30 151297]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-30 52032]
S2 ASEService;Aluria Spyware Eliminator Service;c:\program files\aluria software\ase\aseserv.exe --> c:\program files\aluria software\ase\ASEserv.exe [?]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\tivobeacon.exe --> c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 ajiyare;ajiyare;\??\c:\windows\system32\wtqcque\ajiyare --> c:\windows\system32\wtqcque\ajiyare [?]
S3 fbfqwcl;fbfqwcl;\??\c:\windows\system32\kyihfp\fbfqwcl --> c:\windows\system32\kyihfp\fbfqwcl [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2005-3-3 83552]
S3 qewwfpf;qewwfpf;\??\c:\windows\system32\gklkyit\qewwfpf --> c:\windows\system32\gklkyit\qewwfpf [?]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2004-2-18 12032]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [2004-2-15 17152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-7 44928]
S3 TLA13;TLA13;\??\c:\docume~1\clay\locals~1\temp\user.bak --> c:\docume~1\clay\locals~1\temp\user.bak [?]
S3 ubikagj;ubikagj;\??\c:\windows\system32\whqcij\ubikagj --> c:\windows\system32\whqcij\ubikagj [?]
S4 ggxetgfejtcfyu;ggxetgfejtcfyu;c:\windows\system32\jtcfyu\ggxetgfe.exe --> c:\windows\system32\jtcfyu\ggxetgfe.exe [?]
S4 iefntsfbmrq;iefntsfbmrq;c:\windows\system32\tsfbmrq\iefn.exe --> c:\windows\system32\tsfbmrq\iefn.exe [?]
S4 kgtfsqhccflm;kgtfsqhccflm;c:\windows\system32\hccflm\kgtfsq.exe --> c:\windows\system32\hccflm\kgtfsq.exe [?]
S4 kpnbdosyoy;kpnbdosyoy;c:\windows\system32\osyoy\kpnbd.exe --> c:\windows\system32\osyoy\kpnbd.exe [?]
S4 yxgfpthlhjq;yxgfpthlhjq;c:\windows\system32\lhjq\yxgfpth.exe --> c:\windows\system32\lhjq\yxgfpth.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-04-14 23:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 23:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 23:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-13 23:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-13 23:56 <DIR> --d----- c:\docume~1\clay\applic~1\SUPERAntiSpyware.com
2009-04-13 23:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-13 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 23:46 877,149 a------- c:\windows\system32\dllcache\ati3d1ag.dll
2009-04-05 23:45 741,376 a------- c:\windows\system32\dllcache\sapi.dll
2009-04-05 23:44 163,840 a------- c:\windows\system32\dllcache\diskpart.exe
2009-04-05 23:43 449,024 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-05 23:42 8,460,800 a------- c:\windows\system32\dllcache\shell32.dll
2009-04-05 23:41 1,846,272 a------- c:\windows\system32\win32k.sys
2009-04-05 02:09 0 a------- c:\windows\system32\nfr.gpref
2009-04-05 02:09 0 a------- c:\windows\system32\nfr.assembly
2009-04-05 01:49 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-04-02 00:06 5 a--sh--- c:\windows\system32\efbdede0_s.dll
2009-04-02 00:06 5 a------- c:\windows\system32\fefeecbdef_s.ocx
2009-04-02 00:06 <DIR> --d----- c:\program files\jv16 PowerTools 2006
2009-04-01 15:44 150 a------- C:\353454543.bat
2009-03-31 23:09 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-31 23:09 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-04-13 12:12 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\_004570_.tmp.dll
2009-01-25 18:13 120,376 ac------ c:\docume~1\clay\applic~1\GDIPFONTCACHEV1.DAT
2008-11-19 17:34 5,632 ac-sh--- c:\program files\Thumbs.db
2008-06-29 21:52 15,771 a------- c:\documents and settings\clay\mpr.dat
2007-04-18 23:23 32 a----r-- c:\documents and settings\all users\hash.dat
2006-01-01 14:14 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 23:31:06.76 ===============

Attached Files


Edited by spydertl182, 15 April 2009 - 10:41 PM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 17 April 2009 - 11:14 PM

Hi spydertl182,




Step1

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.


Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<


In your next reply, please post back:

1.Goored log
2.Combofix log
3.RSIT log.txt and info.txt.

Tell me how your pc is acting now.

#5 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 19 April 2009 - 11:34 AM

I was not able to download the recovery console when running Combofix, I think it said could not connect - download failed. Internet explorer will still not open pages. Zone Alarm opens on startup but then immediately an "error has occured" message displays and is shut down.Overall, the computer is running better. Links are not being redirected. In some websites, videos will not play and on intellicast.com the radar image will not loop. I have not noticed any other problems yet. Thanks for your help.


GooredFix v1.92 by jpshortstuff
Log created at 01:01 on 19/04/2009 running Option #1 (Clay)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"




ComboFix 09-04-19.04 - Clay 04/19/2009 1:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.173 [GMT -4:00]
Running from: c:\documents and settings\Clay\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\uninstall information
c:\program files\dns
c:\program files\dns\affid.dat
c:\program files\dns\uid.dat
c:\windows\patch.exe
c:\windows\regedit.com
c:\windows\system32\_004079_.tmp.dll
c:\windows\system32\_004080_.tmp.dll
c:\windows\system32\_004081_.tmp.dll
c:\windows\system32\_004082_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004090_.tmp.dll
c:\windows\system32\_004091_.tmp.dll
c:\windows\system32\_004092_.tmp.dll
c:\windows\system32\_004093_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\_004095_.tmp.dll
c:\windows\system32\_004096_.tmp.dll
c:\windows\system32\_004097_.tmp.dll
c:\windows\system32\_004098_.tmp.dll
c:\windows\system32\_004099_.tmp.dll
c:\windows\system32\_004100_.tmp.dll
c:\windows\system32\_004101_.tmp.dll
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004104_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004106_.tmp.dll
c:\windows\system32\_004107_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\_004110_.tmp.dll
c:\windows\system32\_004111_.tmp.dll
c:\windows\system32\_004112_.tmp.dll
c:\windows\system32\_004113_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004115_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004117_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004123_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004128_.tmp.dll
c:\windows\system32\_004129_.tmp.dll
c:\windows\system32\_004130_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004136_.tmp.dll
c:\windows\system32\_004137_.tmp.dll
c:\windows\system32\_004138_.tmp.dll
c:\windows\system32\_004139_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004143_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004145_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004147_.tmp.dll
c:\windows\system32\_004148_.tmp.dll
c:\windows\system32\_004149_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004156_.tmp.dll
c:\windows\system32\_004157_.tmp.dll
c:\windows\system32\_004158_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004163_.tmp.dll
c:\windows\system32\_004164_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004166_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004172_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004177_.tmp.dll
c:\windows\system32\_004178_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004187_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004189_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004191_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004264_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004269_.tmp.dll
c:\windows\system32\_004270_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004563_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004566_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004568_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004573_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004577_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004582_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004589_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004595_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004597_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004604_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004606_.tmp.dll
c:\windows\system32\_004607_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004614_.tmp.dll
c:\windows\system32\_004615_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004621_.tmp.dll
c:\windows\system32\_004622_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004630_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004638_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004648_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\efbdede0_s.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\open.ico
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 08:03 . 2009-04-19 08:17 1374 ----a-w c:\windows\imsins.BAK
2009-04-19 08:01 . 2009-04-19 08:01 -------- d-----w c:\windows\LastGood
2009-04-17 09:04 . 2009-02-20 08:14 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-04-17 01:58 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:58 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 01:58 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 01:58 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 01:58 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:58 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:58 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 01:58 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:58 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:56 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 03:57 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 03:57 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 04:16 . 2009-04-14 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-14 03:56 . 2009-04-14 03:56 -------- d-----w c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com
2009-04-14 03:52 . 2009-04-14 03:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 03:46 . 2004-08-04 07:56 88064 ----a-w c:\windows\system32\dllcache\p2pnetsh.dll
2009-04-06 03:45 . 2004-08-04 07:56 34816 ----a-w c:\windows\system32\dllcache\sniffpol.dll
2009-04-06 03:44 . 2004-08-04 07:56 163840 ----a-w c:\windows\system32\dllcache\diskpart.exe
2009-04-06 03:43 . 2009-02-20 08:14 449024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-04-06 03:42 . 2008-07-03 13:03 8460800 ----a-w c:\windows\system32\dllcache\shell32.dll
2009-04-06 03:41 . 2009-02-09 10:19 1846272 ----a-w c:\windows\system32\win32k.sys
2009-04-05 05:49 . 2009-04-05 05:49 1 ----a-w c:\windows\9g2234wesdf3dfgjf23
2009-04-02 04:06 . 2009-04-02 04:06 5 ----a-w c:\windows\system32\fefeecbdef_s.ocx
2009-04-01 23:28 . 2009-04-01 23:28 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AOL
2009-04-01 19:44 . 2009-04-04 15:53 150 ----a-w C:\353454543.bat
2009-04-01 03:09 . 2009-04-16 00:00 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-01 03:09 . 2009-04-01 03:09 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 05:44 . 2009-04-19 05:46 3185152 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-04-15 21:29 . 2004-03-21 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-15 13:24 . 2008-06-30 01:39 16160458 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-15 13:09 . 2009-04-15 13:25 3121152 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-04-15 03:57 . 2009-04-15 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 04:16 . 2009-04-14 03:56 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-14 03:55 . 2009-04-14 03:55 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-14 03:51 . 2004-05-09 22:50 -------- d-----w c:\program files\Java
2009-04-13 16:12 . 2007-01-10 04:57 4212 ---ha-w c:\windows\SYSTEM32\zllictbl.dat
2009-04-06 04:16 . 2002-08-29 10:00 250032 --sha-r C:\NTLDR
2009-04-06 03:10 . 2009-04-06 03:07 290 ------w C:\Win32.Worm.Downladup.Gen.log
2009-04-06 02:29 . 2009-04-06 02:32 3062272 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-04-06 01:34 . 2005-05-15 05:39 -------- d-----w c:\program files\Google
2009-04-05 06:21 . 2008-02-02 16:06 -------- d-----w c:\program files\Coupons
2009-04-04 14:20 . 2009-04-04 14:23 3014144 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-04-04 14:20 . 2009-04-04 14:23 3154432 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-04-04 03:47 . 2004-07-28 03:19 -------- d-----w c:\documents and settings\Clay\Application Data\AOL Identity Store
2009-04-02 04:41 . 2005-03-07 22:34 -------- d-----w c:\program files\Pure Networks
2009-04-02 04:41 . 2003-05-01 13:36 -------- d-----w c:\program files\Common Files\aol
2009-04-02 04:06 . 2009-04-02 04:06 -------- d-----w c:\program files\jv16 PowerTools 2006
2009-03-30 21:57 . 2009-03-30 21:58 9927680 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-03-21 14:18 . 2009-04-06 03:42 986112 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-17 03:33 . 2004-09-22 20:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:44 . 2002-08-29 10:00 283648 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-03 21:49 . 2009-03-03 21:49 9820160 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-02 23:27 . 2009-04-06 03:43 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-28 13:16 . 2009-02-28 13:18 2852352 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-24 00:27 . 2003-05-08 02:14 120376 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 21:44 . 2009-04-06 03:44 3067904 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-19 09:50 . 2009-04-06 03:47 18432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
2009-02-19 03:44 . 2008-08-20 02:41 -------- d-----w c:\documents and settings\Clay\Application Data\FrostWire
2009-02-09 10:20 . 2009-04-06 03:43 399360 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 10:20 . 2004-04-18 08:06 399360 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 616960 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 10:20 . 2009-04-06 03:42 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 10:19 . 2009-04-06 03:41 1846272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 17:22 . 2009-04-06 03:46 2136064 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 17:14 . 2009-04-06 03:42 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 16:54 . 2002-08-29 10:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 16:49 . 2009-04-06 03:46 2015744 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 20:08 . 2002-08-29 10:00 55808 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-01-25 22:13 . 2003-05-11 15:21 120376 -c--a-w c:\documents and settings\Clay\Application Data\GDIPFONTCACHEV1.DAT
2009-01-20 22:22 . 2009-01-20 22:23 6115328 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-19 21:34 . 2008-09-30 14:03 5632 -csha-w c:\program files\Thumbs.db
2008-06-30 01:52 . 2008-05-14 18:51 15771 ----a-w c:\documents and settings\Clay\mpr.dat
2007-07-28 14:46 . 2003-05-08 02:02 118408 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-19 03:23 . 2007-06-18 03:23 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-10-18 23:08 . 2006-10-18 23:08 126 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\fusioncache.dat
2006-07-13 22:37 . 2003-09-04 14:51 118016 -c--a-w c:\documents and settings\Carol\Application Data\GDIPFONTCACHEV1.DAT
2006-06-10 12:13 . 2003-05-08 20:20 118016 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-01 18:14 . 2006-01-01 18:14 774144 -c--a-w c:\program files\RngInterstitial.dll
2005-09-18 15:46 . 2005-09-14 03:54 108776 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 18:47 . 2005-09-16 18:47 108776 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-11-29 21:48 . 2004-11-29 21:48 0 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\dlm.dat
2004-03-17 05:38 . 2004-03-17 05:38 128 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\fusioncache.dat
2004-03-09 21:27 . 2004-03-09 21:27 127 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-09-11 86960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2002-09-03 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=

R2 ASEService;Aluria Spyware Eliminator Service; [x]
R2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R2 TivoBeacon2;TiVo Beacon; [x]
R3 AdWatchDrv;AW Realtime Driver; [x]
R3 ajiyare;ajiyare; [x]
R3 fbfqwcl;fbfqwcl; [x]
R3 getPlus® Helper;getPlus® Helper; [x]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\DRIVERS\m4301A.sys [2003-08-05 83552]
R3 qewwfpf;qewwfpf; [x]
R3 RioDrv;Rio600 driver;c:\windows\system32\Drivers\RioDrv.sys [2002-08-29 12032]
R3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\Drivers\RIOXDRV.sys [2004-02-15 17152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 TLA13;TLA13; [x]
R3 ubikagj;ubikagj; [x]
R4 ggxetgfejtcfyu;ggxetgfejtcfyu; [x]
R4 iefntsfbmrq;iefntsfbmrq; [x]
R4 kgtfsqhccflm;kgtfsqhccflm; [x]
R4 kpnbdosyoy;kpnbdosyoy; [x]
R4 yxgfpthlhjq;yxgfpthlhjq; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e19e1d6-55cd-11dc-9519-00038a000015}]
\Shell\AutoRun\command - G:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7540187-aa74-11db-94dc-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10dd8a3-64a3-11dc-951b-00038a000015}]
\Shell\AutoRun\command - g:\install\setup\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\CLEANMGR.EXE [2002-08-29 07:56]

2009-04-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 21:29]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{5F2FEBCD-A902-66C2-8105-B22A4091E970} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 09:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ajiyare]
"ImagePath"="\??\c:\windows\system32\wtqcque\ajiyare"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fbfqwcl]
"ImagePath"="\??\c:\windows\system32\kyihfp\fbfqwcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qewwfpf]
"ImagePath"="\??\c:\windows\system32\gklkyit\qewwfpf"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TLA13]
"ImagePath"="\??\c:\docume~1\Clay\LOCALS~1\Temp\user.bak"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ubikagj]
"ImagePath"="\??\c:\windows\system32\whqcij\ubikagj"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(828)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SYSTEM32\PnkBstrB.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2009-04-19 9:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 13:39

Pre-Run: 82,263,531,520 bytes free
Post-Run: 81,781,956,608 bytes free

541 --- E O F --- 2009-04-19 08:18






Logfile of random's system information tool 1.06 (written by random/random)

Run by Clay at 2009-04-19 12:20:22
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 78 GB (68%) free of 114 GB
Total RAM: 511 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-13 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]
"ISUSScheduler"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe [2006-09-11 86960]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2002-09-03 24576]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
C:\WINDOWS\system32\wzcdlg.dll [2004-08-04 378368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\dpnsvr.exe"="C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\EA Games\Battlefield 2\BF2.exe"="C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e19e1d6-55cd-11dc-9519-00038a000015}]
shell\AutoRun\command - G:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7540187-aa74-11db-94dc-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10dd8a3-64a3-11dc-951b-00038a000015}]
shell\AutoRun\command - G:\install\setup\setup.exe


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-04-19 12:20:25 ----D---- C:\Program Files\trend micro
2009-04-19 12:20:22 ----D---- C:\rsit
2009-04-19 09:40:13 ----A---- C:\ComboFix.txt
2009-04-19 04:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-19 04:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-19 04:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-19 04:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-19 04:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-19 04:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-19 04:03:15 ----A---- C:\WINDOWS\imsins.BAK
2009-04-19 04:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-19 04:01:59 ----D---- C:\WINDOWS\LastGood
2009-04-19 01:08:41 ----A---- C:\WINDOWS\zip.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\vFind.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWSC.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWREG.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\sed.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\grep.exe
2009-04-19 01:06:10 ----D---- C:\Qoobox
2009-04-14 23:57:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-14 00:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-13 23:56:18 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-13 23:56:18 ----D---- C:\Documents and Settings\Clay\Application Data\SUPERAntiSpyware.com
2009-04-13 23:55:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-06 22:45:25 ----D---- C:\WINDOWS\Prefetch
2009-04-05 23:46:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-05 23:46:33 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-04-05 23:42:13 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\cmd.exe
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\ftp.exe
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\format.com
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-05 23:42:08 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-04-05 23:42:08 ----A---- C:\WINDOWS\system32\locator.exe
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-04-05 23:42:06 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\printui.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\samlib.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rasman.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\services.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\schannel.dll
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\savedump.exe
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\smss.exe
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\untfs.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\ulib.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-04-05 23:42:00 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-05 23:41:59 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-04-05 23:41:59 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-04-05 23:41:44 ----A---- C:\WINDOWS\system32\hal.dll
2009-04-05 23:41:43 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-04-05 23:41:42 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-04-02 00:06:02 ----D---- C:\Program Files\jv16 PowerTools 2006
2009-04-01 15:44:28 ----A---- C:\353454543.bat

======List of files/folders modified in the last 1 months======

2009-04-19 12:20:25 ----AD---- C:\Program Files
2009-04-19 12:19:06 ----D---- C:\Program Files\Mozilla Firefox
2009-04-19 11:57:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-19 09:41:28 ----D---- C:\WINDOWS\Internet Logs
2009-04-19 09:40:20 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-19 09:40:20 ----AD---- C:\WINDOWS\SYSTEM32
2009-04-19 09:40:17 ----D---- C:\WINDOWS\Temp
2009-04-19 09:40:15 ----D---- C:\WINDOWS
2009-04-19 09:27:30 ----A---- C:\WINDOWS\system.ini
2009-04-19 09:26:13 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 09:20:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-19 04:19:42 ----D---- C:\WINDOWS\system32\WBEM
2009-04-19 04:19:42 ----D---- C:\WINDOWS\AppPatch
2009-04-19 04:18:48 ----D---- C:\WINDOWS\SECURITY
2009-04-19 04:18:12 ----HD---- C:\WINDOWS\INF
2009-04-19 04:18:07 ----D---- C:\WINDOWS\system32\DLLCACHE
2009-04-19 04:12:21 ----D---- C:\WINDOWS\Debug
2009-04-19 04:08:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-19 04:07:52 ----SHD---- C:\WINDOWS\Installer
2009-04-19 04:07:52 ----SHD---- C:\Config.Msi
2009-04-19 04:04:08 ----D---- C:\Program Files\Internet Explorer
2009-04-19 01:41:40 ----D---- C:\WINDOWS\system32\CONFIG
2009-04-19 01:39:33 ----D---- C:\WINDOWS\ERDNT
2009-04-19 01:36:02 ----AD---- C:\Program Files\Common Files
2009-04-19 01:00:57 ----A---- C:\WINDOWS\WIN.INI
2009-04-15 17:29:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 22:57:56 ----D---- C:\WINDOWS\network diagnostic
2009-04-14 00:49:27 ----D---- C:\WINDOWS\Minidump
2009-04-13 23:51:33 ----D---- C:\Program Files\Java
2009-04-12 04:02:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-12 04:01:30 ----D---- C:\Program Files\Messenger
2009-04-06 23:27:32 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-06 22:43:38 ----D---- C:\WINDOWS\system32\Setup
2009-04-06 22:43:34 ----RSD---- C:\WINDOWS\Fonts
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-06 00:44:58 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-06 00:34:38 ----D---- C:\WINDOWS\WinSxS
2009-04-06 00:34:31 ----D---- C:\WINDOWS\system32\bits
2009-04-06 00:32:56 ----D---- C:\WINDOWS\system32\USMT
2009-04-06 00:32:46 ----D---- C:\WINDOWS\system32\Restore
2009-04-06 00:32:45 ----D---- C:\WINDOWS\system32\OOBE
2009-04-06 00:32:44 ----D---- C:\WINDOWS\system32\NPP
2009-04-06 00:29:48 ----D---- C:\WINDOWS\system32\Com
2009-04-06 00:24:29 ----D---- C:\WINDOWS\SYSTEM
2009-04-06 00:24:29 ----D---- C:\WINDOWS\SRCHASST
2009-04-06 00:19:28 ----D---- C:\WINDOWS\peernet
2009-04-06 00:19:21 ----D---- C:\WINDOWS\MSAGENT
2009-04-06 00:18:57 ----D---- C:\WINDOWS\IME
2009-04-06 00:18:55 ----D---- C:\WINDOWS\Help
2009-04-06 00:18:29 ----D---- C:\Program Files\Windows NT
2009-04-06 00:18:28 ----D---- C:\Program Files\Windows Media Player
2009-04-06 00:18:27 ----D---- C:\Program Files\Outlook Express
2009-04-06 00:18:24 ----D---- C:\Program Files\NetMeeting
2009-04-06 00:18:20 ----D---- C:\Program Files\Movie Maker
2009-04-06 00:17:53 ----D---- C:\Program Files\Common Files\System
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\scripting
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\en-us
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\en
2009-04-06 00:16:36 ----D---- C:\WINDOWS\l2schemas
2009-04-06 00:16:14 ----SD---- C:\WINDOWS\Tasks
2009-04-05 23:53:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-05 23:40:51 ----D---- C:\WINDOWS\EHome
2009-04-05 21:34:16 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-04-05 21:34:16 ----D---- C:\Program Files\Google
2009-04-05 02:21:15 ----D---- C:\Program Files\Coupons
2009-04-03 23:47:18 ----D---- C:\Documents and Settings\Clay\Application Data\AOL Identity Store
2009-04-02 00:41:42 ----D---- C:\Program Files\Pure Networks
2009-04-02 00:41:42 ----D---- C:\Program Files\Common Files\aol
2009-04-02 00:33:01 ----D---- C:\Program Files\AOL
2009-04-02 00:32:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-02 00:30:08 ----A---- C:\WINDOWS\msoffice.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-05 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-26 8413]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-03-02 15890]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-03 105984]
R3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2004-08-03 78336]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2004-08-03 53760]
R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2004-08-03 64512]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-09-03 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-12-09 493568]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-09-03 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-12-09 134032]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-12-09 115936]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2002-11-26 816576]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2002-11-26 135728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2007-12-02 9168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-12-09 117120]
R3 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2004-08-03 13824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\System32\DRIVERS\vsb.sys [2003-03-14 18180]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
R4 catchme;catchme; \??\C:\DOCUME~1\Clay\LOCALS~1\Temp\catchme.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 AdWatchDrv;AW Realtime Driver; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 ajiyare;ajiyare; \??\C:\WINDOWS\system32\wtqcque\ajiyare []
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2002-12-04 298384]
S3 CxUSB;Logitech QuickCam VC USB; C:\WINDOWS\System32\DRIVERS\CxUSB.sys [1999-02-19 18432]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 fbfqwcl;fbfqwcl; \??\C:\WINDOWS\system32\kyihfp\fbfqwcl []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 Jukebox;Jukebox; C:\WINDOWS\System32\DRIVERS\ctpdusb2.sys [2004-09-29 16752]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver; C:\WINDOWS\system32\DRIVERS\m4301A.sys [2003-08-05 83552]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2005-12-01 21760]
S3 qewwfpf;qewwfpf; \??\C:\WINDOWS\system32\gklkyit\qewwfpf []
S3 RioDrv;Rio600 driver; C:\WINDOWS\System32\Drivers\RioDrv.sys [2002-08-29 12032]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 RIOXDRV;SONICblue Rio generic driver XP+; C:\WINDOWS\System32\Drivers\RIOXDRV.sys [2004-02-15 17152]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TLA13;TLA13; \??\C:\DOCUME~1\Clay\LOCALS~1\Temp\user.bak []
S3 ubikagj;ubikagj; \??\C:\WINDOWS\system32\whqcij\ubikagj []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2003-03-14 69932]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-13 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-15 202512]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ASEService;Aluria Spyware Eliminator Service; C:\Program Files\Aluria Software\ASE\ASEserv.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-04-25 437008]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-04-25 138504]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ggxetgfejtcfyu;ggxetgfejtcfyu; C:\WINDOWS\system32\jtcfyu\ggxetgfe.exe []
S4 iefntsfbmrq;iefntsfbmrq; C:\WINDOWS\system32\tsfbmrq\iefn.exe []
S4 kgtfsqhccflm;kgtfsqhccflm; C:\WINDOWS\system32\hccflm\kgtfsq.exe []
S4 kpnbdosyoy;kpnbdosyoy; C:\WINDOWS\system32\osyoy\kpnbd.exe []
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-09 66872]
S4 yxgfpthlhjq;yxgfpthlhjq; C:\WINDOWS\system32\lhjq\yxgfpth.exe []

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.06 2009-04-19 12:20:32

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.1.16.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{349BB121-EDE7-4E86-9698-182FC14B84B6} /l1033
ATI Multimedia Center 8.1.16.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{77792D6B-6505-4B64-842D-58864D2FA797} /l1033
AutoCAD 2000-->C:\WINDOWS\uninst.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP500-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{BA4DF4C3-196E-4128-969A-00996B5A46F8}\DelDrv.exe" /U:{BA4DF4C3-196E-4128-969A-00996B5A46F8} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
DAO-->MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
DDX DWF Support-->MsiExec.exe /I{C51496B3-E15E-41D8-B812-9492E4EC86E0}
DDXGDIRenderer-->MsiExec.exe /I{0341796A-9224-48FB-AAE1-4079C7AE375E}
DDXSheetSets-->MsiExec.exe /I{57E7F262-3B6A-403E-81C2-E9D2B196D00C}
DDXViewX-->MsiExec.exe /I{92377672-DF6E-4D7C-AFFC-50B01254C488}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support-->MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
DWGDirectX Core-->MsiExec.exe /I{A7385936-7917-4210-9471-ECDF300D1D02}
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Google Earth Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Gmail Notifier-->C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\UninstallGmail.exe
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
Intel® PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
jv16 PowerTools 2006-->"C:\Program Files\jv16 PowerTools 2006\unins000.exe"
Lizardtech Express View Browser Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}" -l0x9
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office InfoPath MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 (Beta)-->MsiExec.exe /X{30120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 (Beta)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRO /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 (Beta)-->MsiExec.exe /X{30120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 (Beta)-->MsiExec.exe /X{30120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 (Beta)-->MsiExec.exe /X{30120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 (Beta)-->MsiExec.exe /X{30120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
MioTransfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F6DA398-707F-4D52-AE6A-7E812D1662D6}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDFExport-->MsiExec.exe /I{45873324-094C-4516-A84A-134A175A1CD6}
Pelstar-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pelstar\Uninst.isu"
Philips Media Manager 3.2.0.0138-->C:\Program Files\Philips\Media Manager\uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
SkyMap Pro 9-->C:\PROGRA~1\SKYMAP~1\UNWISE.EXE C:\PROGRA~1\SKYMAP~1\INSTALL.LOG
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SVGExport-->MsiExec.exe /I{3925DA22-2D9E-4AD4-9078-876120FE5FC6}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual Install Manager-->"C:\Program Files\Visual 2.0\Installation Manager\unins000.exe"
Visual Lighting Software-->"C:\Program Files\Visual 2.0\Program\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled) (outdated)
FW: ZoneAlarm Pro Firewall

======System event log======

Computer Name: OFFICE1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E98F2E3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 243305
Source Name: Dhcp
Time Written: 20090210074317.000000-300
Event Type: warning
User:

Computer Name: OFFICE1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E98F2E3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 243304
Source Name: Dhcp
Time Written: 20090210052811.000000-300
Event Type: warning
User:

Computer Name: OFFICE1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 243303
Source Name: W32Time
Time Written: 20090210023641.000000-300
Event Type: warning
User:

Computer Name: OFFICE1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E98F2E3E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 243302
Source Name: Dhcp
Time Written: 20090210005755.000000-300
Event Type: warning
User:

Computer Name: OFFICE1
Event Code: 18
Message: TIMEOUT<shellmon.exe> C:\....0k\shellrestart.exe

Record Number: 243301
Source Name: avgntflt
Time Written: 20090209203026.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: OFFICE1
Event Code: 57345
Message:
Record Number: 1037
Source Name: AliDiskViewer
Time Written: 20081015071418.000000-240
Event Type: error
User:

Computer Name: OFFICE1
Event Code: 57345
Message:
Record Number: 1036
Source Name: AliDiskViewer
Time Written: 20081015071418.000000-240
Event Type: error
User:

Computer Name: OFFICE1
Event Code: 57345
Message:
Record Number: 1035
Source Name: AliDiskViewer
Time Written: 20081015071418.000000-240
Event Type: error
User:

Computer Name: OFFICE1
Event Code: 57345
Message:
Record Number: 1034
Source Name: AliDiskViewer
Time Written: 20081015071418.000000-240
Event Type: error
User:

Computer Name: OFFICE1
Event Code: 57345
Message:
Record Number: 1032
Source Name: AliDiskViewer
Time Written: 20081014174508.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI.ACE
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"tvdumpflags"=8

-----------------EOF-----------------

Edited by spydertl182, 19 April 2009 - 11:36 AM.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 19 April 2009 - 01:30 PM

Hi spydertl182,



You can install Windows Recovery Console manually, Please do as instructed in the following.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


1.Drag the setup package onto ComboFix.exe and drop it.


2.Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


Posted Image


3.At the next prompt, click 'NO' to exit ComboFix scan.


After installing Windows Recovery Console, please do the following:


Step1
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Step2
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\fefeecbdef_s.ocx
C:\353454543.bat
c:\docume~1\Clay\LOCALS~1\Temp\user.bak
G:\loader.exe

Folder::
c:\program files\Coupons
c:\windows\Internet Logs
c:\windows\system32\wtqcque
c:\windows\system32\kyihfp
c:\windows\system32\gklkyit
c:\windows\system32\whqcij

Driver::
ASEService
TivoBeacon2
AdWatchDrv
ajiyare
fbfqwcl
qewwfpf
TLA13
ubikagj
ggxetgfejtcfyu
iefntsfbmrq
kgtfsqhccflm
kpnbdosyoy
yxgfpthlhjq

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e19e1d6-55cd-11dc-9519-00038a000015}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ajiyare]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fbfqwcl]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\qewwfpf]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TLA13]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ubikagj]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next reply, please post back:

1.Combofix log
2.RSIT log.txt

Tell me how your pc is running now.

#7 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 19 April 2009 - 04:23 PM

OK, I was able to install the recovery console and run Flash disinfector. I ran combofix with the text that you gave me. It ran and then restarted my computer. On restart, Avira and Zone Alarm tried to open. Combofix told me that it was the programs were running and to close them, so I disabled Avira and Zone Alarm then hit OK for it to continue. Since then, nothing happened and it never created a log. It is stuck on the preparing Log Report screen. I didn't want to run it again and risk messing something up. I did a search on my computer to see if a combofix log was created and it found one, but I'm not sure if it is the correct log. I will paste it below. Do I need to re-reun Combofix with your text again? Thanks.


ComboFix 09-04-19.04 - Clay 04/19/2009 15:18:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.215 [GMT -4:00]
Running from: C:\Documents and Settings\Clay\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clay\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*

FILE ::
C:\353454543.bat
c:\docume~1\Clay\LOCALS~1\Temp\user.bak
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\fefeecbdef_s.ocx
G:\loader.exe
.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Clay at 2009-04-19 17:20:45
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 78 GB (68%) free of 114 GB
Total RAM: 511 MB (32% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-13 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe [2005-07-15 479232]
"ISUSScheduler"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe [2006-09-11 86960]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2002-09-03 24576]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
C:\WINDOWS\system32\wzcdlg.dll [2004-08-04 378368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"SpecifyDefaultButtons"=0
"Btn_Search"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\SYSTEM32\dpnsvr.exe"="C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\EA Games\Battlefield 2\BF2.exe"="C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7540187-aa74-11db-94dc-00038a000015}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10dd8a3-64a3-11dc-951b-00038a000015}]
shell\AutoRun\command - G:\install\setup\setup.exe


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-04-19 15:25:05 ----A---- C:\WINDOWS\PSEXESVC.EXE
2009-04-19 15:16:28 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-19 15:16:15 ----D---- C:\ComboFix
2009-04-19 15:16:14 ----A---- C:\WINDOWS\system32\CF6101.exe
2009-04-19 15:13:11 ----RASHD---- C:\autorun.inf
2009-04-19 15:03:21 ----A---- C:\Boot.bak
2009-04-19 15:02:56 ----RASHD---- C:\cmdcons
2009-04-19 15:00:23 ----A---- C:\WINDOWS\system32\CF2979.exe
2009-04-19 14:54:44 ----SHD---- C:\RECYCLER
2009-04-19 12:20:25 ----D---- C:\Program Files\trend micro
2009-04-19 12:20:22 ----D---- C:\rsit
2009-04-19 04:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-19 04:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-19 04:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-19 04:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-19 04:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-19 04:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-19 04:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-19 01:08:41 ----A---- C:\WINDOWS\zip.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\vFind.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWSC.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\SWREG.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\sed.exe
2009-04-19 01:08:41 ----A---- C:\WINDOWS\grep.exe
2009-04-19 01:06:10 ----D---- C:\Qoobox
2009-04-14 23:57:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-14 00:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-13 23:56:18 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-13 23:56:18 ----D---- C:\Documents and Settings\Clay\Application Data\SUPERAntiSpyware.com
2009-04-13 23:55:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 23:52:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-06 22:45:25 ----D---- C:\WINDOWS\Prefetch
2009-04-05 23:46:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-05 23:46:33 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-04-05 23:42:13 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\cacls.exe
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-04-05 23:42:12 ----A---- C:\WINDOWS\system32\autochk.exe
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-04-05 23:42:11 ----A---- C:\WINDOWS\system32\cmd.exe
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\ftp.exe
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\format.com
2009-04-05 23:42:10 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-04-05 23:42:09 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-05 23:42:08 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-04-05 23:42:08 ----A---- C:\WINDOWS\system32\locator.exe
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-04-05 23:42:07 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-04-05 23:42:06 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-04-05 23:42:06 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-04-05 23:42:05 ----A---- C:\WINDOWS\system32\printui.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\samlib.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rasman.dll
2009-04-05 23:42:04 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\services.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\schannel.dll
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-04-05 23:42:03 ----A---- C:\WINDOWS\system32\savedump.exe
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\smss.exe
2009-04-05 23:42:02 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\untfs.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\ulib.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-04-05 23:42:01 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-04-05 23:42:00 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-05 23:41:59 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-04-05 23:41:59 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-04-05 23:41:44 ----A---- C:\WINDOWS\system32\hal.dll
2009-04-05 23:41:43 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-04-05 23:41:42 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-04-02 00:06:02 ----D---- C:\Program Files\jv16 PowerTools 2006

======List of files/folders modified in the last 1 months======

2009-04-19 16:54:24 ----D---- C:\Program Files\Mozilla Firefox
2009-04-19 15:41:26 ----D---- C:\WINDOWS\Internet Logs
2009-04-19 15:38:25 ----D---- C:\WINDOWS\Temp
2009-04-19 15:32:41 ----D---- C:\WINDOWS
2009-04-19 15:31:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-19 15:30:26 ----D---- C:\WINDOWS\system32\DRIVERS
2009-04-19 15:26:59 ----D---- C:\WINDOWS\system32\CONFIG
2009-04-19 15:25:12 ----D---- C:\WINDOWS\ERDNT
2009-04-19 15:23:47 ----D---- C:\WINDOWS\AppPatch
2009-04-19 15:23:47 ----AD---- C:\WINDOWS\SYSTEM32
2009-04-19 15:23:40 ----AD---- C:\Program Files\Common Files
2009-04-19 15:20:24 ----AD---- C:\Program Files
2009-04-19 15:03:22 ----RASH---- C:\BOOT.INI
2009-04-19 15:01:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-19 14:54:46 ----D---- C:\WINDOWS\Debug
2009-04-19 14:52:16 ----A---- C:\WINDOWS\WIN.INI
2009-04-19 09:27:30 ----A---- C:\WINDOWS\system.ini
2009-04-19 09:26:13 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-19 04:19:42 ----D---- C:\WINDOWS\system32\WBEM
2009-04-19 04:18:48 ----D---- C:\WINDOWS\SECURITY
2009-04-19 04:18:12 ----HD---- C:\WINDOWS\INF
2009-04-19 04:18:07 ----D---- C:\WINDOWS\system32\DLLCACHE
2009-04-19 04:08:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-19 04:07:52 ----SHD---- C:\WINDOWS\Installer
2009-04-19 04:07:52 ----SHD---- C:\Config.Msi
2009-04-19 04:04:08 ----D---- C:\Program Files\Internet Explorer
2009-04-15 17:29:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 22:57:56 ----D---- C:\WINDOWS\network diagnostic
2009-04-14 00:49:27 ----D---- C:\WINDOWS\Minidump
2009-04-13 23:51:33 ----D---- C:\Program Files\Java
2009-04-12 04:02:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-12 04:01:30 ----D---- C:\Program Files\Messenger
2009-04-06 23:27:32 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-04-06 22:43:38 ----D---- C:\WINDOWS\system32\Setup
2009-04-06 22:43:34 ----RSD---- C:\WINDOWS\Fonts
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-06 00:44:58 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-06 00:34:38 ----D---- C:\WINDOWS\WinSxS
2009-04-06 00:34:31 ----D---- C:\WINDOWS\system32\bits
2009-04-06 00:32:56 ----D---- C:\WINDOWS\system32\USMT
2009-04-06 00:32:46 ----D---- C:\WINDOWS\system32\Restore
2009-04-06 00:32:45 ----D---- C:\WINDOWS\system32\OOBE
2009-04-06 00:32:44 ----D---- C:\WINDOWS\system32\NPP
2009-04-06 00:29:48 ----D---- C:\WINDOWS\system32\Com
2009-04-06 00:24:29 ----D---- C:\WINDOWS\SYSTEM
2009-04-06 00:24:29 ----D---- C:\WINDOWS\SRCHASST
2009-04-06 00:19:28 ----D---- C:\WINDOWS\peernet
2009-04-06 00:19:21 ----D---- C:\WINDOWS\MSAGENT
2009-04-06 00:18:57 ----D---- C:\WINDOWS\IME
2009-04-06 00:18:55 ----D---- C:\WINDOWS\Help
2009-04-06 00:18:29 ----D---- C:\Program Files\Windows NT
2009-04-06 00:18:28 ----D---- C:\Program Files\Windows Media Player
2009-04-06 00:18:27 ----D---- C:\Program Files\Outlook Express
2009-04-06 00:18:24 ----D---- C:\Program Files\NetMeeting
2009-04-06 00:18:20 ----D---- C:\Program Files\Movie Maker
2009-04-06 00:17:53 ----D---- C:\Program Files\Common Files\System
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\scripting
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\en-us
2009-04-06 00:16:39 ----D---- C:\WINDOWS\system32\en
2009-04-06 00:16:36 ----D---- C:\WINDOWS\l2schemas
2009-04-06 00:16:14 ----SD---- C:\WINDOWS\Tasks
2009-04-05 23:53:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-05 23:40:51 ----D---- C:\WINDOWS\EHome
2009-04-05 21:34:16 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-04-05 21:34:16 ----D---- C:\Program Files\Google
2009-04-03 23:47:18 ----D---- C:\Documents and Settings\Clay\Application Data\AOL Identity Store
2009-04-02 00:41:42 ----D---- C:\Program Files\Pure Networks
2009-04-02 00:41:42 ----D---- C:\Program Files\Common Files\aol
2009-04-02 00:33:01 ----D---- C:\Program Files\AOL
2009-04-02 00:32:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-02 00:30:08 ----A---- C:\WINDOWS\msoffice.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-05 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-07-24 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-07-24 2560]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-26 8413]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-03-02 15890]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-03 105984]
R3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [2004-08-03 78336]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [2004-08-03 53760]
R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [2004-08-03 64512]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-09-03 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-12-09 493568]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-09-03 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-12-09 134032]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-12-09 115936]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2002-11-26 816576]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2002-11-26 135728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2007-12-02 9168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-03 13824]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-12-09 117120]
R3 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\System32\DRIVERS\atinpdxx.sys [2004-08-03 13824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\System32\DRIVERS\vsb.sys [2003-03-14 18180]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Clay\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2002-12-04 298384]
S3 CxUSB;Logitech QuickCam VC USB; C:\WINDOWS\System32\DRIVERS\CxUSB.sys [1999-02-19 18432]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 Jukebox;Jukebox; C:\WINDOWS\System32\DRIVERS\ctpdusb2.sys [2004-09-29 16752]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver; C:\WINDOWS\system32\DRIVERS\m4301A.sys [2003-08-05 83552]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2005-12-01 21760]
S3 RioDrv;Rio600 driver; C:\WINDOWS\System32\Drivers\RioDrv.sys [2002-08-29 12032]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 RIOXDRV;SONICblue Rio generic driver XP+; C:\WINDOWS\System32\Drivers\RIOXDRV.sys [2004-02-15 17152]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2003-03-14 69932]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-13 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-15 202512]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 PSEXESVC;PsExec; C:\WINDOWS\PSEXESVC.EXE [2009-04-19 53248]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-04-25 437008]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-04-25 138504]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-09 66872]

-----------------EOF-----------------

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 19 April 2009 - 04:55 PM

Hi spydertl182,

The combofix log is the right one. Can you post the whole log?

Please tell me how your pc is running now. Thanks.

#9 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 19 April 2009 - 05:40 PM

That was the whole log that the search found. That is why I thought maybe there was a problem. I searched it again and am pasting the entire contents of the log below. The computer seems to be running slower than it has. A java icon appeared in the tray but now it is invisible, I know its there because I can mouse over it. Internet explorer will still not open pages. Thanks for all of your help.



ComboFix 09-04-19.04 - Clay 04/19/2009 15:18:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.215 [GMT -4:00]
Running from: C:\Documents and Settings\Clay\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clay\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Pro Firewall *enabled*

FILE ::
C:\353454543.bat
c:\docume~1\Clay\LOCALS~1\Temp\user.bak
c:\windows\9g2234wesdf3dfgjf23
c:\windows\system32\fefeecbdef_s.ocx
G:\loader.exe
.

Edited by spydertl182, 19 April 2009 - 05:55 PM.


#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 20 April 2009 - 03:11 AM

Hi spydertl182,


Internet explorer will still not open pages


Due to malware issues, the Zone Alarm Firewall sometimes will block any access to web pages. You should uninstall it for temporarily, and reinstall it after your system is clean.

I notice you have java leftovers in the following, please uninstall the outdated java via Add/Remove Programs.

Java™ 6 Update 6
Java™ 6 Update 7



Step1

Please delete combofix and redownload a new one to your desktop. Disable the real time protection of antivirus or antispyware. Now, rerun combofix without CFScript as instructed in my previous post #4. Then post the combofix log in your next reply.


Step2

Download AVZ4 from here :
  • Unzip the file and place it on your desktop.
  • Open the avz4 folder and doubleclick avz.exe to start the tool.
  • On top in the menu, click File menu, Click "Database Update" and Press "Start" button and let it run.
  • After that, please click System Restore from File menu and select the following.

    Reset Internet Explorer setting of Protocol Prefixes to default (Choice #2)
    Restore Internet Explorer start page (Choice #3)
    Reset Internet Explore search setting to default (Choice #4)


  • Click the "Execute selected Operations" button below.
  • Close avz.exe.
  • Reboot your PC.
Step3

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4
  • Please run a BitDefender Online Scan, which is only compatible with Internet Explorer.
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
I will give you another one , just in case. :thumbup2:


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


In you next reply, please post back:


1.Combofix log
2.BitDefender online scan report.
3.New DDS log.

Tell me any remaining problems you're experiencing. Thanks.

Edited by sundavis, 20 April 2009 - 03:14 AM.


#11 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 20 April 2009 - 06:28 AM

Sundavis, thanks for getting back with me. I will do everything you have listed this evening, I've got to go to work and class today so I won't be able to get to it til later today. Thanks again for all of you help.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 20 April 2009 - 06:31 AM

Hi spydertl182,


Thanks for the update. Good luck! :thumbup2:

#13 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 21 April 2009 - 09:33 AM

Sorry for the delay. I uninstalled Java and ZoneAlarm and ran AVZ4. I tried to open Internet Explorer and type a URL in the address bar. It looks like it cycles through several sites trying to get it to open one. For example if I type google.com, in the bottom left of IE it says opening google.com.com then google.com.net then google.com.org, etc. It searches for a few seconds then pops up a message saying "Internet Explorer could not open the search page".

So, since IE will not let me open pages, I could not run the BitDefender online scan. I was able to do everything else fine though. The computer seems a lot better, really the only thing I notice anymore is IE not opening pages. I am running IE Version 6.0, I have tried to download newer versions but it will not download. I don't know if that had anything to do with it. Also, the Windows Update that pops up in the tray (I believe its for Service Pack 3) starts the download and will never complete, it gets mostly done and then runs into an error and then uninstalls itself. Logs are below, and as always I really appreciate your help.



ComboFix 09-04-21.07 - Clay 04/20/2009 23:20.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.210 [GMT -4:00]
Running from: c:\documents and settings\Clay\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\353454543.bat
c:\program files\Coupons
c:\program files\Coupons\uninstall.exe
c:\windows\9g2234wesdf3dfgjf23
c:\windows\Internet Logs\BACKUP.RDB
c:\windows\Internet Logs\dumpIndex
c:\windows\Internet Logs\installer_040408131647.log
c:\windows\Internet Logs\installer_04050913310.log
c:\windows\Internet Logs\installer_051108203610.log
c:\windows\Internet Logs\installer_051408151129.log
c:\windows\Internet Logs\installer_09140882750.log
c:\windows\Internet Logs\installer_110708145242.log
c:\windows\Internet Logs\installer_120407183005.log
c:\windows\Internet Logs\tvDebug.zip
c:\windows\Internet Logs\vsmon_2nd_2007_01_10_08_10_17_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_01_10_08_10_25_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_02_01_21_38_35_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_04_13_11_17_44_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_04_13_16_33_40_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_04_20_02_42_24_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2007_04_21_20_05_09_small.dmp.zip
c:\windows\Internet Logs\vsmon_on_demand_2007_04_13_11_19_04_full.dmp.zip
c:\windows\Internet Logs\vsmon_on_demand_2007_04_13_16_39_14_full.dmp.zip
c:\windows\Internet Logs\vsmon_on_demand_2007_04_21_20_10_42_full.dmp.zip
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Internet Logs\xDB7.tmp
c:\windows\Internet Logs\xDB8.tmp
c:\windows\Internet Logs\xDB9.tmp
c:\windows\Internet Logs\xDBA.tmp
c:\windows\Internet Logs\ZALog.txt
c:\windows\Internet Logs\ZL_CM_Log.txt
c:\windows\system32\fefeecbdef_s.ocx
c:\windows\Internet Logs . . . . failed to delete
c:\windows\Internet Logs\fwdbglog.txt . . . . failed to delete
c:\windows\Internet Logs\fwpktlog.txt . . . . failed to delete
c:\windows\Internet Logs\IAMDB.RDB . . . . failed to delete
c:\windows\Internet Logs\OFFICE1.ldb . . . . failed to delete
c:\windows\Internet Logs\tvDebug.log . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADWATCHDRV
-------\Legacy_AJIYARE
-------\Legacy_ASESERVICE
-------\Legacy_FBFQWCL
-------\Legacy_GGXETGFEJTCFYU
-------\Legacy_IEFNTSFBMRQ
-------\Legacy_KGTFSQHCCFLM
-------\Legacy_KPNBDOSYOY
-------\Legacy_QEWWFPF
-------\Legacy_TIVOBEACON2
-------\Legacy_TLA13
-------\Legacy_UBIKAGJ
-------\Legacy_YXGFPTHLHJQ
-------\Service_AdWatchDrv
-------\Service_ASEService
-------\Service_ggxetgfejtcfyu
-------\Service_iefntsfbmrq
-------\Service_kgtfsqhccflm
-------\Service_kpnbdosyoy
-------\Service_TivoBeacon2
-------\Service_yxgfpthlhjq


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-19 19:13 . 2009-04-19 19:13 -------- d-sha-r C:\autorun.inf
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w C:\rsit
2009-04-17 09:04 . 2009-02-20 08:14 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-04-17 01:58 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:58 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 01:58 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 01:58 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 01:58 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:58 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:58 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 01:58 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:58 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:56 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 03:57 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 03:57 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 04:16 . 2009-04-14 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-14 03:56 . 2009-04-14 03:56 -------- d-----w c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com
2009-04-14 03:52 . 2009-04-14 03:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 03:46 . 2004-08-04 07:56 88064 ----a-w c:\windows\system32\dllcache\p2pnetsh.dll
2009-04-06 03:45 . 2004-08-04 07:56 34816 ----a-w c:\windows\system32\dllcache\sniffpol.dll
2009-04-06 03:44 . 2004-08-04 07:56 163840 ----a-w c:\windows\system32\dllcache\diskpart.exe
2009-04-06 03:43 . 2009-02-20 08:14 449024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-04-06 03:42 . 2008-07-03 13:03 8460800 ----a-w c:\windows\system32\dllcache\shell32.dll
2009-04-06 03:41 . 2009-02-09 10:19 1846272 ----a-w c:\windows\system32\win32k.sys
2009-04-01 23:28 . 2009-04-01 23:28 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AOL
2009-04-01 03:09 . 2009-04-16 00:00 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-01 03:09 . 2009-04-01 03:09 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 11:30 . 2004-05-09 22:50 -------- d-----w c:\program files\Java
2009-04-19 19:32 . 2007-01-10 04:57 4212 ---ha-w c:\windows\SYSTEM32\zllictbl.dat
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w c:\program files\trend micro
2009-04-15 21:29 . 2004-03-21 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-15 03:57 . 2009-04-15 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 04:16 . 2009-04-14 03:56 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-14 03:55 . 2009-04-14 03:55 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-06 04:16 . 2002-08-29 10:00 250032 --sha-r C:\NTLDR
2009-04-06 03:10 . 2009-04-06 03:07 290 ------w C:\Win32.Worm.Downladup.Gen.log
2009-04-06 01:34 . 2005-05-15 05:39 -------- d-----w c:\program files\Google
2009-04-04 03:47 . 2004-07-28 03:19 -------- d-----w c:\documents and settings\Clay\Application Data\AOL Identity Store
2009-04-02 04:41 . 2005-03-07 22:34 -------- d-----w c:\program files\Pure Networks
2009-04-02 04:41 . 2003-05-01 13:36 -------- d-----w c:\program files\Common Files\aol
2009-04-02 04:06 . 2009-04-02 04:06 -------- d-----w c:\program files\jv16 PowerTools 2006
2009-03-21 14:18 . 2009-04-06 03:42 986112 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-17 03:33 . 2004-09-22 20:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:44 . 2002-08-29 10:00 283648 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-02 23:27 . 2009-04-06 03:43 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-24 00:27 . 2003-05-08 02:14 120376 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 21:44 . 2009-04-06 03:44 3067904 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-19 09:50 . 2009-04-06 03:47 18432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
2009-02-09 10:20 . 2009-04-06 03:43 399360 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 10:20 . 2004-04-18 08:06 399360 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 616960 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 10:20 . 2009-04-06 03:42 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 10:19 . 2009-04-06 03:41 1846272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 17:22 . 2009-04-06 03:46 2136064 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 17:14 . 2009-04-06 03:42 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 16:54 . 2002-08-29 10:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 16:49 . 2009-04-06 03:46 2015744 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 20:08 . 2002-08-29 10:00 55808 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-01-25 22:13 . 2003-05-11 15:21 120376 -c--a-w c:\documents and settings\Clay\Application Data\GDIPFONTCACHEV1.DAT
2008-11-19 21:34 . 2008-09-30 14:03 5632 -csha-w c:\program files\Thumbs.db
2008-06-30 01:52 . 2008-05-14 18:51 15771 ----a-w c:\documents and settings\Clay\mpr.dat
2007-07-28 14:46 . 2003-05-08 02:02 118408 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-19 03:23 . 2007-06-18 03:23 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-10-18 23:08 . 2006-10-18 23:08 126 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\fusioncache.dat
2006-07-13 22:37 . 2003-09-04 14:51 118016 -c--a-w c:\documents and settings\Carol\Application Data\GDIPFONTCACHEV1.DAT
2006-06-10 12:13 . 2003-05-08 20:20 118016 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-01 18:14 . 2006-01-01 18:14 774144 -c--a-w c:\program files\RngInterstitial.dll
2005-09-18 15:46 . 2005-09-14 03:54 108776 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 18:47 . 2005-09-16 18:47 108776 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-11-29 21:48 . 2004-11-29 21:48 0 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\dlm.dat
2004-03-17 05:38 . 2004-03-17 05:38 128 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\fusioncache.dat
2004-03-09 21:27 . 2004-03-09 21:27 127 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-19_13.27.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-20 11:37 . 2009-04-20 11:37 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-09-11 86960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2002-09-03 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=

R2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 getPlus® Helper;getPlus® Helper; [x]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\DRIVERS\m4301A.sys [2003-08-05 83552]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7540187-aa74-11db-94dc-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10dd8a3-64a3-11dc-951b-00038a000015}]
\Shell\AutoRun\command - g:\install\setup\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\CLEANMGR.EXE [2002-08-29 07:56]

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 23:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2908)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-21 23:36
ComboFix-quarantined-files.txt 2009-04-21 03:34
ComboFix2.txt 2009-04-19 13:40

Pre-Run: 82,907,140,096 bytes free
Post-Run: 82,887,110,656 bytes free

267 --- E O F --- 2009-04-19 08:18





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 21, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 21, 2009 05:18:28
Records in database: 2065034
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 152041
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 06:58:08


File name / Threat name / Threats count
C:\Documents and Settings\Clay\My Documents\FrostWire\Incomplete\T-3098403-02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\_OTMoveIt\MovedFiles\07012008_124327\Program Files\rhcrl9j0ejcg\Uninstall.exe Infected: Trojan-Downloader.Win32.FraudLoad.vaxg 1

The selected area was scanned.





DDS (Ver_09-03-16.01) - NTFSx86

Run by Clay at 10:28:34.45 on Tue 04/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.165 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Clay\Local Settings\temp\jkos-Clay\binaries\ScanningProcess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Clay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
uDefault_Search_URL =
uSearch Bar =
mDefault_Search_URL =
mSearch Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = about:blank
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = about:blank
mSearchAssistant = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &ATI TV: {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clay\applic~1\mozilla\firefox\profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\clay\application data\mozilla\firefox\profiles\qq3t3mmv.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-30 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-30 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-30 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-30 52032]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2005-3-3 83552]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2004-2-18 12032]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [2004-2-15 17152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-7 44928]

=============== Created Last 30 ================

2009-04-19 15:13 <DIR> a-dshr-- C:\autorun.inf
2009-04-19 15:02 <DIR> a-dshr-- C:\cmdcons
2009-04-19 12:20 <DIR> --d----- c:\program files\trend micro
2009-04-19 01:08 161,792 a------- c:\windows\SWREG.exe
2009-04-19 01:08 98,816 a------- c:\windows\sed.exe
2009-04-17 05:04 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-16 21:58 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 21:58 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-16 21:58 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 21:58 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 21:58 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 21:58 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 21:58 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 21:58 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 21:58 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 21:56 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 23:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 23:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 23:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-13 23:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-13 23:56 <DIR> --d----- c:\docume~1\clay\applic~1\SUPERAntiSpyware.com
2009-04-13 23:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-13 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 23:46 877,149 a------- c:\windows\system32\dllcache\ati3d1ag.dll
2009-04-05 23:45 741,376 a------- c:\windows\system32\dllcache\sapi.dll
2009-04-05 23:44 163,840 a------- c:\windows\system32\dllcache\diskpart.exe
2009-04-05 23:43 449,024 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-05 23:42 8,460,800 a------- c:\windows\system32\dllcache\shell32.dll
2009-04-05 23:41 1,846,272 a------- c:\windows\system32\win32k.sys
2009-04-02 00:06 <DIR> --d----- c:\program files\jv16 PowerTools 2006
2009-03-31 23:09 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-31 23:09 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-04-19 15:32 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 19:27 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 17:44 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2009-02-19 05:50 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 13:22 2,136,064 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 12:49 2,015,744 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 16:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-25 18:13 120,376 ac------ c:\docume~1\clay\applic~1\GDIPFONTCACHEV1.DAT
2008-11-19 17:34 5,632 ac-sh--- c:\program files\Thumbs.db
2008-06-29 21:52 15,771 a------- c:\documents and settings\clay\mpr.dat
2007-04-18 23:23 32 a----r-- c:\documents and settings\all users\hash.dat
2006-01-01 14:14 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 10:30:10.29 ===============

Attached Files


Edited by spydertl182, 21 April 2009 - 10:10 AM.


#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:18 AM

Posted 21 April 2009 - 11:12 AM

Hi spydertl182,


Let's try another approach. By the way, do you have installation disk handy? Please specify that info in your next reply. Thanks.


Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\Documents and Settings\Clay\My Documents\FrostWire\Incomplete\T-3098403-02 Track 2.wma 

DDS::
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2


Please download the HostsXpert from Here

Unzip HostsXpert to your desktop and open up the HostsXpert program.
  • Make sure that the "make hosts writable?" button in the upper left corner is enabled.
  • Click back up Host files
  • Click "Restore MS Hosts File"
  • Exit the program
Click Start>Run> Type/Paste the following bold into run box and hit enter

ipconfig /flushdns

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Open IE, select Tools > Internet Options. Select the Connections tab.
  • If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  • In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  • Click OK.
After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.


Step3


We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix

In your next reply, please post back:


1.Combofix log
2.New DDS log


Tell me how things went. :thumbup2:

#15 spydertl182

spydertl182
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 21 April 2009 - 11:47 PM

I have run the scans and the logs are below, I didn't have any problems with any of the other steps. When running Dial-a-fix, several error messages popped up when it was running under the WU/WUAU Fix Windows Update boxes and Registration center boxes. IE is working now! Pages open like normal. I don't know what you did, but I really appreciate you getting that back in working order. Outwardly, the computer seems to be running fine, on start-up Avira (or some other anti virus program that is running) finds some sort of worm (didn't write it down) with Flash Disinfector. I figured since it was found in Flash Disinfector that it was not a threat, so ignored it.

I received an e-mail from American Express that an unauthorized charge was made to my account today. They denied it before it went through. I have not seen any other attempts on any of my other accounts. I logged into the AMEX website on this computer today to make a payment. I don't know if there is some sort of keylogger or something that could have been used to steal my password. I have not logged into my other accounts on this computer. Do you think the unauthorized charge is due to the infection and me logging into the website today? What do I need to do to make sure that it cannot happen again.

As always, I really appreciate all of the help you have given me.


ComboFix 09-04-22.02 - Clay 04/21/2009 23:13.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.235 [GMT -4:00]
Running from: c:\documents and settings\Clay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clay\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

FILE ::
c:\documents and settings\Clay\My Documents\FrostWire\Incomplete\T-3098403-02 Track 2.wma
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Clay\My Documents\FrostWire\Incomplete\T-3098403-02 Track 2.wma

.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-19 19:13 . 2009-04-19 19:13 -------- d-sha-r C:\autorun.inf
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w C:\rsit
2009-04-17 09:04 . 2009-02-20 08:14 81920 ------w c:\windows\system32\dllcache\ieencode.dll
2009-04-17 01:58 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:58 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 01:58 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 01:58 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 01:58 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:58 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:58 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 01:58 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:58 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:56 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 03:57 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 03:57 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 04:16 . 2009-04-14 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-14 03:56 . 2009-04-14 03:56 -------- d-----w c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com
2009-04-14 03:52 . 2009-04-14 03:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 03:46 . 2004-08-04 07:56 88064 ----a-w c:\windows\system32\dllcache\p2pnetsh.dll
2009-04-06 03:45 . 2004-08-04 07:56 34816 ----a-w c:\windows\system32\dllcache\sniffpol.dll
2009-04-06 03:44 . 2004-08-04 07:56 163840 ----a-w c:\windows\system32\dllcache\diskpart.exe
2009-04-06 03:43 . 2009-02-20 08:14 449024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-04-06 03:42 . 2008-07-03 13:03 8460800 ----a-w c:\windows\system32\dllcache\shell32.dll
2009-04-06 03:41 . 2009-02-09 10:19 1846272 ----a-w c:\windows\system32\win32k.sys
2009-04-01 23:28 . 2009-04-01 23:28 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AOL
2009-04-01 03:09 . 2009-04-16 00:00 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-01 03:09 . 2009-04-01 03:09 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 11:30 . 2004-05-09 22:50 -------- d-----w c:\program files\Java
2009-04-19 19:32 . 2007-01-10 04:57 4212 ---ha-w c:\windows\SYSTEM32\zllictbl.dat
2009-04-19 16:20 . 2009-04-19 16:20 -------- d-----w c:\program files\trend micro
2009-04-15 21:29 . 2004-03-21 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-15 03:57 . 2009-04-15 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 04:16 . 2009-04-14 03:56 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-14 03:55 . 2009-04-14 03:55 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-06 04:16 . 2002-08-29 10:00 250032 --sha-r C:\NTLDR
2009-04-06 03:10 . 2009-04-06 03:07 290 ------w C:\Win32.Worm.Downladup.Gen.log
2009-04-06 01:34 . 2005-05-15 05:39 -------- d-----w c:\program files\Google
2009-04-04 03:47 . 2004-07-28 03:19 -------- d-----w c:\documents and settings\Clay\Application Data\AOL Identity Store
2009-04-02 04:41 . 2005-03-07 22:34 -------- d-----w c:\program files\Pure Networks
2009-04-02 04:41 . 2003-05-01 13:36 -------- d-----w c:\program files\Common Files\aol
2009-04-02 04:06 . 2009-04-02 04:06 -------- d-----w c:\program files\jv16 PowerTools 2006
2009-03-21 14:18 . 2009-04-06 03:42 986112 ----a-w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-17 03:33 . 2004-09-22 20:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:44 . 2002-08-29 10:00 283648 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-02 23:27 . 2009-04-06 03:43 1499136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
2009-02-24 00:27 . 2003-05-08 02:14 120376 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 21:44 . 2009-04-06 03:44 3067904 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2009-02-19 09:50 . 2009-04-06 03:47 18432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
2009-02-09 10:20 . 2009-04-06 03:43 399360 ----a-w c:\windows\SYSTEM32\DLLCACHE\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 10:20 . 2009-04-06 03:42 723456 ----a-w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 10:20 . 2004-04-18 08:06 399360 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 10:20 . 2009-04-06 03:42 616960 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 10:20 . 2009-04-06 03:42 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 10:19 . 2009-04-06 03:41 1846272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 17:24 . 2009-04-06 03:41 2180480 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 17:22 . 2009-04-06 03:46 2136064 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 17:14 . 2009-04-06 03:42 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 16:54 . 2002-08-29 10:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 16:49 . 2009-04-06 03:46 2015744 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-06 16:49 . 2009-04-06 03:41 2057728 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 20:08 . 2002-08-29 10:00 55808 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-01-25 22:13 . 2003-05-11 15:21 120376 -c--a-w c:\documents and settings\Clay\Application Data\GDIPFONTCACHEV1.DAT
2008-11-19 21:34 . 2008-09-30 14:03 5632 -csha-w c:\program files\Thumbs.db
2008-06-30 01:52 . 2008-05-14 18:51 15771 ----a-w c:\documents and settings\Clay\mpr.dat
2007-07-28 14:46 . 2003-05-08 02:02 118408 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-19 03:23 . 2007-06-18 03:23 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-10-18 23:08 . 2006-10-18 23:08 126 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\fusioncache.dat
2006-07-13 22:37 . 2003-09-04 14:51 118016 -c--a-w c:\documents and settings\Carol\Application Data\GDIPFONTCACHEV1.DAT
2006-06-10 12:13 . 2003-05-08 20:20 118016 -c--a-w c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-01-01 18:14 . 2006-01-01 18:14 774144 -c--a-w c:\program files\RngInterstitial.dll
2005-09-18 15:46 . 2005-09-14 03:54 108776 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 18:47 . 2005-09-16 18:47 108776 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-11-29 21:48 . 2004-11-29 21:48 0 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\dlm.dat
2004-03-17 05:38 . 2004-03-17 05:38 128 -c--a-w c:\documents and settings\Carol\Local Settings\Application Data\fusioncache.dat
2004-03-09 21:27 . 2004-03-09 21:27 127 -c--a-w c:\documents and settings\Clay\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-19_13.27.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 04:14 . 2009-04-21 04:14 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-09-11 86960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-25 180269]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2002-09-03 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=

R2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 getPlus® Helper;getPlus® Helper; [x]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\DRIVERS\m4301A.sys [2003-08-05 83552]
R3 RioDrv;Rio600 driver;c:\windows\system32\Drivers\RioDrv.sys [2002-08-29 12032]
R3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\Drivers\RIOXDRV.sys [2004-02-15 17152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AntiVirScheduler
*Deregistered* - AntiVirService
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - gupdate1c98c8fddbc1e38
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PnkBstrB
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - w32time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7540187-aa74-11db-94dc-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10dd8a3-64a3-11dc-951b-00038a000015}]
\Shell\AutoRun\command - g:\install\setup\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\CLEANMGR.EXE [2002-08-29 07:56]

2009-04-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL =
mStart Page = about:blank
mSearch Bar =
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\Clay\Application Data\Mozilla\Firefox\Profiles\qq3t3mmv.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Clay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-22 23:25
ComboFix-quarantined-files.txt 2009-04-22 03:24
ComboFix2.txt 2009-04-21 03:36
ComboFix3.txt 2009-04-19 13:40

Pre-Run: 82,798,854,144 bytes free
Post-Run: 82,845,548,544 bytes free

258 --- E O F --- 2009-04-19 08:18






DDS (Ver_09-03-16.01) - NTFSx86

Run by Clay at 0:43:06.32 on Wed 04/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.172 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Clay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Search_URL =
mSearch Bar =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &ATI TV: {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [ISUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: &eBay Search
IE: &Subscribe to this feed
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {47BA1C40-CA2F-42BE-AE8E-44816210754E} = 68.59.176.5
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clay\applic~1\mozilla\firefox\profiles\qq3t3mmv.default\
FF - component: c:\documents and settings\clay\application data\mozilla\firefox\profiles\qq3t3mmv.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-30 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-30 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-30 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-30 52032]
S2 gupdate1c98c8fddbc1e38;Google Update Service (gupdate1c98c8fddbc1e38);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2005-3-3 83552]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2004-2-18 12032]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [2004-2-15 17152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-7 44928]

=============== Created Last 30 ================

2009-04-22 00:04 <DIR> --d----- c:\windows\system32\CatRoot2
2009-04-21 23:58 <DIR> --ds---- c:\documents and settings\clay\UserData
2009-04-21 23:10 <DIR> --d----- C:\ComboFix
2009-04-19 15:13 <DIR> a-dshr-- C:\autorun.inf
2009-04-19 15:02 <DIR> a-dshr-- C:\cmdcons
2009-04-19 12:20 <DIR> --d----- c:\program files\trend micro
2009-04-19 01:08 161,792 a------- c:\windows\SWREG.exe
2009-04-19 01:08 98,816 a------- c:\windows\sed.exe
2009-04-17 05:04 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-04-16 21:58 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 21:58 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-16 21:58 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 21:58 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 21:58 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 21:58 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 21:58 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 21:58 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 21:58 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 21:56 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 23:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 23:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 23:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-13 23:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-13 23:56 <DIR> --d----- c:\docume~1\clay\applic~1\SUPERAntiSpyware.com
2009-04-13 23:55 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-13 23:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 23:46 877,149 a------- c:\windows\system32\dllcache\ati3d1ag.dll
2009-04-05 23:45 741,376 a------- c:\windows\system32\dllcache\sapi.dll
2009-04-05 23:44 163,840 a------- c:\windows\system32\dllcache\diskpart.exe
2009-04-05 23:43 449,024 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-05 23:42 8,460,800 a------- c:\windows\system32\dllcache\shell32.dll
2009-04-05 23:41 1,846,272 a------- c:\windows\system32\win32k.sys
2009-04-02 00:06 <DIR> --d----- c:\program files\jv16 PowerTools 2006

==================== Find3M ====================

2009-04-19 15:32 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 19:27 1,499,136 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-20 17:44 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2009-02-19 05:50 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 13:22 2,136,064 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 12:49 2,015,744 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 16:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll
2009-01-25 18:13 120,376 ac------ c:\docume~1\clay\applic~1\GDIPFONTCACHEV1.DAT
2008-11-19 17:34 5,632 ac-sh--- c:\program files\Thumbs.db
2008-06-29 21:52 15,771 a------- c:\documents and settings\clay\mpr.dat
2007-04-18 23:23 32 a----r-- c:\documents and settings\all users\hash.dat
2006-01-01 14:14 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 0:44:30.68 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users