Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing unidentified entries (malware?) and startup entries


  • This topic is locked This topic is locked
22 replies to this topic

#1 bostoco

bostoco

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 08 May 2009 - 05:52 PM

Hey, I hope I understood the directions and I'm doing this correctly. If it's wrong I apologize, I was a bit confused. Just bought a computer from a friend and it's absolutely infested with viruses and spyware. It was basically unusable, constantly freezing and taking many minutes to open and use programs. So I dl'd and ran CCleaner, AVG, malwarebytes, CWShredder, and super anti-spyware (spybot and ad-aware wouldn't work). Also deleted a bunch of obvious things off of the startup list. That got the computer working again, albeit very slowly. Ran an HJT through Help2Go and through an HJT reader and got some more stuff off, but the HJT reader found a bunch of entries that could be fixed if identified. Tried to google the entries, but it wasn't helpful. I need assistance from an expert. So, I'm posting a log in hopes someone can help. I've backed up the system and have a firewall enabled. Also, If anybody could help me finish off deleting startup entries that would be much appreciated. I would really like to eliminate every non-essential starting entry. I included an HJT log for thoroughness. Sorry if I wasn't supposed to do that. Thank you thank you thank you to anybody that can help me.


DDS Log

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126.10 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\Blair Franklin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blairf~1\applic~1\mozilla\firefox\profiles\jehzj8iw.default\
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-08 08:02 <DIR> --d----- c:\program files\AVG
2009-05-08 06:48 <DIR> --d----- c:\docume~1\blairf~1\applic~1\Malwarebytes
2009-05-08 06:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-08 06:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 06:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-08 06:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 06:43 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-08 05:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-08 05:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-08 05:18 <DIR> --d----- c:\docume~1\blairf~1\applic~1\SUPERAntiSpyware.com
2009-05-08 05:17 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-07 21:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-07 21:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-07 21:41 4 a------- c:\windows\msoffice.ini
2009-05-07 17:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-07 17:55 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-07 17:55 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-07 17:44 45,208 a------- c:\windows\system32\connwsp.dll
2009-05-07 17:43 <DIR> --d----- c:\windows\pss
2009-05-07 17:24 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-21 06:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 06:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 06:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 15:52 1,495,552 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 01:58 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-02-09 02:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 02:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 02:20 723,456 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 02:20 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 02:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 02:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 02:20 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 02:20 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 02:20 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 02:20 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 02:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 02:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 14:05:09.87 ===============



HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:23 PM, on 5/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3846 bytes

========Startup Entries=================================

Remaining startup entries:

HKLM: RUN IgfxTray
HKLM: RUN BCMSMMSG
HKLM: RUN dla
HKLM: RUN PCMService
HKLM: RUN mmtask
HKLM: RUN Update Manager
HKLM: RUN KernalFaultCheck

Attached Files


Edited by bostoco, 08 May 2009 - 05:57 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:25 PM

Posted 23 May 2009 - 09:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 25 May 2009 - 05:34 AM

The problem is slowdown. The computer is very very sluggish. It was unusable before CCleaner, AVG, Malwarebytes, CWShredder, and SuperAntiSpyware (the only programs I could get to work), but now it's just slow. I strongly suspect that there is still infestation. After I ran all of those programs, I ran an HJT log through a reading program. It said that many entries could be removed if identified. I tried to identify them through Google but I couldn't figure it out. As far as help with startup programs, I found a list and deleted the extraneous ones.

Thanks for your help. I really appreciate it.

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blairf~1\applic~1\mozilla\firefox\profiles\jehzj8iw.default\
FF - plugin: c:\documents and settings\blair franklin\application data\mozilla\firefox\profiles\jehzj8iw.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-25 01:00 <DIR> --d----- c:\program files\Defraggler
2009-05-25 00:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-25 00:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 00:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 17:04 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-11 11:29 23,392 a------- c:\windows\system32\nscompat.tlb
2009-05-11 11:29 16,832 a------- c:\windows\system32\amcompat.tlb
2009-05-11 11:14 764,868 -------- c:\windows\system32\dllcache\apph_sp.sdb
2009-05-11 11:14 217,118 -------- c:\windows\system32\dllcache\apphelp.sdb
2009-05-11 11:12 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-11 11:09 <DIR> --d----- c:\windows\system32\LogFiles
2009-05-10 14:15 <DIR> --d----- c:\program files\PokerStars
2009-05-09 18:02 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-09 18:02 9,600 a------- c:\windows\system32\dllcache\hidusb.sys
2009-05-09 18:02 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-05-09 18:02 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-05-08 18:32 <DIR> --d----- c:\program files\Full Tilt Poker
2009-05-08 14:29 <DIR> --d----- c:\program files\Cobian Backup 9
2009-05-08 08:02 <DIR> --d----- c:\program files\AVG
2009-05-08 06:48 <DIR> --d----- c:\docume~1\blairf~1\applic~1\Malwarebytes
2009-05-08 06:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 06:43 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-08 05:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-08 05:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-08 05:18 <DIR> --d----- c:\docume~1\blairf~1\applic~1\SUPERAntiSpyware.com
2009-05-07 21:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-07 21:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-07 21:41 4 a------- c:\windows\msoffice.ini
2009-05-07 17:57 <DIR> --d----- c:\program files\Trend Micro
2009-05-07 17:55 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-07 17:55 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-07 17:44 45,208 a------- c:\windows\system32\connwsp.dll
2009-05-07 17:43 <DIR> --d----- c:\windows\pss
2009-05-07 17:24 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-21 06:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 06:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 06:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 15:52 1,495,552 -------- c:\windows\system32\dllcache\shdocvw.dll

============= FINISH: 3:05:55.48 ===============

Attached Files



#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 26 May 2009 - 09:05 AM

Hello bostoco :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please post both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 May 2009 - 01:25 PM

Is there a program other than Kaspersky I can use? I've literally been downloading the update for the past four hours and it's only one third done.

*edit* n/m, looked around the net, I guess that slowness is normal. I thought it was a problem on my end. I'm going to sleep now anyway. I'll have everything done sometime tomorrow (wed). Thanks for the help btw.

Edited by bostoco, 26 May 2009 - 01:35 PM.


#6 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 May 2009 - 09:48 PM

Ok, the update did finish, but the scan has frozen three times on me. I think I am going to have to use a different program. What do I do?

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 26 May 2009 - 10:12 PM

Try this, if it won't work then get me the RSIT log if you can and we will go from there.



Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 27 May 2009 - 10:22 PM

Ok, here are the two rsit logs, and I attached the BDO scan (which found and cleaned three viruses.)

===================LOG.TXT===========================

Logfile of random's system information tool 1.06 (written by random/random)
Run by Blair Franklin at 2009-05-27 20:15:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 126 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:27 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Blair Franklin\Desktop\RSIT.exe
C:\Program Files\trend micro\Blair Franklin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3791 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

=======================INFO.TXT========================

info.txt logfile of random's system information tool 1.06 2009-05-27 20:16:35

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}
Canon PhotoRecord-->MsiExec.exe /X{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Final Draft 5-->C:\WINDOWS\unvise32.exe C:\Program Files\Final Draft 5\uninstal.log
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Update 2004-04-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E6696A8C-C55A-405C-AFEB-F3880A8BAA45} /l1033
Ipswitch WS_FTP Home 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9 -removeonly
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
KODAK EASYSHARE Gallery Upload ActiveX Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}

======System event log======

Computer Name: BLAIRPC
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.

Attached Files



#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 27 May 2009 - 10:50 PM

Please post the Bit Defender scan in the window like you did the other logs. Don't post as any attachments unless we ask. The reason for this is it makes it much easier for us to work on them.

Thanks! :thumbup2:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 27 May 2009 - 11:04 PM

Tried to make it more readable, but it's still messy, sorry.

BitDefender Online Scanner

Scan report generated at: Wed, May 27, 2009 - 13:06:14

Scan path: A:\;C:\;D:\;

Statistics

Time 01:09:11

Files 138060

Folders 5126

Boot Sectors 0

Archives 8247

Packed Files 5606

Results Identified Viruses 2

Infected Files 3

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 3

Engines Info

Virus Definitions

3187344

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4

Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Infected with: Trojan.Generic.1783429

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Deleted

C:\Program Files\Windows Media Player\wmplayer.exe.tmp

Infected with: Trojan.Downloader.Agent.K

C:\Program Files\Windows Media Player\wmplayer.exe.tmp

Deleted

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1608\A0059905.exe

Infected with: Trojan.Generic.1783429

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1608\A0059905.exe

Deleted

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 28 May 2009 - 10:46 AM

There should be more to the log.txt which RSIT generated. Would you check to see if you cut part of it off when you were posting it? You can find it under C:/rsit/log.txt. This can be accessed by clicking on Start>>then right click on Explore.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 28 May 2009 - 10:56 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Blair Franklin at 2009-05-27 20:15:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 126 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:27 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Blair Franklin\Desktop\RSIT.exe
C:\Program Files\trend micro\Blair Franklin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3791 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1129702219\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129702219\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1129702219\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1129702219\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2ab7dd8-3d06-11de-ba3b-000d56667bd2}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-05-27 20:15:46 ----D---- C:\rsit
2009-05-26 21:01:19 ----D---- C:\WINDOWS\BDOSCAN8
2009-05-26 21:01:11 ----D---- C:\WINDOWS\LastGood
2009-05-26 08:37:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-25 01:00:36 ----D---- C:\Program Files\Defraggler
2009-05-25 00:11:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 17:11:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-13 17:05:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-13 17:04:47 ----D---- C:\Program Files\SpywareBlaster
2009-05-12 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-05-12 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-05-11 11:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-05-11 11:13:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-11 11:13:37 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-05-11 11:12:18 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-11 11:10:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-05-11 11:09:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-11 11:08:23 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-05-10 14:15:37 ----D---- C:\Program Files\PokerStars
2009-05-08 18:32:28 ----D---- C:\Program Files\Full Tilt Poker
2009-05-08 16:37:45 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Move Networks
2009-05-08 15:25:37 ----D---- C:\Program Files\QuickTime
2009-05-08 15:23:54 ----D---- C:\Program Files\Apple Software Update
2009-05-08 15:23:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-08 14:29:52 ----D---- C:\Program Files\Cobian Backup 9
2009-05-08 11:51:14 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Mozilla
2009-05-08 11:50:28 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 08:02:05 ----D---- C:\Program Files\AVG
2009-05-08 06:48:55 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Malwarebytes
2009-05-08 06:48:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-08 06:43:28 ----D---- C:\WINDOWS\SxsCaPendDel
2009-05-08 05:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-08 05:18:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-08 05:18:09 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\SUPERAntiSpyware.com
2009-05-08 03:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-08 03:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-08 03:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-08 03:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-08 03:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-08 03:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-08 03:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-08 03:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-08 03:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-08 03:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-08 03:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-08 03:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-08 03:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-08 03:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-08 03:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-08 03:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-08 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-08 03:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-08 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-08 03:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-05-08 03:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-08 03:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-08 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-08 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-08 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-08 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-08 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 21:51:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-07 21:51:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-07 21:41:06 ----A---- C:\WINDOWS\msoffice.ini
2009-05-07 17:57:26 ----D---- C:\Program Files\Trend Micro
2009-05-07 17:44:29 ----A---- C:\WINDOWS\system32\connwsp.dll
2009-05-07 17:43:41 ----D---- C:\WINDOWS\pss
2009-05-07 17:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-07 17:24:21 ----D---- C:\Program Files\CCleaner
2009-05-07 17:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-07 17:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-07 17:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

======List of files/folders modified in the last 1 months======

2009-05-27 20:15:52 ----D---- C:\WINDOWS\Prefetch
2009-05-27 12:30:08 ----D---- C:\Program Files\Windows Media Player
2009-05-27 11:10:07 ----D---- C:\WINDOWS
2009-05-26 21:01:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-26 21:01:19 ----HD---- C:\WINDOWS\INF
2009-05-26 21:01:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-26 20:56:43 ----D---- C:\WINDOWS\Temp
2009-05-26 20:52:32 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-05-26 20:51:27 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-26 20:48:36 ----SHD---- C:\WINDOWS\Installer
2009-05-26 20:48:26 ----D---- C:\Program Files\Java
2009-05-26 20:47:57 ----D---- C:\WINDOWS\SYSTEM32
2009-05-25 01:00:36 ----RD---- C:\Program Files
2009-05-25 00:12:00 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-13 17:41:23 ----D---- C:\Program Files\Common Files
2009-05-12 03:05:03 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-12 03:04:29 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-11 11:28:51 ----A---- C:\WINDOWS\WIN.INI
2009-05-11 11:28:31 ----D---- C:\WINDOWS\AppPatch
2009-05-11 11:24:44 ----D---- C:\WINDOWS\Help
2009-05-09 20:53:39 ----D---- C:\Program Files\MUSICMATCH
2009-05-09 20:53:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-09 20:52:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-09 20:52:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-09 20:49:40 ----D---- C:\Program Files\Dell
2009-05-08 16:34:40 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Adobe
2009-05-08 15:24:11 ----SD---- C:\WINDOWS\Tasks
2009-05-08 13:12:55 ----SD---- C:\Documents and Settings\Blair Franklin\Application Data\Microsoft
2009-05-08 11:31:48 ----D---- C:\Program Files\Google
2009-05-08 11:26:03 ----D---- C:\WINDOWS\occache
2009-05-08 08:01:46 ----D---- C:\WINDOWS\WinSxS
2009-05-08 06:43:16 ----D---- C:\WINDOWS\PCHealth
2009-05-08 03:25:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-08 03:20:09 ----AD---- C:\WINDOWS\system32\WBEM
2009-05-08 03:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-08 03:13:12 ----D---- C:\Program Files\Messenger
2009-05-08 03:05:36 ----D---- C:\WINDOWS\Registration
2009-05-08 03:02:20 ----D---- C:\Program Files\Internet Explorer
2009-05-07 21:43:05 ----D---- C:\Program Files\Common Files\AOL
2009-05-07 21:43:04 ----D---- C:\Program Files\Pure Networks
2009-05-07 21:42:01 ----D---- C:\Program Files\AOL
2009-05-07 21:42:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-07 21:39:09 ----D---- C:\Program Files\Modem Helper
2009-05-07 21:39:09 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-05-07 21:39:03 ----D---- C:\Program Files\Common Files\Real
2009-05-07 21:33:59 ----D---- C:\Program Files\IrfanView
2009-05-07 21:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2009-05-07 21:28:29 ----D---- C:\Program Files\PartyGaming
2009-05-07 21:23:07 ----D---- C:\Program Files\Real
2009-05-07 21:23:07 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Real
2009-05-07 18:43:05 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\AOL
2009-05-07 18:05:46 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-07 17:32:15 ----D---- C:\WINDOWS\Debug
2009-05-07 17:31:57 ----D---- C:\WINDOWS\Minidump
2009-05-07 16:58:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

#13 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 28 May 2009 - 12:16 PM

The first thing we need to do is get you an anti-virus up and running on your machine. It's bad enough out here when you have one, but when you don't you might as well have a sign out inviting anything that comes along to infect your system. You are also in need of a 3rd party firewall but first let's take care of the anti-virus and go from there.

Here are some free ones:


Download and install an antivirus program, and make sure that you keep it updated[/b]
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
For a free anti-virus please follow these instructions:
Click on this link: AVG
  • Underneath AVG Anti-Virus Free click on Download
  • Click on AVG 8.5 Free for Windows
  • Click on Download
  • A window will open. Click on Save File-A window will open. Click on Next
  • Click on Accept
  • Make sure standard install is checked and click Next
  • You can enter your name and click Next
  • click Finish After install is complete click OK
  • Follow prompters to update and check for viruses
Some more links to free anti-virus programs(Note. Choose only one)

Avira

Avast(Mouse over Free Software in the upper right corner)



When you have completed that open up your MalwareBytes and udate it then run a Quick Scan. Please post the results from the MBAM scan a new RSIT log. There will be only one RSIT log this time.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#14 bostoco

bostoco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 29 May 2009 - 03:28 AM

Ok, AVG up and running. Here are MBAM and RSIT logs... Thanks again for your help.

==================RSIT=======================

System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 126 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:42 AM, on 5/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Blair Franklin\Desktop\RSIT.exe
C:\Program Files\trend micro\Blair Franklin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4198 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-28 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1129702219\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129702219\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1129702219\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1129702219\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2ab7dd8-3d06-11de-ba3b-000d56667bd2}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 3 months======

2009-05-28 22:44:41 ----HD---- C:\$AVG8.VAULT$
2009-05-28 22:18:46 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-28 22:17:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-27 20:15:46 ----D---- C:\rsit
2009-05-26 21:01:19 ----D---- C:\WINDOWS\BDOSCAN8
2009-05-26 08:37:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-25 01:00:36 ----D---- C:\Program Files\Defraggler
2009-05-25 00:11:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 17:11:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-13 17:05:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-13 17:04:47 ----D---- C:\Program Files\SpywareBlaster
2009-05-12 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-05-12 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-05-11 11:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-05-11 11:13:53 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-11 11:13:37 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-05-11 11:12:18 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-11 11:10:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-05-11 11:09:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-11 11:08:23 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-05-10 14:15:37 ----D---- C:\Program Files\PokerStars
2009-05-08 18:32:28 ----D---- C:\Program Files\Full Tilt Poker
2009-05-08 16:37:45 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Move Networks
2009-05-08 15:25:37 ----D---- C:\Program Files\QuickTime
2009-05-08 15:23:54 ----D---- C:\Program Files\Apple Software Update
2009-05-08 15:23:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-08 14:29:52 ----D---- C:\Program Files\Cobian Backup 9
2009-05-08 11:51:14 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Mozilla
2009-05-08 11:50:28 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 08:02:05 ----D---- C:\Program Files\AVG
2009-05-08 06:48:55 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Malwarebytes
2009-05-08 06:48:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-08 06:43:28 ----D---- C:\WINDOWS\SxsCaPendDel
2009-05-08 05:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-08 05:18:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-08 05:18:09 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\SUPERAntiSpyware.com
2009-05-08 03:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-08 03:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-08 03:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-08 03:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-08 03:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-08 03:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-08 03:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-08 03:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-08 03:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-08 03:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-08 03:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-08 03:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-08 03:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-08 03:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-08 03:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-08 03:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-08 03:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-08 03:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-08 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-08 03:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-05-08 03:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-08 03:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-08 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-08 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-08 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-08 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-08 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-07 21:51:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-07 21:51:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-07 21:41:06 ----A---- C:\WINDOWS\msoffice.ini
2009-05-07 17:57:26 ----D---- C:\Program Files\Trend Micro
2009-05-07 17:44:29 ----A---- C:\WINDOWS\system32\connwsp.dll
2009-05-07 17:43:41 ----D---- C:\WINDOWS\pss
2009-05-07 17:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-07 17:24:21 ----D---- C:\Program Files\CCleaner
2009-05-07 17:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-07 17:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-07 17:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

======List of files/folders modified in the last 3 months======

2009-05-29 00:52:50 ----D---- C:\WINDOWS
2009-05-29 00:52:49 ----D---- C:\WINDOWS\Temp
2009-05-29 00:51:15 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-05-29 00:51:01 ----D---- C:\WINDOWS\Prefetch
2009-05-29 00:46:07 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-28 22:18:46 ----D---- C:\WINDOWS\SYSTEM32
2009-05-28 22:18:45 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-28 22:17:18 ----SHD---- C:\WINDOWS\Installer
2009-05-28 22:15:24 ----SD---- C:\Documents and Settings\Blair Franklin\Application Data\Microsoft
2009-05-27 12:30:08 ----D---- C:\Program Files\Windows Media Player
2009-05-26 21:01:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-26 21:01:19 ----HD---- C:\WINDOWS\INF
2009-05-26 21:01:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-26 20:48:26 ----D---- C:\Program Files\Java
2009-05-25 01:00:36 ----RD---- C:\Program Files
2009-05-13 17:41:23 ----D---- C:\Program Files\Common Files
2009-05-12 03:05:03 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-12 03:04:29 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-11 11:28:51 ----A---- C:\WINDOWS\WIN.INI
2009-05-11 11:28:31 ----D---- C:\WINDOWS\AppPatch
2009-05-11 11:24:44 ----D---- C:\WINDOWS\Help
2009-05-09 20:53:39 ----D---- C:\Program Files\MUSICMATCH
2009-05-09 20:53:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-09 20:52:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-09 20:52:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-09 20:49:40 ----D---- C:\Program Files\Dell
2009-05-08 16:34:40 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Adobe
2009-05-08 15:24:11 ----SD---- C:\WINDOWS\Tasks
2009-05-08 11:31:48 ----D---- C:\Program Files\Google
2009-05-08 11:26:03 ----D---- C:\WINDOWS\occache
2009-05-08 08:01:46 ----D---- C:\WINDOWS\WinSxS
2009-05-08 06:43:16 ----D---- C:\WINDOWS\PCHealth
2009-05-08 03:25:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-08 03:20:09 ----AD---- C:\WINDOWS\system32\WBEM
2009-05-08 03:13:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-08 03:13:12 ----D---- C:\Program Files\Messenger
2009-05-08 03:05:36 ----D---- C:\WINDOWS\Registration
2009-05-08 03:02:20 ----D---- C:\Program Files\Internet Explorer
2009-05-07 21:43:05 ----D---- C:\Program Files\Common Files\AOL
2009-05-07 21:43:04 ----D---- C:\Program Files\Pure Networks
2009-05-07 21:42:01 ----D---- C:\Program Files\AOL
2009-05-07 21:42:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-07 21:39:09 ----D---- C:\Program Files\Modem Helper
2009-05-07 21:39:09 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-05-07 21:39:03 ----D---- C:\Program Files\Common Files\Real
2009-05-07 21:33:59 ----D---- C:\Program Files\IrfanView
2009-05-07 21:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2009-05-07 21:28:29 ----D---- C:\Program Files\PartyGaming
2009-05-07 21:23:07 ----D---- C:\Program Files\Real
2009-05-07 21:23:07 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\Real
2009-05-07 18:43:05 ----D---- C:\Documents and Settings\Blair Franklin\Application Data\AOL
2009-05-07 18:05:46 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-07 17:32:15 ----D---- C:\WINDOWS\Debug
2009-05-07 17:31:57 ----D---- C:\WINDOWS\Minidump
2009-05-07 16:58:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-21 06:18:57 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 06:44:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 15:52:18 ----A---- C:\WINDOWS\system32\shdocvw.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-28 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-28 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-28 298776]
R2 CobianBackupAmanita;Cobian Backup 9 service; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-07-13 115200]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-28 908568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

================MBAM===================================

Malwarebytes' Anti-Malware 1.37
Database version: 2191
Windows 5.1.2600 Service Pack 2

5/29/2009 1:24:43 AM
mbam-log-2009-05-29 (01-24-43).txt

Scan type: Quick Scan
Objects scanned: 75657
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:25 PM

Posted 29 May 2009 - 10:27 AM

How is the computer running now?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users