Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copy Paste /system restore/sound/search function disabled XP SP3


  • This topic is locked This topic is locked
2 replies to this topic

#1 cellmast

cellmast

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 01 June 2009 - 04:10 PM

hello all i think i have been infected by malware thats unrecognised, i have lost the control of copy paste, also drah and drop, my system restore reads "system restore is not able to protect your pc...." the sound has gone, and i have file that keeps re appearing. i also have apps i cannot install, i;e anti-malware and ad adware.

i have a hijacks log and a combofix log if someone can help please

many thanks

ComboFix 09-05-31.06 - auto 06/02/2009 22:46.3 - NTFSx86
Running from: c:\documents and settings\auto\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 19:59 . 2009-06-02 20:02 -------- d-----w- c:\documents and settings\auto\SmitfraudFix
2009-06-02 19:45 . 2009-06-02 19:45 -------- d-----w- c:\documents and settings\auto\New Folder
2009-06-02 19:44 . 2009-06-02 19:44 -------- d-----w- c:\program files\FileSearcher
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\documents and settings\auto\Application Data\Desktopicon
2009-06-02 19:43 . 2009-06-02 19:43 -------- d-----w- c:\program files\Unlocker
2009-06-02 19:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 19:38 . 2009-06-02 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 19:38 . 2009-06-02 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 19:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 17:48 . 2009-06-02 17:48 -------- dc----w- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-06-02 17:46 . 2009-06-02 17:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-02 17:41 . 2009-06-02 18:14 -------- d-----w- c:\program files\GSA Cleandrive
2009-06-02 16:59 . 2009-06-02 16:59 -------- d-----w- c:\program files\NoVirusThanks.org
2009-06-02 16:37 . 2009-06-02 16:37 -------- d-----w- c:\program files\NVT Malware Remover Tool
2009-06-02 16:17 . 2009-06-02 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 16:17 . 2009-06-02 17:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 15:56 . 2009-06-02 19:35 -------- d-sh--r- c:\windows\system32\svchost
2009-06-02 14:01 . 2009-06-02 17:46 -------- d-----w- c:\program files\Guild Wars
2009-06-02 12:57 . 2009-06-02 12:57 -------- d-----w- c:\program files\Acunetix
2009-06-02 10:44 . 2009-06-02 10:44 -------- d--h--w- c:\windows\PIF
2009-06-02 10:21 . 2009-06-02 10:21 -------- d-----w- c:\program files\Forum Poster 3
2009-06-02 10:17 . 2009-06-02 10:17 45056 ----a-r- c:\documents and settings\auto\Application Data\Microsoft\Installer\{E6FFFF5E-BF8F-48B5-8324-999C17169D70}\NewShortcut21_E6FFFF5EBF8F48B58324999C17169D70.exe
2009-06-02 10:17 . 2009-06-02 10:17 45056 ----a-r- c:\documents and settings\auto\Application Data\Microsoft\Installer\{E6FFFF5E-BF8F-48B5-8324-999C17169D70}\NewShortcut2_E6FFFF5EBF8F48B58324999C17169D70.exe
2009-06-02 10:17 . 2009-06-02 10:17 10134 ----a-r- c:\documents and settings\auto\Application Data\Microsoft\Installer\{E6FFFF5E-BF8F-48B5-8324-999C17169D70}\ARPPRODUCTICON.exe
2009-06-02 10:17 . 2009-06-02 10:17 -------- d-----w- c:\program files\Forum Post Robot
2009-06-02 09:43 . 2009-06-02 09:45 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-06-02 09:43 . 2009-06-02 09:43 -------- d-----w- c:\program files\Borland
2009-06-02 09:05 . 2009-06-02 09:05 -------- d-----w- c:\program files\PowerISO
2009-06-01 21:18 . 2009-06-01 21:18 -------- d-----w- c:\program files\Unreal3.2
2009-06-01 18:32 . 2009-06-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PeerMatrix
2009-06-01 18:32 . 2009-06-01 18:32 -------- d-----w- c:\program files\PeerMatrix
2009-06-01 09:30 . 2009-06-01 09:30 -------- d-----w- c:\documents and settings\auto\Local Settings\Application Data\Google
2009-06-01 09:30 . 2009-06-01 09:30 -------- d-----w- c:\program files\Google
2009-05-31 17:00 . 2009-05-31 17:00 -------- d-----w- c:\program files\Trend Micro
2009-05-31 09:46 . 2009-06-02 17:46 -------- d-----w- c:\documents and settings\auto\Application Data\IBP
2009-05-31 09:46 . 2009-05-31 09:46 -------- d-----w- c:\program files\IBP 10
2009-05-29 16:18 . 2009-06-02 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-05-29 16:18 . 2009-05-29 16:18 -------- d-----w- c:\program files\Siber Systems
2009-05-27 16:59 . 2009-05-27 16:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-27 16:58 . 2006-04-10 12:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-05-27 16:58 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-27 16:58 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-27 16:56 . 2006-03-03 19:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-05-27 16:56 . 2006-03-03 19:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-05-27 16:56 . 2006-03-03 19:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-05-27 16:56 . 2006-03-03 19:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-05-27 16:56 . 2006-03-03 19:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-05-27 16:56 . 2006-03-03 19:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-05-27 16:56 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-27 16:56 . 2009-05-27 16:56 -------- d-----w- c:\program files\HP
2009-05-27 16:55 . 2009-05-27 17:00 110415 ----a-w- c:\windows\hpoins11.dat
2009-05-27 16:54 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-05-27 16:54 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-05-27 16:54 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-05-27 16:54 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2009-05-27 16:54 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2009-05-27 16:54 . 2006-04-13 00:04 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2009-05-27 16:54 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2009-05-27 16:54 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2009-05-27 16:54 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2009-05-27 16:54 . 2006-05-06 03:10 6947 ----a-w- c:\windows\hpomdl11.dat
2009-05-27 15:15 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-05-27 15:15 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-27 15:13 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-27 15:13 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-24 20:13 . 2009-05-24 20:13 67040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-24 20:13 . 2009-05-24 20:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-24 20:13 . 2009-05-24 20:13 -------- d-----w- c:\program files\MSBuild
2009-05-24 20:13 . 2009-05-24 20:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-24 20:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-24 20:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-24 20:12 . 2009-05-24 20:12 -------- d-----w- C:\4964ee18a3063b3e514c
2009-05-24 20:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-24 20:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-24 20:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-24 20:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-05-24 20:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-24 20:00 . 2009-05-24 20:35 -------- d-----w- c:\documents and settings\auto\Local Settings\Application Data\Deployment
2009-05-23 15:32 . 2009-06-02 17:49 -------- d-----w- c:\program files\WinPcap
2009-05-23 15:32 . 2009-05-23 15:43 -------- d-----w- c:\program files\Cain
2009-05-23 14:58 . 2008-07-29 10:33 446464 ----a-w- c:\windows\system32\nvunrm.exe
2009-05-23 14:58 . 2008-07-07 22:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-05-23 14:57 . 2009-06-02 14:20 27744 ----a-w- c:\windows\system32\nvModes.dat
2009-05-23 14:54 . 2009-05-23 14:54 -------- d-----w- C:\NVIDIA
2009-05-23 14:54 . 2009-05-23 14:54 -------- d-----w- C:\4IN1
2009-05-23 14:53 . 2009-05-23 14:53 -------- d-----w- C:\nv_nforce_15.26_xp32
2009-05-23 14:53 . 2008-08-19 22:42 290816 ----a-w- c:\windows\system32\nvwrsth.dll
2009-05-23 14:53 . 2008-08-19 22:42 253952 ----a-w- c:\windows\system32\nvrsth.dll
2009-05-23 14:53 . 2008-08-19 22:42 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-23 14:53 . 2008-08-19 22:42 49152 ----a-w- c:\windows\system32\nvsysrot.dll
2009-05-23 14:53 . 2008-08-19 22:42 45056 ----a-w- c:\windows\system32\nvmccsrs.dll
2009-05-23 14:53 . 2008-08-19 22:42 327680 ----a-w- c:\windows\system32\nvwrsesm.dll
2009-05-23 14:53 . 2008-08-19 22:42 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-05-23 14:53 . 2008-08-19 22:42 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2009-05-23 14:53 . 2008-08-19 22:42 147456 ----a-w- c:\windows\system32\nvcolor.exe
2009-05-23 14:53 . 2008-08-19 22:42 12288 ----a-w- c:\windows\system32\nvgfx.dll
2009-05-23 14:53 . 2008-08-19 22:42 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-23 14:51 . 2005-07-14 10:14 27904 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2009-05-23 14:51 . 2009-05-23 14:51 -------- d-----w- C:\ASUS_A6T_RICOH_XP_060612
2009-05-23 14:48 . 2009-01-07 15:57 27784 ----a-w- c:\windows\system32\drivers\point32.sys
2009-05-23 14:48 . 2009-05-23 14:48 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-23 14:47 . 2009-05-23 14:47 -------- d-----w- C:\IPx86_1033_6.31.258.0
2009-05-23 14:41 . 2004-06-14 12:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-05-23 14:41 . 2009-05-23 14:41 -------- d-----w- c:\program files\Driver-Soft
2009-05-23 12:00 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-23 11:29 . 2009-05-23 11:29 -------- d-----w- c:\windows\system32\scripting
2009-05-23 11:29 . 2009-05-23 11:29 -------- d-----w- c:\windows\system32\en
2009-05-23 11:29 . 2009-05-23 11:29 -------- d-----w- c:\windows\l2schemas
2009-05-23 11:29 . 2009-05-23 11:29 -------- d-----w- c:\windows\system32\bits
2009-05-23 11:27 . 2009-05-23 11:27 -------- d-----w- c:\windows\ServicePackFiles
2009-05-21 16:27 . 2009-06-02 17:54 -------- d---a-w- C:\ARC
2009-05-21 11:41 . 2009-05-21 11:41 -------- d-s---w- c:\documents and settings\auto\UserData
2009-05-21 07:09 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-21 07:09 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-20 19:51 . 2009-04-06 21:39 1603584 ----a-w- c:\documents and settings\auto\Application Data\AvaTrader\APP#088424AE\Fx_Client.exe
2009-05-20 19:51 . 2009-05-20 19:51 -------- d-----w- c:\documents and settings\auto\Application Data\AvaTrader
2009-05-20 19:50 . 2009-05-20 19:54 -------- d-----w- c:\program files\AvaTrader
2009-05-20 19:36 . 2009-05-20 19:36 -------- d-----w- c:\windows\Sun
2009-05-20 19:35 . 2009-05-20 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 19:35 . 2009-05-20 19:35 -------- d-----w- c:\program files\Java
2009-05-20 19:35 . 2009-05-20 19:35 152576 ----a-w- c:\documents and settings\auto\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-20 15:03 . 2009-06-01 22:01 -------- d-----w- c:\program files\Windows Grep
2009-05-20 15:01 . 2009-05-20 15:01 -------- d-----w- c:\documents and settings\auto\Application Data\Foxit
2009-05-20 15:01 . 2009-05-20 15:01 -------- d-----w- c:\program files\Foxit Software
2009-05-20 14:33 . 2009-05-20 14:33 -------- d-----w- c:\documents and settings\auto\Application Data\DriveHQHOOK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 17:45 . 2009-05-19 13:31 -------- d-----w- c:\documents and settings\auto\Application Data\uTorrent
2009-06-02 16:05 . 2009-06-02 16:05 2678 ----a-w- c:\windows\java\Packages\Data\Z9ZDRVBJ.DAT
2009-06-02 16:05 . 2009-06-02 16:05 2678 ----a-w- c:\windows\java\Packages\Data\F5BTBDVF.DAT
2009-06-02 16:05 . 2009-06-02 16:05 2678 ----a-w- c:\windows\java\Packages\Data\5NNRB73X.DAT
2009-06-02 16:05 . 2009-06-02 16:05 2678 ----a-w- c:\windows\java\Packages\Data\20Q9RPFT.DAT
2009-06-01 18:34 . 2004-08-04 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-23 14:51 . 2009-05-19 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 11:30 . 2009-05-19 12:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-19 21:29 . 2009-05-19 13:00 -------- d-----w- c:\documents and settings\auto\Application Data\PcCloneEx
2009-05-19 15:25 . 2009-05-19 14:55 -------- d-----w- c:\program files\KeyScrambler
2009-05-19 14:47 . 2009-05-19 14:47 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 14:37 . 2009-05-19 14:37 -------- d-----w- c:\program files\No-IP
2009-05-19 13:31 . 2009-05-19 13:31 -------- d-----w- c:\program files\AskSearch
2009-05-19 13:31 . 2009-05-19 13:31 -------- d-----w- c:\program files\AskBarDis
2009-05-19 13:31 . 2009-05-19 13:31 -------- d-----w- c:\program files\uTorrent
2009-05-19 13:23 . 2009-05-19 13:23 -------- d-----w- c:\program files\NetWaiting
2009-05-19 13:23 . 2009-05-19 13:18 -------- d-----w- c:\program files\CONEXANT
2009-05-19 13:23 . 2009-05-19 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 13:22 . 2009-05-19 12:57 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-19 13:22 . 2009-05-19 12:57 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-19 13:17 . 2009-05-19 13:17 -------- d-----w- c:\program files\Broadcom
2009-05-19 13:17 . 2009-05-19 13:17 -------- d-----w- c:\documents and settings\auto\Application Data\InstallShield
2009-05-19 13:17 . 2009-05-19 13:17 822272 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-05-19 13:17 . 2009-05-19 13:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-19 13:02 . 2009-05-19 13:02 0 ----a-w- c:\windows\nsreg.dat
2009-05-19 13:00 . 2009-05-19 13:00 -------- d-----w- c:\program files\PCCloneEX
2009-05-19 13:00 . 2009-05-19 13:00 19572 ----a-w- c:\windows\system32\drivers\FNETDEVI.SYS
2009-05-19 12:57 . 2009-05-19 12:57 -------- d-----w- c:\program files\Avira
2009-05-19 12:57 . 2009-05-19 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-19 12:41 . 2009-05-19 12:41 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-19 12:36 . 2009-05-19 12:36 -------- d-----w- c:\program files\DIFX
2009-05-19 12:27 . 2009-05-19 12:27 -------- d-----w- c:\program files\microsoft frontpage
2009-05-19 12:24 . 2009-05-19 12:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\auto\Application Data\Desktopicon\eBayShortcuts.exe
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
.

------- Sigcheck -------

[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[-] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2009-02-20 08:30 659456 F1DBF177AA0DB2150E626595D0EFF604 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wininet.dll
[-] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\system32\wininet.dll
[-] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[-] 2009-06-01 18:34 361600 41380CF0CD7E695E12FE378C5FB1B277 c:\windows\system32\dllcache\tcpip.sys
[-] 2009-06-01 18:34 361600 41380CF0CD7E695E12FE378C5FB1B277 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
[-] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe

[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-05-29 160592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GSA Cleandrive"="c:\program files\GSA Cleandrive\Cleandrive.exe" [2009-03-06 3089408]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-19 13537280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PCCloneEX"="c:\program files\PCCloneEX\PCCloneEX.EXE" [2009-05-19 5270528]
"SEP Monitor"="c:\program files\Cryptzone SEP Client\Modules\CZ_SEP_Monitor.exe" [2009-02-12 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-19 86016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-19 1630208]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\auto\\Desktop\\DETEC\\spynet\\spynet.exe"=
"c:\\Documents and Settings\\auto\\Desktop\\DETEC\\Pain RAT Private\\Pain RAT.exe"=
"c:\\Documents and Settings\\auto\\Desktop\\Pain RAT Private\\Pain RAT Private\\Pain RAT.exe"=
"c:\\Program Files\\fec\\Super Email Spider\\XSearcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\ARC\\ARC.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\auto\\Desktop\\MultiScan_1.6.1_HackHound.org.part1(2)\\MultiScan\\Tools\\wget.exe"=
"c:\\Program Files\\PeerMatrix\\PeerMatrix.exe"=
"c:\\Documents and Settings\\auto\\Desktop\\Arabian-Attacker v1.2.0\\Arabian-Attacker v1.2.0.exe"=

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 Cryptzone_LM_Service;Cryptzone SEP Local Machine Service;c:\program files\Cryptzone SEP Client\Modules\CZ_SEP_Machine_Service.exe [2009-02-12 434176]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2009-05-19 19572]
S2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [2008-11-24 994952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-19 108289]
S2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2009-04-01 45568]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-01-18 114024]


--- Other Services/Drivers In Memory ---

*Deregistered* - AcuWVSSchedulerv6
*Deregistered* - AFD
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - Arp1394
*Deregistered* - ASKUpgrade
*Deregistered* - audstub
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - clr_optimization_v2.0.50727_32
*Deregistered* - Compbatt
*Deregistered* - Cryptzone_LM_Service
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Dnscache
*Deregistered* - DriveHQ FileManagerFun
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - FNETDEVI
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - nvatabus
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - SCDEmu
*Deregistered* - seclogon
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - ssmdrv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - wuauserv
.
.
------- Supplementary Scan -------
.
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\auto\Application Data\Mozilla\Firefox\Profiles\el3sw3l4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://scour.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - prefs.js: network.proxy.socks - 86.86.68.76
FF - prefs.js: network.proxy.socks_port - 2088
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\auto\Application Data\Mozilla\Firefox\Profiles\el3sw3l4.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 22:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FCCB8240-DCE2-E75D-AC14FD41A6B697E0}\{CCBBBFAF-D782-4243-9A223EC5C9E9D74B}\{381F6F0A-6948-72AB-150979187EC28E60}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Completion time: 2009-06-02 22:51
ComboFix-quarantined-files.txt 2009-06-02 20:51
ComboFix2.txt 2009-06-02 20:39

Pre-Run: 230,574,141,440 bytes free
Post-Run: 230,562,541,568 bytes free

465 --- E O F --- 2009-05-19 14:53

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:19, on 6/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PCCloneEX] C:\Program Files\PCCloneEX\PCCloneEX.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SEP Monitor] C:\Program Files\Cryptzone SEP Client\Modules\CZ_SEP_Monitor.exe /SILENT /NOKEEPALIVE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GSA Cleandrive] "C:\Program Files\GSA Cleandrive\Cleandrive.exe" /MIN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [GSA Cleandrive] "C:\Program Files\GSA Cleandrive\Cleandrive.exe" /MIN (User '?')
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-1606980848-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acunetix WVS Scheduler v6 (AcuWVSSchedulerv6) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Cryptzone SEP Local Machine Service (Cryptzone_LM_Service) - Cryptzone AB - C:\Program Files\Cryptzone SEP Client\Modules\CZ_SEP_Machine_Service.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

--
End of file - 8455 bytes

Edited by cellmast, 01 June 2009 - 05:24 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 12 June 2009 - 10:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:34 AM

Posted 15 June 2009 - 07:18 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users