Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack and BLUE SCREEN!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Gaitedfarms

Gaitedfarms

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 23 April 2009 - 07:19 AM

For the past few days, I've had some sort of hijack. I'll do a google search, then when I click on a result, it redirects me to some sort of best search or something like that. I did a combofix and believe that is fixed now, but then, today, twice while online, it sent me to a big blue screen saying there was an error and I had to shut my computer down. PLEASE HELP ASAP!

I tried doing a system restore, but nothing happens when I click "next" in system restore on any checkpoint, I think it's blocking that somehow.

The blue screen says DRIVER_IRQL_NOT_LESS_OR_EQUAL and technical info STOP: 0X000000D1 (0XE1BE1000, 0X00000002, 0X00000000, 0XEFFA1CF1)


HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14 AM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119452371437
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0287471239964784) (0287471239964784mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\028747~1.EXE (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c96a9ed60a749a) (gupdate1c96a9ed60a749a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8121 bytes


RSIT LOGS

Logfile of random's system information tool 1.06 (written by random/random)
Run by Klawitter at 2009-04-23 11:05:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 91 GB (80%) free of 114 GB
Total RAM: 510 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:59 AM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Klawitter\Desktop\Spyware, Adware, Virus Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Klawitter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119452371437
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0287471239964784) (0287471239964784mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\028747~1.EXE (file missing)
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c96a9ed60a749a) (gupdate1c96a9ed60a749a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8239 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AdAwareUpdate Weekly software update.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-26 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-26 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-26 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-23 516440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-27 1830128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-01 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-06-04 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-07-08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-01 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-23 11:04:05 ----SHDC---- C:\RECYCLER
2009-04-23 10:58:19 ----AC---- C:\ComboFix.txt
2009-04-23 10:46:06 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-04-23 10:36:18 ----AC---- C:\Boot.bak
2009-04-23 10:36:14 ----RASHDC---- C:\cmdcons
2009-04-23 10:34:44 ----A---- C:\WINDOWS\zip.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\vFind.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\SWSC.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\SWREG.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\sed.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-23 10:34:44 ----A---- C:\WINDOWS\grep.exe
2009-04-23 10:34:23 ----D---- C:\WINDOWS\ERDNT
2009-04-23 10:34:18 ----DC---- C:\Qoobox
2009-04-23 10:26:16 ----DC---- C:\rsit
2009-04-23 09:22:21 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-23 08:46:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 07:27:40 ----A---- C:\WINDOWS\system32\sf87wuijndoio43j.dll
2009-04-18 22:25:43 ----A---- C:\WINDOWS\Crack Installer Uninstall Log.txt
2009-04-18 22:21:41 ----D---- C:\WINDOWS\Crack Installer
2009-04-18 22:21:41 ----D---- C:\Program Files\Crack Installer
2009-04-18 22:20:39 ----A---- C:\WINDOWS\Crack Installer Setup Log.txt
2009-04-18 22:03:56 ----A---- C:\WINDOWS\kdiue732.txt
2009-04-18 21:57:49 ----D---- C:\Program Files\WinZip
2009-04-18 21:22:24 ----D---- C:\Program Files\GIMP-2.0
2009-04-16 18:12:54 ----SHD---- C:\WINDOWS\ftpcache
2009-04-16 03:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 15:58:16 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-08 03:01:22 ----A---- C:\WINDOWS\imsins.BAK
2009-04-08 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-04-07 09:47:18 ----D---- C:\Documents and Settings\Klawitter\Application Data\uniblue
2009-04-07 09:44:46 ----D---- C:\Program Files\Uniblue
2009-04-07 09:10:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-07 09:10:10 ----D---- C:\Program Files\MSBuild
2009-04-07 09:09:44 ----D---- C:\Program Files\Reference Assemblies
2009-04-07 09:06:12 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-04-07 09:06:09 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-04-07 09:06:08 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-04-07 09:06:04 ----DC---- C:\6fb5180571826aca02f0be7ff0b7b264
2009-04-07 09:04:39 ----D---- C:\WINDOWS\SxsCaPendDel
2009-04-07 08:37:20 ----RHDC---- C:\AHCache
2009-03-30 09:40:49 ----D---- C:\Program Files\Romopolis
2009-03-30 09:40:02 ----D---- C:\Program Files\SpongeBob Atlantis SquareOff
2009-03-30 09:37:48 ----D---- C:\Program Files\Candy Land - Dora the Explorer Edition
2009-03-28 21:51:45 ----D---- C:\Documents and Settings\Klawitter\Application Data\CyberLink
2009-03-24 13:57:21 ----D---- C:\Program Files\Windows Live Safety Center

======List of files/folders modified in the last 1 months======

2009-04-23 11:03:11 ----D---- C:\WINDOWS\Temp
2009-04-23 11:01:26 ----D---- C:\Program Files\Mozilla Firefox
2009-04-23 10:58:23 ----D---- C:\WINDOWS\system32\drivers
2009-04-23 10:58:23 ----D---- C:\WINDOWS\system32
2009-04-23 10:58:20 ----D---- C:\WINDOWS
2009-04-23 10:56:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-23 10:52:07 ----AC---- C:\WINDOWS\system.ini
2009-04-23 10:51:19 ----SD---- C:\WINDOWS\Tasks
2009-04-23 10:48:49 ----D---- C:\WINDOWS\AppPatch
2009-04-23 10:48:49 ----D---- C:\Program Files\Common Files
2009-04-23 10:45:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-23 10:37:03 ----RD---- C:\Program Files
2009-04-23 10:36:18 ----RASHC---- C:\boot.ini
2009-04-23 10:34:45 ----D---- C:\WINDOWS\Prefetch
2009-04-23 09:02:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-23 08:46:10 ----HDC---- C:\Config.Msi
2009-04-23 08:46:08 ----SHD---- C:\WINDOWS\Installer
2009-04-23 08:45:09 ----D---- C:\Program Files\Lavasoft
2009-04-23 08:45:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-23 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-04-23 07:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-23 06:32:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-23 06:25:40 ----D---- C:\Program Files\SpywareBlaster
2009-04-22 23:34:43 ----HD---- C:\WINDOWS\inf
2009-04-22 22:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-21 23:32:09 ----D---- C:\Documents and Settings\Klawitter\Application Data\gtk-2.0
2009-04-20 18:15:52 ----D---- C:\Documents and Settings\Klawitter\Application Data\LimeWire
2009-04-20 10:52:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-20 10:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 21:59:58 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-04-17 06:39:11 ----D---- C:\Program Files\McAfee
2009-04-16 03:17:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 03:12:30 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 03:05:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-16 03:05:09 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 03:05:09 ----D---- C:\Program Files\Internet Explorer
2009-04-16 03:02:09 ----D---- C:\WINDOWS\Debug
2009-04-16 03:01:39 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 14:52:36 ----AC---- C:\WINDOWS\wininit.ini
2009-04-14 14:52:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-14 14:52:04 ----D---- C:\Program Files\Panda Security
2009-04-08 03:02:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-07 09:27:50 ----RSD---- C:\WINDOWS\assembly
2009-04-07 09:23:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-07 09:16:51 ----D---- C:\WINDOWS\WinSxS
2009-04-07 09:10:00 ----RSD---- C:\WINDOWS\Fonts
2009-04-07 09:08:33 ----D---- C:\WINDOWS\system32\spool
2009-04-07 08:30:00 ----A---- C:\WINDOWS\win.ini
2009-04-07 08:29:49 ----D---- C:\WINDOWS\pss
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-30 13:53:26 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2009-03-30 09:28:54 ----D---- C:\Program Files\bfgclient
2009-03-27 13:48:15 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-24 13:57:27 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-05 13872]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
R3 XIRLINK;IBM PC Camera; C:\WINDOWS\system32\DRIVERS\C-itnt.sys [2000-10-31 503768]
R4 catchme;catchme; \??\C:\DOCUME~1\KLAWIT~1\LOCALS~1\Temp\catchme.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-23 953168]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-10-09 300544]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0287471239964784mcinstcleanup;McAfee Application Installer Cleanup (0287471239964784); C:\WINDOWS\TEMP\028747~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 gupdate1c96a9ed60a749a;Google Update Service (gupdate1c96a9ed60a749a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-04 401408]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


COMBOFIX LOG
ComboFix 09-04-23.A3 - Klawitter 04/23/2009 10:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.251 [GMT -4:00]
Running from: c:\documents and settings\Klawitter\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Klawitter\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.

2009-04-23 14:26 . 2009-04-23 14:26 -------- dc----w C:\rsit
2009-04-23 13:22 . 2009-04-23 13:02 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-23 13:02 . 2009-04-23 13:01 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-23 12:46 . 2009-04-23 12:46 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 11:27 . 2009-04-23 11:27 15000 ----a-w c:\windows\system32\sf87wuijndoio43j.dll
2009-04-19 02:21 . 2009-04-19 02:21 -------- d-----w c:\windows\Crack Installer
2009-04-16 22:12 . 2009-04-16 22:12 -------- d-sh--w c:\windows\ftpcache
2009-04-15 19:58 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:58 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:58 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:58 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 19:58 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:58 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:58 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:58 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:58 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:58 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 19:58 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-11 04:59 . 2009-04-11 04:59 -------- d-----w c:\documents and settings\Klawitter\Local Settings\Application Data\Ares
2009-04-10 03:21 . 2009-04-10 04:04 22 ----a-w c:\windows\popcinfot.dat
2009-04-10 03:21 . 2009-04-10 03:21 0 ----a-w c:\windows\popcreg.dat
2009-04-08 07:01 . 2009-04-16 07:05 1374 ----a-w c:\windows\imsins.BAK
2009-04-08 05:55 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-07 13:47 . 2009-04-19 02:26 -------- d-----w c:\documents and settings\Klawitter\Application Data\uniblue
2009-04-07 13:15 . 2009-04-07 15:06 187816 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-07 13:10 . 2009-04-07 13:10 -------- d-----w c:\windows\system32\XPSViewer
2009-04-07 13:06 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-07 13:06 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-07 13:06 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-07 13:06 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-07 13:06 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-07 13:06 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-07 13:06 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-07 13:06 . 2009-04-07 13:08 -------- dc----w C:\6fb5180571826aca02f0be7ff0b7b264
2009-04-07 13:04 . 2009-04-07 13:38 -------- d-----w c:\windows\SxsCaPendDel
2009-04-07 12:37 . 2009-04-07 12:37 -------- dc-h--r C:\AHCache
2009-03-29 19:14 . 2009-04-14 19:01 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-29 19:14 . 2009-03-29 19:14 1409 ----a-w c:\windows\QTFont.for
2009-03-29 01:51 . 2009-03-29 01:51 -------- d-----w c:\documents and settings\Klawitter\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 14:50 . 2009-03-12 22:00 6044 -c--a-w C:\aaw7boot.log
2009-04-23 12:45 . 2009-01-04 23:14 -------- d-----w c:\program files\Lavasoft
2009-04-23 12:45 . 2009-01-04 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-23 11:51 . 2009-03-12 17:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 10:32 . 2008-10-19 21:13 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-23 10:25 . 2009-03-15 23:29 -------- d-----w c:\program files\SpywareBlaster
2009-04-23 10:19 . 2009-04-07 13:44 -------- d-----w c:\program files\Uniblue
2009-04-23 10:15 . 2009-04-19 02:21 -------- d-----w c:\program files\Crack Installer
2009-04-23 02:11 . 2008-12-30 16:47 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-22 03:32 . 2008-10-23 01:52 -------- d-----w c:\documents and settings\Klawitter\Application Data\gtk-2.0
2009-04-20 22:15 . 2008-10-19 16:33 -------- d-----w c:\documents and settings\Klawitter\Application Data\LimeWire
2009-04-20 14:52 . 2008-12-24 23:57 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-20 14:46 . 2008-12-24 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 01:59 . 2008-10-07 23:16 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-19 01:22 . 2009-04-19 01:22 -------- d-----w c:\program files\GIMP-2.0
2009-04-18 20:09 . 2009-03-30 13:40 -------- d-----w c:\program files\SpongeBob Atlantis SquareOff
2009-04-17 10:39 . 2008-12-19 02:54 -------- d-----w c:\program files\McAfee
2009-04-14 18:52 . 2009-03-15 22:39 -------- d-----w c:\program files\Panda Security
2009-04-07 13:43 . 2008-10-01 13:54 91088 ----a-w c:\documents and settings\Klawitter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 13:10 . 2009-04-07 13:10 -------- d-----w c:\program files\MSBuild
2009-04-07 13:09 . 2009-04-07 13:09 -------- d-----w c:\program files\Reference Assemblies
2009-04-06 19:32 . 2009-03-12 17:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-03-12 17:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-30 17:53 . 2008-10-19 20:52 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-30 13:41 . 2009-03-30 13:40 -------- d-----w c:\program files\Romopolis
2009-03-30 13:38 . 2009-03-30 13:37 -------- d-----w c:\program files\Candy Land - Dora the Explorer Edition
2009-03-30 13:28 . 2008-10-19 20:54 -------- d-----w c:\program files\bfgclient
2009-03-27 17:48 . 2009-03-15 22:58 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 18:04 . 2009-03-24 17:57 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-17 22:56 . 2009-03-17 22:56 -------- d-----w c:\documents and settings\Klawitter\Application Data\Canneverbe_Limited
2009-03-17 22:55 . 2009-03-17 22:55 -------- d-----w c:\program files\CDBurnerXP
2009-03-17 22:53 . 2009-03-17 22:52 3195010 ----a-w c:\program files\cdbxp_setup_4.2.4.1255.exe
2009-03-17 21:28 . 2006-02-23 19:02 -------- d-----w c:\program files\Common Files\Adobe
2009-03-15 22:59 . 2009-03-15 22:59 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 22:58 . 2009-03-15 22:58 -------- d-----w c:\documents and settings\Klawitter\Application Data\SUPERAntiSpyware.com
2009-03-15 22:57 . 2009-03-15 22:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-15 22:54 . 2009-03-15 22:53 -------- d-----w c:\program files\CCleaner
2009-03-15 22:17 . 2009-03-15 22:17 -------- d-----w c:\program files\Safer Networking
2009-03-15 21:59 . 2009-03-15 21:59 -------- d-----w c:\program files\Trend Micro
2009-03-15 21:51 . 2008-11-01 15:08 -------- d-----w c:\program files\Yahoo!
2009-03-15 21:47 . 2005-06-22 12:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 17:19 . 2009-03-12 17:19 -------- d-----w c:\documents and settings\Klawitter\Application Data\Malwarebytes
2009-03-12 17:19 . 2009-03-12 17:19 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-11 18:07 . 2009-03-11 18:07 -------- dc----w c:\documents and settings\All Users\Application Data\{3E116893-315F-4BF1-8748-007007CF5940}
2009-03-11 14:00 . 2008-12-19 02:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-11 13:59 . 2005-08-08 05:25 -------- d-----w c:\program files\Java
2009-03-06 14:22 . 2003-07-16 20:41 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2003-07-16 20:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-06-22 14:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2003-07-16 20:32 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2003-07-16 20:43 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2003-07-16 20:39 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-07-16 20:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2003-07-16 20:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2003-07-16 20:44 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2003-07-16 20:39 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-07-16 20:43 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2003-07-16 20:44 56832 ----a-w c:\windows\system32\secur32.dll
2008-10-01 13:55 . 2008-10-01 13:55 132 ----a-w c:\documents and settings\Klawitter\Local Settings\Application Data\fusioncache.dat
2008-10-05 00:50 . 2008-10-05 00:50 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-23_14.39.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-23 14:51 . 2009-04-23 14:51 16384 c:\windows\Temp\Perflib_Perfdata_320.dat
+ 2005-06-21 22:46 . 2009-04-23 14:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-21 22:46 . 2009-04-23 13:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-21 22:46 . 2009-04-23 14:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-21 22:46 . 2009-04-23 13:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-21 22:46 . 2009-04-23 14:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-06-21 22:46 . 2009-04-23 13:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-27 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-23 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-8-17 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 0287471239964784mcinstcleanup;McAfee Application Installer Cleanup (0287471239964784); [x]
R2 gupdate1c96a9ed60a749a;Google Update Service (gupdate1c96a9ed60a749a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-23 953168]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-10-31 503768]

.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:01]

2009-04-20 c:\windows\Tasks\AdAwareUpdate Weekly software update.job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:01]

2009-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-01 02:29]

2009-04-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-30 21:46]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-19 18:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-19 18:32]
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
Trusted Zone: mcafee.com\us
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Klawitter\Application Data\Mozilla\Firefox\Profiles\pr239s0p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\Klawitter\Application Data\Mozilla\Firefox\Profiles\pr239s0p.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 10:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxwfufoxwy.sys 84992 bytes executable
c:\windows\system32\ovfsthxcgplekdg.dat 29588 bytes
c:\windows\system32\ovfsthxgaqxcusv.dll 19456 bytes executable
c:\windows\system32\ovfsthxtprjlwvp.dll 61952 bytes executable
c:\windows\system32\ovfsthxvnontxox.dll 19456 bytes executable
c:\windows\system32\ovfsthxxvbuypdv.dat 43 bytes

scan completed successfully
hidden files: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxnfhwkuuf]
"imagepath"="\systemroot\system32\drivers\ovfsthxwfufoxwy.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-113007714-682003330-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1844237615-113007714-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:24,13,8b,b6,34,a0,f5,8c,c1,f7,9c,5a,e9,b9,91,98,78,f2,44,58,62,a5,97,
c2,e5,b4,8f,60,c8,de,71,77,65,85,19,a6,39,0a,d6,e0,3b,15,53,d5,74,18,9b,d4,\
"??"=hex:f3,a3,99,1b,15,8f,1a,ff,6f,b7,48,c9,59,5e,64,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-23 10:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 14:58
ComboFix2.txt 2009-04-23 14:41

Pre-Run: 95,753,113,600 bytes free
Post-Run: 95,752,564,736 bytes free

281 --- E O F --- 2009-04-16 07:05

Edited by Gaitedfarms, 23 April 2009 - 10:06 AM.


BC AdBot (Login to Remove)

 


#2 Gaitedfarms

Gaitedfarms
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 28 April 2009 - 09:19 AM

Okay, I give up, I'm going to try and find help elsewhere.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:23 PM

Posted 04 May 2009 - 12:05 AM

OK



Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible. No one is ignored here.

Thank you for understanding.


R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:23 PM

Posted 08 May 2009 - 01:01 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users