Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacktthis log- computer acting up, freezing, programs getting disabled and refusing to start


  • This topic is locked This topic is locked
17 replies to this topic

#1 aljobes

aljobes

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 28 April 2009 - 06:22 PM

Hi I have been experiencing problems with my computer that are beyond me. I have run every program that I own from spyware etc. The virus or whatever it is has been disabling my firewall and completely shutdown my AVG anti-virus where it will no longer start. I have attempted to do system restore with no success. My computer keeps freezing as well and refusing to start programs. My internet explorer and firefox will also crash consistently. Thank you for any help you can give!!!


Here is my hijackthis file:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:19 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: C:\WINDOWS\system32\kjsdiowq8oikf.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220575528968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE2F9EC-2EE7-4CE3-97D1-00C28217F296}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS1\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS4\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: TvcLaMCTWrroMoF - {0466658C-AECC-CF26-D4D2-64D84BC93598} - (no file)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8082 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 29 April 2009 - 04:03 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 29 April 2009 - 12:10 PM

I do have Malwarebytes on my computer, when I click on the icon to run the program nothing happens.

#4 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 29 April 2009 - 12:12 PM

For the RSIT program it only provided me with one notepad file, the log. I reran it and it still came up the same way.




Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-04-29 13:07:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (10%) free of 231 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:00 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2918899684.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: C:\WINDOWS\system32\kjsdiowq8oikf.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2918899684.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220575528968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE2F9EC-2EE7-4CE3-97D1-00C28217F296}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS1\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS4\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: TvcLaMCTWrroMoF - {0466658C-AECC-CF26-D4D2-64D84BC93598} - (no file)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8610 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{7006CEDA-6A2F-40D1-8E6B-999B894764D0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2BA40A2-74F0-42BD-F434-12345A2C8953}]
C:\WINDOWS\system32\kjsdiowq8oikf.dll - C:\WINDOWS\system32\kjsdiowq8oikf.dll [2009-04-27 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Diagnostic Manager"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2918899684.exe [2009-04-29 34817]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-04-27 2329936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-03-20 217544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auslogics BoostSpeed 4]
C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe [2008-06-26 362608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-08 1783808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-15 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2006-06-15 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Desperate Housewives Registration.lnk]
C:\PROGRA~1\BUENAV~1\DESPER~1\eReg\DSN1.exe [2006-09-14 440320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
C:\PROGRA~1\SPYWAR~2\sgmain.exe [2003-08-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^YPOPs.lnk]
C:\PROGRA~1\YPOPs\YPOPs.exe [2007-09-04 1331200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2
"ose"=3
"MDM"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
TvcLaMCTWrroMoF - {0466658C-AECC-CF26-D4D2-64D84BC93598}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll [2009-04-27 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-03 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnkIbxW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4efd0857-3bc5-11dd-ad26-00c0a8b4d70f}]
shell\AutoRun\command - K:\Autorun.exe


======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-04-29 12:24:00 ----D---- C:\rsit
2009-04-29 12:13:04 ----D---- C:\Program Files\ERUNT
2009-04-28 23:33:44 ----D---- C:\Program Files\Panda Security
2009-04-28 14:01:17 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
2009-04-28 03:26:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-27 23:11:58 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-04-27 23:11:49 ----A---- C:\WINDOWS\system32\kjsdiowq8oikf.dll
2009-04-26 19:03:58 ----A---- C:\WINDOWS\tmp3972375.bat
2009-04-26 19:03:57 ----RSH---- C:\WINDOWS\system32\3971078.dll
2009-04-24 23:22:32 ----D---- C:\Program Files\Nobilis
2009-04-24 23:07:04 ----D---- C:\Program Files\MagicISO
2009-04-17 10:47:19 ----D---- C:\Program Files\Common Files\ODBC
2009-04-16 21:19:46 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-10 16:52:41 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-04-10 16:52:41 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-04-10 16:52:31 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-04-01 22:29:11 ----HDC---- C:\WINDOWS\ie8
2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-02-25 16:28:38 ----D---- C:\Program Files\Microsoft ActiveSync
2009-02-25 16:26:18 ----D---- C:\Program Files\Windows Mobile Device Handbook
2009-02-21 01:48:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Ubisoft
2009-02-21 01:47:01 ----D---- C:\Program Files\Games
2009-02-02 20:22:11 ----D---- C:\Program Files\iPod
2009-02-02 20:22:06 ----D---- C:\Program Files\iTunes
2009-02-02 20:22:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 20:18:59 ----D---- C:\Program Files\QuickTime
2009-01-31 14:31:06 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

======List of files/folders modified in the last 3 months======

2009-04-29 13:07:44 ----D---- C:\WINDOWS\Internet Logs
2009-04-29 13:06:08 ----D---- C:\Program Files\Mozilla Firefox
2009-04-29 13:03:13 ----D---- C:\WINDOWS\Prefetch
2009-04-29 13:03:08 ----D---- C:\WINDOWS\TEMP
2009-04-29 12:21:24 ----D---- C:\WINDOWS\network diagnostic
2009-04-29 12:13:30 ----D---- C:\WINDOWS\erdnt
2009-04-29 12:13:04 ----D---- C:\Program Files
2009-04-29 11:01:59 ----AD---- C:\WINDOWS
2009-04-29 10:48:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 23:36:22 ----D---- C:\WINDOWS\system32\drivers
2009-04-28 23:33:42 ----HD---- C:\WINDOWS\inf
2009-04-28 23:33:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-28 23:06:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-28 14:01:26 ----D---- C:\WINDOWS\system32
2009-04-28 14:01:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-28 14:00:17 ----SHD---- C:\WINDOWS\Installer
2009-04-28 14:00:17 ----HD---- C:\Config.Msi
2009-04-28 13:49:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-28 11:44:22 ----D---- C:\Program Files\Spyware Terminator
2009-04-28 09:17:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-04-28 03:46:09 ----RASH---- C:\boot.ini
2009-04-28 03:46:09 ----AC---- C:\WINDOWS\win.ini
2009-04-28 03:46:09 ----AC---- C:\WINDOWS\system.ini
2009-04-28 02:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-28 02:33:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-27 23:22:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-27 00:51:34 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2009-04-26 19:08:54 ----SHD---- C:\RECYCLER
2009-04-26 19:03:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-26 19:03:46 ----D---- C:\WINDOWS\system32\wbem
2009-04-26 18:43:34 ----HD---- C:\$AVG8.VAULT$
2009-04-26 18:17:58 ----D---- C:\Program Files\DVDFab 5
2009-04-26 17:45:31 ----A---- C:\rollback.ini
2009-04-26 16:03:26 ----D---- C:\Program Files\DAEMON Tools Lite
2009-04-25 03:49:38 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2009-04-24 23:32:41 ----RSD---- C:\WINDOWS\assembly
2009-04-24 23:32:41 ----D---- C:\WINDOWS\system32\DirectX
2009-04-24 14:24:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-04-22 21:31:42 ----D---- C:\Program Files\LimeWire
2009-04-18 13:05:18 ----D---- C:\Program Files\Enlight
2009-04-17 11:11:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 11:07:06 ----D---- C:\WINDOWS\AppPatch
2009-04-17 10:48:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 10:48:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-17 10:47:19 ----D---- C:\Program Files\Common Files
2009-04-10 18:33:25 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-10 17:32:48 ----D---- C:\Program Files\Electronic Arts
2009-04-10 17:19:00 ----D---- C:\Program Files\Virtual Villagers The Secret City
2009-04-10 17:15:31 ----D---- C:\Program Files\Kudos 2
2009-04-10 16:52:55 ----D---- C:\Program Files\DivX
2009-04-10 16:52:52 ----D---- C:\Program Files\Common Files\Vbox
2009-04-10 16:52:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-10 16:52:51 ----D---- C:\Program Files\Common Files\Real
2009-04-10 16:52:32 ----D---- C:\Program Files\Apple Software Update
2009-04-10 16:51:27 ----D---- C:\WINDOWS\WinSxS
2009-04-06 11:50:19 ----D---- C:\WINDOWS\Debug
2009-04-06 07:57:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-04-01 22:34:03 ----D---- C:\WINDOWS\system32\en-US
2009-04-01 22:34:02 ----D---- C:\WINDOWS\Media
2009-04-01 22:34:02 ----D---- C:\WINDOWS\Help
2009-04-01 22:34:02 ----D---- C:\Program Files\Internet Explorer
2009-04-01 22:32:46 ----D---- C:\WINDOWS\ie8updates
2009-03-31 19:20:50 ----A---- C:\WINDOWS\zllsputility.exe
2009-03-31 19:20:42 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-03-31 19:20:38 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-03-31 19:20:36 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-03-31 19:20:36 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-03-31 19:20:36 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-03-31 19:20:36 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-03-31 19:20:34 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-03-31 19:20:34 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-12 01:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-12 01:56:35 ----D---- C:\Program Files\Common Files\Adobe
2009-03-09 13:48:55 ----AC---- C:\WINDOWS\system32\lsdelete.exe
2009-03-08 14:22:46 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:21:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 02:44:21 ----SD---- C:\WINDOWS\Tasks
2009-02-26 19:57:08 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 19:57:06 ----D---- C:\WINDOWS\system32\Macromed
2009-02-25 16:31:34 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-02-25 16:28:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-25 02:18:02 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-25 00:34:08 ----D---- C:\WINDOWS\system32\Adobe
2009-02-25 00:32:28 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2009-02-09 08:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-06 07:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 07:06:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 06:32:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 15:59:07 ----A---- C:\WINDOWS\system32\secur32.dll
2009-02-02 20:22:09 ----D---- C:\Program Files\Common Files\Apple
2009-02-01 01:43:36 ----AD---- C:\WINDOWS\system32\pcintro
2009-01-31 14:30:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-03-31 353672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-15 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-12-31 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-07 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-06-10 21760]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S1 prodrv05;StarForce Protection Environment Driver v5; C:\WINDOWS\System32\drivers\prodrv05.sys [2002-12-26 53568]
S3 a1u9kwld;a1u9kwld; C:\WINDOWS\system32\drivers\a1u9kwld.sys []
S3 aq29io90;aq29io90; C:\WINDOWS\system32\drivers\aq29io90.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-09 951632]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-08 570880]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 lendywypmqbv;lendywypmqbv; C:\WINDOWS\system32\drivers\lendywypmqbv.sys []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 tbbfeyaubdne;tbbfeyaubdne; C:\WINDOWS\system32\drivers\tbbfeyaubdne.sys []
S3 uxkuskgkvkbp;uxkuskgkvkbp; C:\WINDOWS\system32\drivers\uxkuskgkvkbp.sys []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 17408]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-06-15 1119888]

-----------------EOF-----------------

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 29 April 2009 - 12:58 PM

If you run GMER, just complete it and post the log here.. Then do below...



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 29 April 2009 - 05:34 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-29 18:32:10
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spbb.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spbb.sys ZwEnumerateValueKey [0xB9EC7030]

Code 89C5E778 ZwFlushInstructionCache
Code 8A5B7B46 IofCallDriver
Code 8A7D0EDE IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC521F8
Device \FileSystem\Fastfat \Fat 8A83A1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxckdqxymtasftjexmbnmyqemlwhkhhfgcb.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#7 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 29 April 2009 - 06:23 PM

ComboFix 09-04-29.01 - Compaq_Owner 04/29/2009 19:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1360 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\beep.sys
.
---- Previous Run -------
.
C:\autorun.inf
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\delself.bat
c:\documents and settings\Compaq_Owner\Application Data\inst.exe
c:\documents and settings\Compaq_Owner\Application Data\wiaserva.log
c:\recycler\S-9-4-75-100016175-100025777-100010489-7271.com
c:\windows\system32\3971078.dll
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\gxvxckdqxymtasftjexmbnmyqemlwhkhhfgcb.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxclxbehqpqfumhseppsbwqivosvqsdpoil.dll
c:\windows\system32\kjsdiowq8oikf.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\tmp.reg
c:\windows\system32\wbem\grpconv.exe
D:\Autorun.inf
d:\recycler\S-9-4-75-100016175-100025777-100010489-7271.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 23:03 . 2009-04-29 23:03 -------- d-sh--w C:\found.000
2009-04-29 16:24 . 2009-04-29 16:24 -------- d-----w C:\rsit
2009-04-29 16:13 . 2009-04-29 16:13 -------- d-----w c:\program files\ERUNT
2009-04-29 14:59 . 2009-04-29 14:59 86736 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 03:33 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-29 03:33 . 2009-04-29 03:33 -------- d-----w c:\program files\Panda Security
2009-04-28 18:46 . 2009-04-28 22:58 -------- d-----w c:\documents and settings\Compaq_Owner\.housecall6.6
2009-04-28 18:01 . 2009-04-28 18:01 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AVGTOOLBAR
2009-04-28 13:16 . 2009-04-28 13:44 -------- d-----w c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-04-28 13:14 . 2009-04-28 13:14 -------- d-----w c:\documents and settings\Administrator\Application Data\MailFrontier
2009-04-28 07:35 . 2009-04-28 07:35 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-28 07:33 . 2009-04-28 07:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-28 07:29 . 2009-04-28 07:29 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-28 03:06 . 2009-04-28 03:06 28 ----a-w c:\documents and settings\Compaq_Owner\PROFILE.DAT
2009-04-28 03:06 . 2009-04-28 03:06 29 ----a-w c:\documents and settings\Compaq_Owner\VCONFIG.DAT
2009-04-28 03:06 . 2009-04-28 03:06 2741 ----a-w c:\documents and settings\Compaq_Owner\CONFIG.DAT
2009-04-26 23:03 . 2009-04-26 23:03 245 ----a-w c:\windows\tmp3972375.bat
2009-04-26 23:03 . 2009-04-26 23:03 33280 ---h--w c:\documents and settings\Compaq_Owner\nybegt.exe
2009-04-25 03:22 . 2009-04-25 03:22 -------- d-----w c:\program files\Nobilis
2009-04-25 03:07 . 2009-04-25 03:07 -------- d-----w c:\program files\MagicISO
2009-04-17 01:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-11 23:36 . 2009-04-11 23:36 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-02 11:22 . 2009-04-02 11:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-02 02:37 . 2009-04-02 02:37 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-02 02:29 . 2009-04-02 02:31 -------- dc-h--w c:\windows\ie8
2009-04-02 02:25 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 23:13 . 2008-11-13 05:00 390500 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 23:13 . 2008-11-13 05:00 34187808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-29 22:36 . 2007-06-09 04:50 -------- d-----w c:\program files\Lavasoft
2009-04-28 18:46 . 2007-12-15 06:59 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 15:44 . 2008-03-13 06:29 -------- d-----w c:\program files\Spyware Terminator
2009-04-28 03:22 . 2006-06-15 15:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 03:08 . 2009-04-28 03:09 284672 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2009-04-28 00:04 . 2007-03-12 20:51 4212 -c-ha-w c:\windows\system32\zllictbl.dat
2009-04-27 06:00 . 2009-04-28 00:02 2926080 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2009-04-26 22:17 . 2008-09-28 04:05 -------- d-----w c:\program files\DVDFab 5
2009-04-26 20:03 . 2008-08-29 05:57 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-24 06:08 . 2009-04-24 18:17 2914304 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2009-04-23 01:31 . 2008-09-08 03:31 -------- d-----w c:\program files\LimeWire
2009-04-22 00:45 . 2009-04-22 02:08 2696192 ----a-w c:\windows\Internet Logs\xDB4A.tmp
2009-04-22 00:45 . 2009-04-22 02:08 3169792 ----a-w c:\windows\Internet Logs\xDB49.tmp
2009-04-19 05:39 . 2007-07-18 16:32 13609424 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-18 17:05 . 2007-12-21 00:46 -------- d-----w c:\program files\Enlight
2009-04-10 21:32 . 2007-02-18 03:56 -------- d-----w c:\program files\Electronic Arts
2009-04-10 21:19 . 2008-06-08 21:44 -------- d-----w c:\program files\Virtual Villagers The Secret City
2009-04-10 21:15 . 2008-12-07 06:17 -------- d-----w c:\program files\Kudos 2
2009-04-10 20:52 . 2007-12-07 22:26 -------- d-----w c:\program files\DivX
2009-04-10 20:52 . 2006-09-03 02:25 -------- d-----w c:\program files\Common Files\Vbox
2009-04-10 20:52 . 2006-06-15 15:39 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 20:52 . 2006-06-15 15:10 -------- d-----w c:\program files\Common Files\Real
2009-04-10 20:52 . 2007-06-21 04:28 -------- d-----w c:\program files\Apple Software Update
2009-04-07 00:33 . 2009-04-10 19:38 923136 ----a-w c:\windows\Internet Logs\xDB48.tmp
2009-04-05 04:34 . 2009-04-05 16:34 61440 ----a-w c:\windows\Internet Logs\xDB47.tmp
2009-04-03 21:43 . 2009-04-04 17:12 150528 ----a-w c:\windows\Internet Logs\xDB46.tmp
2009-04-01 03:00 . 2009-04-01 03:01 69120 ----a-w c:\windows\Internet Logs\xDB45.tmp
2009-03-31 23:20 . 2008-11-12 06:41 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 23:20 . 2008-11-24 06:18 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-03-30 06:26 . 2009-03-30 17:29 144896 ----a-w c:\windows\Internet Logs\xDB44.tmp
2009-03-26 08:19 . 2009-03-26 20:38 2524160 ----a-w c:\windows\Internet Logs\xDB43.tmp
2009-03-24 04:26 . 2009-03-24 13:03 92672 ----a-w c:\windows\Internet Logs\xDB42.tmp
2009-03-20 06:17 . 2009-03-20 17:22 74240 ----a-w c:\windows\Internet Logs\xDB41.tmp
2009-03-18 05:43 . 2009-03-18 13:39 171008 ----a-w c:\windows\Internet Logs\xDB40.tmp
2009-03-15 05:30 . 2009-03-15 18:13 41984 ----a-w c:\windows\Internet Logs\xDB3F.tmp
2009-03-14 05:04 . 2009-03-15 03:31 73728 ----a-w c:\windows\Internet Logs\xDB3E.tmp
2009-03-12 06:30 . 2009-03-13 00:29 49152 ----a-w c:\windows\Internet Logs\xDB3D.tmp
2009-03-12 05:56 . 2006-06-15 15:18 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 09:17 . 2009-03-12 03:54 171520 ----a-w c:\windows\Internet Logs\xDB3C.tmp
2009-03-10 07:09 . 2009-03-10 15:11 1074688 ----a-w c:\windows\Internet Logs\xDB3B.tmp
2009-03-08 08:34 . 2004-08-04 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 04:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 04:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 06:47 . 2009-03-08 17:14 37376 ----a-w c:\windows\Internet Logs\xDB3A.tmp
2009-03-08 05:05 . 2009-03-08 05:23 2491392 ----a-w c:\windows\Internet Logs\xDB39.tmp
2009-03-08 05:05 . 2009-03-08 05:23 49152 ----a-w c:\windows\Internet Logs\xDB38.tmp
2009-03-07 07:33 . 2009-03-07 23:24 44032 ----a-w c:\windows\Internet Logs\xDB37.tmp
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:29 . 2009-03-06 16:11 77312 ----a-w c:\windows\Internet Logs\xDB36.tmp
2009-03-05 09:47 . 2009-03-05 22:13 103424 ----a-w c:\windows\Internet Logs\xDB35.tmp
2009-03-04 08:58 . 2009-03-04 19:26 68608 ----a-w c:\windows\Internet Logs\xDB34.tmp
2009-03-03 06:36 . 2009-03-03 06:38 47104 ----a-w c:\windows\Internet Logs\xDB33.tmp
2009-03-02 07:00 . 2009-03-02 19:24 173056 ----a-w c:\windows\Internet Logs\xDB32.tmp
2009-02-25 04:26 . 2009-02-25 04:27 50688 ----a-w c:\windows\Internet Logs\xDB31.tmp
2009-02-24 04:19 . 2009-02-24 21:13 89600 ----a-w c:\windows\Internet Logs\xDB2F.tmp
2009-02-24 04:19 . 2009-02-24 21:13 2434560 ----a-w c:\windows\Internet Logs\xDB30.tmp
2009-02-22 06:25 . 2009-02-22 17:22 40960 ----a-w c:\windows\Internet Logs\xDB2E.tmp
2009-02-21 06:30 . 2009-02-22 04:25 164864 ----a-w c:\windows\Internet Logs\xDB2D.tmp
2009-02-17 06:57 . 2009-02-18 02:10 45568 ----a-w c:\windows\Internet Logs\xDB2C.tmp
2009-02-16 06:06 . 2009-02-16 16:00 41984 ----a-w c:\windows\Internet Logs\xDB2B.tmp
2009-02-15 06:05 . 2009-02-15 16:57 86528 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-02-12 05:49 . 2009-02-12 21:43 78848 -c--a-w c:\windows\Internet Logs\xDB29.tmp
2009-02-11 00:17 . 2009-02-11 00:18 50688 -c--a-w c:\windows\Internet Logs\xDB28.tmp
2009-02-10 03:41 . 2009-02-10 16:02 174592 -c--a-w c:\windows\Internet Logs\xDB27.tmp
2009-02-09 12:10 . 2004-08-04 04:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 04:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 04:00 113152 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 04:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 04:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 04:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-04 08:04 . 2009-02-05 04:25 44032 -c--a-w c:\windows\Internet Logs\xDB26.tmp
2009-02-03 19:59 . 2004-08-04 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 06:41 . 2009-02-03 20:51 74752 -c--a-w c:\windows\Internet Logs\xDB25.tmp
2009-02-02 06:30 . 2009-02-02 17:19 39936 -c--a-w c:\windows\Internet Logs\xDB24.tmp
2009-02-01 06:06 . 2009-02-02 04:17 515072 -c--a-w c:\windows\Internet Logs\xDB23.tmp
2007-02-14 08:17 . 2007-02-14 07:19 80 -csh--r c:\windows\system32\00CBC7D357.dll
.

------- Sigcheck -------

[7] 2004-08-04 04:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 17408 8C1A9F5D5CB867824E93ADC01A549073 c:\windows\system32\svchost.exe

[7] 2004-08-04 04:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 512000 AEFE85BCF8A1A3D964FFA500DB1A026D c:\windows\system32\winlogon.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 04:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 11:11 113152 5C2E3FF346C47080D1C11D645B07A2AE c:\windows\system32\services.exe

[7] 2004-08-04 04:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 14848 EA4F20160CED9F3826EE64049517933A c:\windows\system32\lsass.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 58880 1FD791CEA6D4092A80C18E75AF88762B c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-15 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Desperate Housewives Registration.lnk]
backup=c:\windows\pss\Desperate Housewives Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^YPOPs.lnk]
backup=c:\windows\pss\YPOPs.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd; [x]
R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\System32\drivers\prodrv05.sys [2002-12-26 53568]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\System32\drivers\prohlp01.sys [2002-12-26 61728]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-05-05 141312]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-10-05 468768]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4efd0857-3bc5-11dd-ad26-00c0a8b4d70f}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{7006CEDA-6A2F-40D1-8E6B-999B894764D0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SSODL-TvcLaMCTWrroMoF-{0466658C-AECC-CF26-D4D2-64D84BC93598} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1994746749-3838552918-882369534-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,d5,de,62,19,87,6b,28,87,21,bf,12,bf,58,da,8a,81,4c,d0,ee,b7,a4,6f,
65,00,73,3a,5f,0c,89,dd,ea,c8,fa,56,03,75,f5,27,cd,f3,c3,c3,19,be,e9,7d,b9,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-1994746749-3838552918-882369534-1009\Software\SecuROM\License information*]
"datasecu"=hex:34,97,03,7b,04,d3,cd,bc,83,34,4b,63,dc,ae,0a,48,aa,f0,2a,1b,d1,
23,82,d7,b7,29,96,8c,4b,74,8d,2b,f8,ba,e3,4d,9b,71,68,36,ba,45,f4,b6,70,68,\
"rkeysecu"=hex:3e,25,11,5a,85,60,6a,6b,3f,ad,53,7b,e9,62,5b,31
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-29 19:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 23:21

Pre-Run: 23,494,819,840 bytes free
Post-Run: 23,344,820,224 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=,1,2,3,4
336 --- E O F --- 2009-04-17 14:49

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 30 April 2009 - 04:45 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\services.exe | c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\lsass.exe | c:\windows\system32\lsass.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe | c:\windows\system32\spoolsv.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe | c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe | c:\windows\$NtServicePackUninstall$\spoolsv.exe

File::
c:\windows\tmp3972375.bat
c:\windows\system32\00CBC7D357.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4efd0857-3bc5-11dd-ad26-00c0a8b4d70f}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 30 April 2009 - 07:38 PM

ComboFix 09-04-30.05 - Compaq_Owner 04/30/2009 20:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1592 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

FILE ::
c:\windows\system32\00CBC7D357.dll
c:\windows\tmp3972375.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\00CBC7D357.dll
c:\windows\tmp3972375.bat

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\services.exe --> c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\system32\lsass.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\system32\spoolsv.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 05:38 . 2009-04-30 05:38 -------- d-sh--w c:\documents and settings\Default User\IETldCache
2009-04-29 23:03 . 2009-04-29 23:03 -------- d-sh--w C:\found.000
2009-04-29 16:24 . 2009-04-29 16:24 -------- d-----w C:\rsit
2009-04-29 16:13 . 2009-04-29 16:13 -------- d-----w c:\program files\ERUNT
2009-04-29 14:59 . 2009-04-29 14:59 86736 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 03:33 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-29 03:33 . 2009-04-29 03:33 -------- d-----w c:\program files\Panda Security
2009-04-28 18:46 . 2009-04-28 22:58 -------- d-----w c:\documents and settings\Compaq_Owner\.housecall6.6
2009-04-28 18:01 . 2009-04-28 18:01 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AVGTOOLBAR
2009-04-28 13:16 . 2009-04-28 13:44 -------- d-----w c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-04-28 13:14 . 2009-04-28 13:14 -------- d-----w c:\documents and settings\Administrator\Application Data\MailFrontier
2009-04-28 07:35 . 2009-04-28 07:35 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-28 07:33 . 2009-04-28 07:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-28 07:29 . 2009-04-28 07:29 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-28 03:06 . 2009-04-28 03:06 28 ----a-w c:\documents and settings\Compaq_Owner\PROFILE.DAT
2009-04-28 03:06 . 2009-04-28 03:06 29 ----a-w c:\documents and settings\Compaq_Owner\VCONFIG.DAT
2009-04-28 03:06 . 2009-04-28 03:06 2741 ----a-w c:\documents and settings\Compaq_Owner\CONFIG.DAT
2009-04-26 23:03 . 2009-04-26 23:03 33280 ---h--w c:\documents and settings\Compaq_Owner\nybegt.exe
2009-04-25 03:22 . 2009-04-25 03:22 -------- d-----w c:\program files\Nobilis
2009-04-25 03:07 . 2009-04-25 03:07 -------- d-----w c:\program files\MagicISO
2009-04-17 01:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-11 23:36 . 2009-04-11 23:36 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-02 11:22 . 2009-04-02 11:22 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-02 02:37 . 2009-04-02 02:37 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-02 02:29 . 2009-04-02 02:31 -------- dc-h--w c:\windows\ie8
2009-04-02 02:25 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 00:26 . 2008-11-13 05:00 37605152 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-01 00:23 . 2008-11-13 05:00 496484 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 22:36 . 2007-06-09 04:50 -------- d-----w c:\program files\Lavasoft
2009-04-28 18:46 . 2007-12-15 06:59 102664 -c--a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-28 15:44 . 2008-03-13 06:29 -------- d-----w c:\program files\Spyware Terminator
2009-04-28 03:22 . 2006-06-15 15:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 03:08 . 2009-04-28 03:09 284672 ----a-w c:\windows\Internet Logs\xDB4D.tmp
2009-04-28 00:04 . 2007-03-12 20:51 4212 -c-ha-w c:\windows\system32\zllictbl.dat
2009-04-27 06:00 . 2009-04-28 00:02 2926080 ----a-w c:\windows\Internet Logs\xDB4C.tmp
2009-04-26 22:17 . 2008-09-28 04:05 -------- d-----w c:\program files\DVDFab 5
2009-04-26 20:03 . 2008-08-29 05:57 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-24 06:08 . 2009-04-24 18:17 2914304 ----a-w c:\windows\Internet Logs\xDB4B.tmp
2009-04-23 01:31 . 2008-09-08 03:31 -------- d-----w c:\program files\LimeWire
2009-04-22 00:45 . 2009-04-22 02:08 2696192 ----a-w c:\windows\Internet Logs\xDB4A.tmp
2009-04-22 00:45 . 2009-04-22 02:08 3169792 ----a-w c:\windows\Internet Logs\xDB49.tmp
2009-04-19 05:39 . 2007-07-18 16:32 13609424 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-18 17:05 . 2007-12-21 00:46 -------- d-----w c:\program files\Enlight
2009-04-10 21:32 . 2007-02-18 03:56 -------- d-----w c:\program files\Electronic Arts
2009-04-10 21:19 . 2008-06-08 21:44 -------- d-----w c:\program files\Virtual Villagers The Secret City
2009-04-10 21:15 . 2008-12-07 06:17 -------- d-----w c:\program files\Kudos 2
2009-04-10 20:52 . 2007-12-07 22:26 -------- d-----w c:\program files\DivX
2009-04-10 20:52 . 2006-09-03 02:25 -------- d-----w c:\program files\Common Files\Vbox
2009-04-10 20:52 . 2006-06-15 15:39 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 20:52 . 2006-06-15 15:10 -------- d-----w c:\program files\Common Files\Real
2009-04-10 20:52 . 2007-06-21 04:28 -------- d-----w c:\program files\Apple Software Update
2009-04-07 00:33 . 2009-04-10 19:38 923136 ----a-w c:\windows\Internet Logs\xDB48.tmp
2009-04-05 04:34 . 2009-04-05 16:34 61440 ----a-w c:\windows\Internet Logs\xDB47.tmp
2009-04-03 21:43 . 2009-04-04 17:12 150528 ----a-w c:\windows\Internet Logs\xDB46.tmp
2009-04-01 03:00 . 2009-04-01 03:01 69120 ----a-w c:\windows\Internet Logs\xDB45.tmp
2009-03-31 23:20 . 2008-11-12 06:41 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 23:20 . 2008-11-24 06:18 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-03-30 06:26 . 2009-03-30 17:29 144896 ----a-w c:\windows\Internet Logs\xDB44.tmp
2009-03-26 08:19 . 2009-03-26 20:38 2524160 ----a-w c:\windows\Internet Logs\xDB43.tmp
2009-03-24 04:26 . 2009-03-24 13:03 92672 ----a-w c:\windows\Internet Logs\xDB42.tmp
2009-03-20 06:17 . 2009-03-20 17:22 74240 ----a-w c:\windows\Internet Logs\xDB41.tmp
2009-03-18 05:43 . 2009-03-18 13:39 171008 ----a-w c:\windows\Internet Logs\xDB40.tmp
2009-03-15 05:30 . 2009-03-15 18:13 41984 ----a-w c:\windows\Internet Logs\xDB3F.tmp
2009-03-14 05:04 . 2009-03-15 03:31 73728 ----a-w c:\windows\Internet Logs\xDB3E.tmp
2009-03-12 06:30 . 2009-03-13 00:29 49152 ----a-w c:\windows\Internet Logs\xDB3D.tmp
2009-03-12 05:56 . 2006-06-15 15:18 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 09:17 . 2009-03-12 03:54 171520 ----a-w c:\windows\Internet Logs\xDB3C.tmp
2009-03-10 07:09 . 2009-03-10 15:11 1074688 ----a-w c:\windows\Internet Logs\xDB3B.tmp
2009-03-08 08:34 . 2004-08-04 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 04:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 04:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 06:47 . 2009-03-08 17:14 37376 ----a-w c:\windows\Internet Logs\xDB3A.tmp
2009-03-08 05:05 . 2009-03-08 05:23 2491392 ----a-w c:\windows\Internet Logs\xDB39.tmp
2009-03-08 05:05 . 2009-03-08 05:23 49152 ----a-w c:\windows\Internet Logs\xDB38.tmp
2009-03-07 07:33 . 2009-03-07 23:24 44032 ----a-w c:\windows\Internet Logs\xDB37.tmp
2009-03-06 14:22 . 2004-08-04 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:29 . 2009-03-06 16:11 77312 ----a-w c:\windows\Internet Logs\xDB36.tmp
2009-03-05 09:47 . 2009-03-05 22:13 103424 ----a-w c:\windows\Internet Logs\xDB35.tmp
2009-03-04 08:58 . 2009-03-04 19:26 68608 ----a-w c:\windows\Internet Logs\xDB34.tmp
2009-03-03 06:36 . 2009-03-03 06:38 47104 ----a-w c:\windows\Internet Logs\xDB33.tmp
2009-03-02 07:00 . 2009-03-02 19:24 173056 ----a-w c:\windows\Internet Logs\xDB32.tmp
2009-02-25 04:26 . 2009-02-25 04:27 50688 ----a-w c:\windows\Internet Logs\xDB31.tmp
2009-02-24 04:19 . 2009-02-24 21:13 89600 ----a-w c:\windows\Internet Logs\xDB2F.tmp
2009-02-24 04:19 . 2009-02-24 21:13 2434560 ----a-w c:\windows\Internet Logs\xDB30.tmp
2009-02-22 06:25 . 2009-02-22 17:22 40960 ----a-w c:\windows\Internet Logs\xDB2E.tmp
2009-02-21 06:30 . 2009-02-22 04:25 164864 ----a-w c:\windows\Internet Logs\xDB2D.tmp
2009-02-17 06:57 . 2009-02-18 02:10 45568 ----a-w c:\windows\Internet Logs\xDB2C.tmp
2009-02-16 06:06 . 2009-02-16 16:00 41984 ----a-w c:\windows\Internet Logs\xDB2B.tmp
2009-02-15 06:05 . 2009-02-15 16:57 86528 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-02-12 05:49 . 2009-02-12 21:43 78848 -c--a-w c:\windows\Internet Logs\xDB29.tmp
2009-02-11 00:17 . 2009-02-11 00:18 50688 -c--a-w c:\windows\Internet Logs\xDB28.tmp
2009-02-10 03:41 . 2009-02-10 16:02 174592 -c--a-w c:\windows\Internet Logs\xDB27.tmp
2009-02-09 12:10 . 2004-08-04 04:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 04:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:06 . 2004-08-04 04:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 04:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 04:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-04 08:04 . 2009-02-05 04:25 44032 -c--a-w c:\windows\Internet Logs\xDB26.tmp
2009-02-03 19:59 . 2004-08-04 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 06:41 . 2009-02-03 20:51 74752 -c--a-w c:\windows\Internet Logs\xDB25.tmp
2009-02-02 06:30 . 2009-02-02 17:19 39936 -c--a-w c:\windows\Internet Logs\xDB24.tmp
2009-02-01 06:06 . 2009-02-02 04:17 515072 -c--a-w c:\windows\Internet Logs\xDB23.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_23.17.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 04:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-04 04:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-04 04:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\lsass.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-06-29 01:45 . 2005-06-10 23:53 57856 c:\windows\$NtServicePackUninstall$\spoolsv.exe
+ 2008-06-29 01:45 . 2008-04-14 00:12 57856 c:\windows\$NtServicePackUninstall$\spoolsv.exe
+ 2005-06-11 00:17 . 2008-04-14 00:12 57856 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
- 2005-06-11 00:17 . 2005-06-11 00:17 57856 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2009-04-10 20:56 . 2009-05-01 00:26 530136 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2004-08-04 04:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-04 04:00 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\services.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-03-13 22:54 . 2009-04-30 22:48 6879232 c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2008-09-08 19:09 . 2009-04-30 05:40 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-08 19:09 . 2009-04-30 05:40 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-08 19:09 . 2009-04-17 14:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-10 20:53 . 2009-04-30 21:51 12016304 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-15 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Desperate Housewives Registration.lnk]
backup=c:\windows\pss\Desperate Housewives Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^YPOPs.lnk]
backup=c:\windows\pss\YPOPs.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd; [x]
R1 prodrv05;StarForce Protection Environment Driver v5;c:\windows\System32\drivers\prodrv05.sys [2002-12-26 53568]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 prohlp01;StarForce Protection Helper Driver v1;c:\windows\System32\drivers\prohlp01.sys [2002-12-26 61728]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-05-05 141312]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-10-05 468768]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-30 c:\windows\Tasks\User_Feed_Synchronization-{7006CEDA-6A2F-40D1-8E6B-999B894764D0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\shp5vtbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1994746749-3838552918-882369534-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,d5,de,62,19,87,6b,28,87,21,bf,12,bf,58,da,8a,81,4c,d0,ee,b7,a4,6f,
65,00,73,3a,5f,0c,89,dd,ea,c8,fa,56,03,75,f5,27,cd,f3,c3,c3,19,be,e9,7d,b9,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-1994746749-3838552918-882369534-1009\Software\SecuROM\License information*]
"datasecu"=hex:34,97,03,7b,04,d3,cd,bc,83,34,4b,63,dc,ae,0a,48,aa,f0,2a,1b,d1,
23,82,d7,b7,29,96,8c,4b,74,8d,2b,f8,ba,e3,4d,9b,71,68,36,ba,45,f4,b6,70,68,\
"rkeysecu"=hex:3e,25,11,5a,85,60,6a,6b,3f,ad,53,7b,e9,62,5b,31
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-01 20:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 00:31
ComboFix2.txt 2009-04-29 23:21

Pre-Run: 23,552,946,176 bytes free
Post-Run: 23,534,694,400 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=,1,2,3,4
337 --- E O F --- 2009-04-30 05:40

#10 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 30 April 2009 - 07:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:19 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/betaactivesca...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220575528968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.70,85.255.112.127
O17 - HKLM\System\CS1\Services\Tcpip\..\{1238B35C-9919-45AC-942D-194651B40005}: NameServer = 85.255.112.70,85.255.112.127
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7001 bytes

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 30 April 2009 - 11:09 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :files
    c:\windows\Internet Logs\xDB*.tmp
    
    :commands
    [purity]
    [emptytemp]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post these logs in your next reply..

1. OTMoveIt3
2. Malwarebytes'
3. ESET Online
4. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 01 May 2009 - 01:49 AM

========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB1A.tmp moved successfully.
c:\windows\Internet Logs\xDB1B.tmp moved successfully.
c:\windows\Internet Logs\xDB1C.tmp moved successfully.
c:\windows\Internet Logs\xDB1D.tmp moved successfully.
c:\windows\Internet Logs\xDB1E.tmp moved successfully.
c:\windows\Internet Logs\xDB1F.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB20.tmp moved successfully.
c:\windows\Internet Logs\xDB21.tmp moved successfully.
c:\windows\Internet Logs\xDB22.tmp moved successfully.
c:\windows\Internet Logs\xDB23.tmp moved successfully.
c:\windows\Internet Logs\xDB24.tmp moved successfully.
c:\windows\Internet Logs\xDB25.tmp moved successfully.
c:\windows\Internet Logs\xDB26.tmp moved successfully.
c:\windows\Internet Logs\xDB27.tmp moved successfully.
c:\windows\Internet Logs\xDB28.tmp moved successfully.
c:\windows\Internet Logs\xDB29.tmp moved successfully.
c:\windows\Internet Logs\xDB2A.tmp moved successfully.
c:\windows\Internet Logs\xDB2B.tmp moved successfully.
c:\windows\Internet Logs\xDB2C.tmp moved successfully.
c:\windows\Internet Logs\xDB2D.tmp moved successfully.
c:\windows\Internet Logs\xDB2E.tmp moved successfully.
c:\windows\Internet Logs\xDB2F.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB30.tmp moved successfully.
c:\windows\Internet Logs\xDB31.tmp moved successfully.
c:\windows\Internet Logs\xDB32.tmp moved successfully.
c:\windows\Internet Logs\xDB33.tmp moved successfully.
c:\windows\Internet Logs\xDB34.tmp moved successfully.
c:\windows\Internet Logs\xDB35.tmp moved successfully.
c:\windows\Internet Logs\xDB36.tmp moved successfully.
c:\windows\Internet Logs\xDB37.tmp moved successfully.
c:\windows\Internet Logs\xDB38.tmp moved successfully.
c:\windows\Internet Logs\xDB39.tmp moved successfully.
c:\windows\Internet Logs\xDB3A.tmp moved successfully.
c:\windows\Internet Logs\xDB3B.tmp moved successfully.
c:\windows\Internet Logs\xDB3C.tmp moved successfully.
c:\windows\Internet Logs\xDB3D.tmp moved successfully.
c:\windows\Internet Logs\xDB3E.tmp moved successfully.
c:\windows\Internet Logs\xDB3F.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB40.tmp moved successfully.
c:\windows\Internet Logs\xDB41.tmp moved successfully.
c:\windows\Internet Logs\xDB42.tmp moved successfully.
c:\windows\Internet Logs\xDB43.tmp moved successfully.
c:\windows\Internet Logs\xDB44.tmp moved successfully.
c:\windows\Internet Logs\xDB45.tmp moved successfully.
c:\windows\Internet Logs\xDB46.tmp moved successfully.
c:\windows\Internet Logs\xDB47.tmp moved successfully.
c:\windows\Internet Logs\xDB48.tmp moved successfully.
c:\windows\Internet Logs\xDB49.tmp moved successfully.
c:\windows\Internet Logs\xDB4A.tmp moved successfully.
c:\windows\Internet Logs\xDB4B.tmp moved successfully.
c:\windows\Internet Logs\xDB4C.tmp moved successfully.
c:\windows\Internet Logs\xDB4D.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\etilqs_1lGHN1DkNzlakWLa6Ql2 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RA.rar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R_fanobliv.rar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\[isoHunt] Virtual Families v1.00.01.rar.torrent scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF126C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ff8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0698e.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_024551

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 01 May 2009 - 03:18 AM

Waiting for Malwarebytes' and ESET Online :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 aljobes

aljobes
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 01 May 2009 - 09:59 AM

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

5/1/2009 10:58:23 AM
mbam-log-2009-05-01 (10-58-18).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|I:\|J:\|)
Objects scanned: 342156
Time elapsed: 2 hour(s), 13 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.70,85.255.112.127 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1238b35c-9919-45ac-942d-194651b40005}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.70,85.255.112.127 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cde2f9ec-2ee7-4ce3-97d1-00c28217f296}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.70,85.255.112.127 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Owner\nybegt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kjsdiowq8oikf.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP462\A0173314.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by aljobes, 01 May 2009 - 10:01 AM.


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 01 May 2009 - 10:51 AM

Ok... Now waiting for ESET Online :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users