Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware that won't go away (Gain/Gator, MyWay)


  • This topic is locked This topic is locked
13 replies to this topic

#1 Super_Luigi

Super_Luigi

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 May 2009 - 03:06 PM

Starting back a few weeks ago, I posted a topic on a different forum on this website regarding several problems when more than one Windows account is active. It led me to making sure malware wasn't the problem, so several scans have been performed with different programs. As a result, all seems to be clear now... Except for two cases of adware: Gain/Gator and MyWay. Seems like they're coming back one way or another, so the guy that has been helping me directed me to this forum for more specialized help.

The previous topic: http://www.bleepingcomputer.com/forums/t/220288/issues-when-two-or-more-people-are-logged-on-windows-moved/

That can probably explain everything better than I am. So, in any case, this adware needs to get out of the picture ASAP, so then the bigger problem can be looked into. Once this is taken care of, if you cannot solve the problem in this particular forum, please show me where to go for help. Thanks!

DDS log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Brandon Masters at 15:33:10.67 on Wed 05/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.346 [GMT -4:00]

AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brandon Masters\Application Data\mjusbsp\magicJack.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\srchasst\mIRC\mirc.exe
C:\SL2\PokemonBot\mIRC.exe
C:\Documents and Settings\Brandon Masters\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\brandon masters\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\brando~1\startm~1\programs\startup\rainle~1.lnk - c:\program files\rainlendar\Rainlendar.exe
IE: &Search
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.housing.wayne.edu/VirtualTour/includes/qtplugin.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LMIinit - LMIinit.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brando~1\applic~1\mozilla\firefox\profiles\leb4egam.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {11F46B5B-2ADA-4E4E-A7E4-4239F4B29B33} - c:\documents and settings\brandon masters\local settings\application data\{11F46B5B-2ADA-4E4E-A7E4-4239F4B29B33}
FF - HiddenExtension: XUL Cache: {E50EFD10-2DC0-491B-9143-8B4ABFBF72AA} - c:\documents and settings\ron roston\local settings\application data\{e50efd10-2dc0-491b-9143-8b4abfbf72aa}\
FF - HiddenExtension: XUL Cache: {64EA3118-71B6-4FAC-BF90-082A40A41534} - c:\documents and settings\administrator.luigi\local settings\application data\{64EA3118-71B6-4FAC-BF90-082A40A41534}
FF - HiddenExtension: XUL Cache: {2B562726-BB99-47D7-9DEB-616267788252} - c:\documents and settings\jackie davis\local settings\application data\{2B562726-BB99-47D7-9DEB-616267788252}

============= SERVICES / DRIVERS ===============

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2006-2-23 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2006-2-23 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2006-2-23 590190]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2006-2-23 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-7-31 26787]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-31 47640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\suze orman\identity theft kit\agent\bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-19 24652]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-7-4 36224]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-5-31 12192]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectDriver.sys [2007-10-18 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectFilter.sys [2007-10-18 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectShim.sys [2007-10-18 27312]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2006-2-23 102398]
S2 CAISafe;CAISafe;c:\program files\yahoo!\antivirus\isafe.exe --> c:\program files\yahoo!\antivirus\ISafe.exe [?]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\suze orman\identity theft kit\agent\bin\SanaAgent.exe [2007-10-18 5218328]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2005-3-30 45568]
S3 getPlusŪ Helper;getPlusŪ Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-12 31592]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-05-17 01:00 --d----- c:\documents and settings\brandon masters\DoctorWeb
2009-05-15 19:45 --d----- c:\windows\ERUNT
2009-05-15 19:45 1,688 a------- c:\windows\system32\AUTOEXEC.NT
2009-05-15 19:37 --d----- C:\SDFix
2009-05-01 23:32 --d----- c:\docume~1\brando~1\applic~1\Autodesk
2009-05-01 23:21 231 a------- c:\windows\system32\3dsmax.ini
2009-05-01 23:21 43 a------- c:\windows\system32\InstallSettings.ini
2009-05-01 23:20 --d----- c:\program files\common files\Autodesk Shared
2009-05-01 22:29 --d----- C:\Autodesk3dsMax
2009-05-01 22:12 --d----- c:\program files\Autodesk
2009-05-01 22:12 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-05-01 22:12 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-05-01 22:12 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-05-01 22:12 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-05-01 22:12 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-05-01 21:33 --d----- c:\program files\Autodesk 3ds Max 2008
2009-05-01 21:32 --d----- c:\program files\Autodesk Student Community Download Tool
2009-04-22 22:55 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-22 22:55 --d----- c:\program files\SUPERAntiSpyware
2009-04-22 22:55 --d----- c:\docume~1\brando~1\applic~1\SUPERAntiSpyware.com
2009-04-22 16:49 --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-04-22 04:37 --d----- c:\docume~1\brando~1\applic~1\Malwarebytes
2009-04-22 04:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-22 04:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 04:37 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-22 04:37 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-05-18 00:49 125,922 a------- c:\windows\srchasst\mirc\uninstall.exe
2009-04-07 20:44 134,105 a------- C:\NS2.zip
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-02-20 04:30 659,456 a------- c:\windows\system32\wininet.dll
2009-02-20 04:30 81,920 -------- c:\windows\system32\ieencode.dll
2006-12-23 03:56 2,514 a------- c:\docume~1\brando~1\applic~1\SAS7_000.DAT

============= FINISH: 15:34:19.01 ===============

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:27 PM

Posted 01 June 2009 - 11:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Super_Luigi

Super_Luigi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 June 2009 - 12:08 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Brandon Masters at 1:05:33.66 on Tue 06/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.199 [GMT -4:00]

AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Brandon Masters\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\srchasst\mIRC\mirc.exe
C:\WINDOWS\system32\rundll32.exe
C:\SL2\PokemonBot\mIRC.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\FireEmblem\mIRC.exe
C:\Documents and Settings\Brandon Masters\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: bho2gr Class: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\brandon masters\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\brando~1\startm~1\programs\startup\rainle~1.lnk - c:\program files\rainlendar\Rainlendar.exe
IE: &Search
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.housing.wayne.edu/VirtualTour/includes/qtplugin.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LMIinit - LMIinit.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brando~1\applic~1\mozilla\firefox\profiles\leb4egam.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {11F46B5B-2ADA-4E4E-A7E4-4239F4B29B33} - c:\documents and settings\brandon masters\local settings\application data\{11F46B5B-2ADA-4E4E-A7E4-4239F4B29B33}
FF - HiddenExtension: XUL Cache: {E50EFD10-2DC0-491B-9143-8B4ABFBF72AA} - c:\documents and settings\ron roston\local settings\application data\{e50efd10-2dc0-491b-9143-8b4abfbf72aa}\
FF - HiddenExtension: XUL Cache: {64EA3118-71B6-4FAC-BF90-082A40A41534} - c:\documents and settings\administrator.luigi\local settings\application data\{64EA3118-71B6-4FAC-BF90-082A40A41534}
FF - HiddenExtension: XUL Cache: {2B562726-BB99-47D7-9DEB-616267788252} - c:\documents and settings\jackie davis\local settings\application data\{2B562726-BB99-47D7-9DEB-616267788252}

============= SERVICES / DRIVERS ===============

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2006-2-23 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2006-2-23 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2006-2-23 590190]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2006-2-23 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-7-31 26787]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-31 47640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\suze orman\identity theft kit\agent\bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-19 24652]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-7-4 36224]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-5-31 12192]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectDriver.sys [2007-10-18 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectFilter.sys [2007-10-18 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectShim.sys [2007-10-18 27312]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2006-2-23 102398]
S2 CAISafe;CAISafe;c:\program files\yahoo!\antivirus\isafe.exe --> c:\program files\yahoo!\antivirus\ISafe.exe [?]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\suze orman\identity theft kit\agent\bin\SanaAgent.exe [2007-10-18 5218328]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2005-3-30 45568]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-12 31592]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-05-17 01:00 <DIR> --d----- c:\documents and settings\brandon masters\DoctorWeb
2009-05-15 19:45 <DIR> --d----- c:\windows\ERUNT
2009-05-15 19:45 1,688 a------- c:\windows\system32\AUTOEXEC.NT
2009-05-15 19:37 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-05-18 00:49 125,922 a------- c:\windows\srchasst\mirc\uninstall.exe
2009-04-07 20:44 134,105 a------- C:\NS2.zip
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2006-12-23 03:56 2,514 a------- c:\docume~1\brando~1\applic~1\SAS7_000.DAT

============= FINISH: 1:06:44.20 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 03 June 2009 - 06:47 AM

Hi Super_Luigi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 03 June 2009 - 02:00 PM

Hi Super_Luigi,

Okay, I've had a good read of the other topic. We do need to use something stronger.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename in Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 Super_Luigi

Super_Luigi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 June 2009 - 02:38 PM

Hi m0le, and thanks for responding. Right now I'm just replying to acknowledge your post; I don't have time to run ComboFix at the moment. But I should be able to within 24 hours, so I'll get back with you by tomorrow at the latest.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 04 June 2009 - 04:17 PM

Thanks for the heads-up. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Super_Luigi

Super_Luigi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 05 June 2009 - 09:04 PM

OK, here it goes.

ComboFix 09-06-05.03 - Brandon Masters 06/05/2009 17:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.398 [GMT -4:00]
Running from: c:\documents and settings\Brandon Masters\Desktop\Combo-Fix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\MSN Messenger\msnmsgr.exe
c:\program files\MySpace\IM\MySpaceIM.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 01:50 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\Brandon Masters\Application Data\mjusbsp\in00000\setup.exe
2009-06-06 01:50 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\Brandon Masters\Application Data\mjusbsp\ar00000\install.exe
2009-06-06 01:50 . 2008-01-20 16:35 370104 ----a-w- c:\documents and settings\Brandon Masters\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-05-17 05:00 . 2009-05-17 11:46 -------- d-----w- c:\documents and settings\Brandon Masters\DoctorWeb
2009-05-15 23:45 . 2009-05-15 23:45 -------- d-----w- c:\windows\ERUNT
2009-05-15 23:37 . 2009-05-16 00:35 -------- d-----w- C:\SDFix
2009-05-13 04:58 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\Andrea Davis\Application Data\mjusbsp\in00000\setup.exe
2009-05-13 04:58 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\Andrea Davis\Application Data\mjusbsp\ar00000\install.exe
2009-05-13 04:58 . 2008-01-20 16:35 370104 ----a-w- c:\documents and settings\Andrea Davis\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-05-12 04:57 . 2009-05-12 19:28 117760 ----a-w- c:\documents and settings\Administrator.LUIGI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-12 04:56 . 2009-05-12 04:56 -------- d-----w- c:\documents and settings\Administrator.LUIGI\Application Data\SUPERAntiSpyware.com
2009-05-11 03:16 . 2009-05-11 03:16 -------- d-----w- c:\documents and settings\Andrea Davis\Local Settings\Application Data\LogMeIn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 01:51 . 2008-02-29 00:17 -------- d-----w- c:\documents and settings\Brandon Masters\Application Data\mjusbsp
2009-06-05 21:25 . 2004-09-07 22:50 -------- d-----w- c:\program files\MSN Messenger
2009-06-05 04:33 . 2007-04-28 03:24 -------- d-----w- c:\program files\LogMeIn
2009-05-20 17:43 . 2009-04-23 02:56 117760 ----a-w- c:\documents and settings\Brandon Masters\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-18 04:49 . 2009-05-18 04:49 125922 ----a-w- c:\windows\srchasst\mIRC\uninstall.exe
2009-05-13 04:58 . 2008-06-12 02:33 -------- d-----w- c:\documents and settings\Andrea Davis\Application Data\mjusbsp
2009-05-12 18:55 . 2009-04-23 02:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-02 03:33 . 2009-05-02 03:32 -------- d-----w- c:\documents and settings\Brandon Masters\Application Data\Autodesk
2009-05-02 03:32 . 2009-05-02 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-02 03:22 . 2009-05-02 02:12 -------- d-----w- c:\program files\Autodesk
2009-05-02 03:22 . 2009-05-02 03:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-02 01:34 . 2009-05-02 01:33 -------- d-----w- c:\program files\Autodesk 3ds Max 2008
2009-05-02 01:32 . 2009-05-02 01:32 -------- d-----w- c:\program files\Autodesk Student Community Download Tool
2009-04-29 21:02 . 2007-10-12 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-23 02:55 . 2009-04-23 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 02:55 . 2009-04-23 02:55 -------- d-----w- c:\documents and settings\Brandon Masters\Application Data\SUPERAntiSpyware.com
2009-04-23 02:54 . 2006-02-28 23:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-22 20:49 . 2009-04-22 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-04-22 17:23 . 2009-04-22 17:23 -------- d-----w- c:\documents and settings\Administrator.LUIGI\Application Data\Subversion
2009-04-22 17:15 . 2009-04-22 17:15 -------- d-----w- c:\documents and settings\Jackie Davis\Application Data\Subversion
2009-04-22 17:08 . 2009-04-22 17:08 90120 ----a-w- c:\documents and settings\Jackie Davis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 08:37 . 2009-04-22 08:37 -------- d-----w- c:\documents and settings\Brandon Masters\Application Data\Malwarebytes
2009-04-22 08:37 . 2009-04-22 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-04-22 08:37 . 2009-04-22 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-18 02:55 . 2009-04-18 02:55 -------- d-----w- c:\program files\Trend Micro
2009-04-18 01:25 . 2005-03-31 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Visual Networks
2009-04-12 17:25 . 2009-04-12 17:25 -------- d-----w- c:\documents and settings\Brandon Masters\Application Data\tnodarxx
2009-04-11 22:45 . 2005-03-31 00:20 -------- d-----w- c:\program files\BroadJump
2009-04-10 15:25 . 2009-04-10 15:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\tnodarxx
2009-04-08 01:08 . 2009-04-08 01:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-08 00:44 . 2006-09-09 01:40 134105 ----a-w- C:\NS2.zip
2009-04-06 19:32 . 2009-04-22 08:37 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-04-22 08:37 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-08-16 05:02 . 2006-07-15 18:37 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-09-15 23:26 . 2005-11-05 23:10 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_02.09.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-23 05:35 . 2005-09-23 05:35 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 43320 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 43320 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 34104 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 43320 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 43320 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 34104 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2004-09-08 00:33 . 2001-08-18 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
- 2008-01-10 22:48 . 2008-12-30 06:44 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-01-10 22:48 . 2009-06-02 01:36 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-05-31 10:05 . 2007-11-22 02:38 83288 c:\windows\system32\LMIRfsClientNP.dll
+ 2007-05-31 10:05 . 2008-10-18 04:02 83288 c:\windows\system32\LMIRfsClientNP.dll
+ 2007-04-30 20:15 . 2008-10-18 04:02 28984 c:\windows\system32\LMIport.dll
+ 2006-10-06 23:56 . 2008-10-18 04:02 10040 c:\windows\system32\LMImirr2.dll
+ 2006-10-06 23:56 . 2008-10-18 04:02 23736 c:\windows\system32\LMImirr.dll
- 2007-04-28 03:24 . 2007-11-22 02:38 87352 c:\windows\system32\LMIinit.dll
+ 2007-04-28 03:24 . 2008-10-18 04:02 87352 c:\windows\system32\LMIinit.dll
+ 2007-05-31 10:05 . 2008-10-18 04:02 47640 c:\windows\system32\drivers\LMIRfsDriver.sys
+ 2006-10-06 23:56 . 2007-04-17 18:00 10144 c:\windows\system32\drivers\LMImirr.sys
+ 2009-04-23 02:55 . 2009-04-23 02:55 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-04-23 02:55 . 2009-04-23 02:55 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-05-02 02:12 . 2007-05-16 20:45 443752 c:\windows\system32\d3dx10_34.dll
- 2007-10-13 03:46 . 2009-04-15 21:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-15 23:45 . 2009-05-15 23:45 122880 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-05-15 23:45 . 2008-08-07 19:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-05-15 23:45 . 2009-05-15 23:45 122880 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-05-15 23:45 . 2008-08-07 19:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-05-02 02:12 . 2007-05-16 20:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-05-02 02:12 . 2006-11-29 17:06 3426072 c:\windows\system32\d3dx9_32.dll
+ 2009-05-02 02:12 . 2006-09-28 20:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-05-02 02:12 . 2007-05-16 20:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2008-10-17 08:39 . 2008-10-17 08:39 2810880 c:\windows\srchasst\mIRC\mirc.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-13 03:46 . 2009-04-29 21:02 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-10-13 03:46 . 2009-04-15 21:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-05-15 23:45 . 2009-05-15 23:45 5668864 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-05-15 23:45 . 2009-05-15 23:45 5668864 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2005-04-15 32768]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"cdloader"="c:\documents and settings\Brandon Masters\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-06 50528]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-03-14 2356088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-02 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]

c:\documents and settings\Ron Roston\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\Andrea Davis\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\Brandon Masters\Start Menu\Programs\Startup\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-10-23 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-11-28 16:50 106496 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 04:02 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ron Roston^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Ron Roston\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ron Roston^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Ron Roston\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\srchasst\\mIRC\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\GoldenSun\\mirc.exe"=
"c:\\WINDOWS\\srchasst\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WinAce\\winace.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"c:\\Documents and Settings\\Andrea Davis\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Brandon Masters\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2007 6:05 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/31/2007 6:05 AM 47640]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 8:23 PM 547352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/19/2008 2:22 PM 24652]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/4/2008 5:27 PM 36224]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [5/31/2007 6:05 AM 12192]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys [10/18/2007 8:24 PM 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys [10/18/2007 8:24 PM 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys [10/18/2007 8:24 PM 27312]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 8:23 PM 5218328]
S3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [3/30/2005 10:31 PM 45568]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/12/2008 4:00 AM 31592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-15 c:\windows\Tasks\Defrag.job
- c:\windows\system32\dfrg.msc [2001-08-18 12:00]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = hxxp://yahoo.sbc.com/dsl
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brandon Masters\Application Data\Mozilla\Firefox\Profiles\leb4egam.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 21:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\Q317277.log:uveky 56320 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1972579041-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\TypeLib]
@DACL=(02 0000)
@="{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib]
@DACL=(02 0000)
@="{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib]
@DACL=(02 0000)
@="{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\MyWay\\myBar\\1.bin\\MYBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\TypeLib]
@DACL=(02 0000)
@="{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}"

[HKEY_LOCAL_MACHINE\software\Gator.com\Gator\dyn]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(2852)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\AIM6\aolsoftware.exe
c:\documents and settings\Brandon Masters\Application Data\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2009-06-06 21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 01:58
ComboFix2.txt 2009-04-18 02:16

Pre-Run: 418,541,568 bytes free
Post-Run: 643,600,384 bytes free

429 --- E O F --- 2009-04-29 21:02

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 06 June 2009 - 05:16 AM

Hi Super_Luigi,

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 Super_Luigi

Super_Luigi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 08 June 2009 - 02:08 PM

Malwarebytes' Anti-Malware 1.37
Database version: 2246
Windows 5.1.2600 Service Pack 2

6/8/2009 12:49:03 PM
mbam-log-2009-06-08 (12-49-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 254113
Time elapsed: 5 hour(s), 59 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\ascentive\performance center\APCLang.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
c:\program files\ascentive\performance center\ApcMain.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3HTML.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\A0001211.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\dbz.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\dbz____0.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3IDLE.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3MSG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3PLUGIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3SKIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\MWSOESTB.DL0.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\NPMYWEBS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\brandon masters\doctorweb\quarantine\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 08 June 2009 - 03:25 PM

Hi Super_Luigi,

Well, the MBAM log showed that most of your malware was already caught by Doctor Web and the Combofix run.

The good news is...

Your log is clean. Good stuff! :thumbup2:

Let's firstly do some housekeeping

Please reactivate your antivirus, antispyware and firewall programs.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it Super_Luigi (never quite as popular as your brother, were you :)), happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Super_Luigi

Super_Luigi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 11 June 2009 - 08:28 PM

Thanks a bunch. The main problem seems to be alleviated as well; I can now have 2 users on simultaneously again, with no problems (as of yet). However, if I find that that problem isn't completely fixed, do you have a suggestion as to which forum I'd use for follow-up?

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 13 June 2009 - 03:24 AM

You're welcome, Super_Luigi.

I suggest if you have any problems, and malware doesn't seem to be involved, then try this forum:

http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 14 June 2009 - 03:50 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users