Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried Everything


  • This topic is locked This topic is locked
9 replies to this topic

#1 BHSaint

BHSaint

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2009 - 02:53 PM

I have used HJT, Malwarebytes' Anti-Malware, adaware, avast, a-squared anti malware, spyware guard, SUPERAntiSpyware... I have removed all threats that these programs have found.
When I do a search and follow a link it redirects me, it also tried to prevent me from installing or using the malware spyware blockers (I already renamed the .exe files to get the antispyware/malware programs to work). The only way I can continue using either browser (IE 8, Firefox 3.0.10) is by disabling Java and JavaScript.

Any help would be greatly appreciated!

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:29 PM, on 6/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\helppane.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Users\R I P\Desktop\Another Random.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\Some Random Name.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Unknown owner - C:\Program Files\Memeo\AutoBackup\MemeoService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 19 June 2009 - 08:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:26 PM

Posted 23 June 2009 - 05:02 PM

Topic reopened.

@ BHSaint

Please post the current logs along with an updated description of your issues.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 BHSaint

BHSaint
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 23 June 2009 - 11:18 PM

Thank you for re-opening! Still the same issues of my search results leading to different sites than what is shown. . the only time I seem to be able to avoid the search hijacking is when the Java Script option in firefox is turned off. Occasionally my browser window crashes (even when Javascript is turned off).

Here is my DDS Log (do you need the "Attach" log as well?)



DDS (Ver_09-05-14.01) - NTFSx86
Run by R I P at 12:07:22.38 on Tue 06/23/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.928 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\R I P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\R I P\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uWindow Title =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mWindow Title =
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\r i p\appdata\roaming\microsoft\windows\start menu\programs\startup\RtHDVCpl.exe
StartupFolder: c:\users\rip~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rip~1\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
FF - component: c:\users\r i p\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\r i p\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-22 64160]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-22 04:33 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-06-10 14:36 <DIR> -cd----- c:\program files\a-squared Anti-Malware
2009-06-10 14:15 2,048 ac------ c:\windows\system32\tzres.dll
2009-06-10 14:09 97,800 ac------ c:\windows\system32\infocardapi.dll
2009-06-10 14:09 622,080 ac------ c:\windows\system32\icardagt.exe
2009-06-10 14:09 105,016 ac------ c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-10 14:09 37,384 ac------ c:\windows\system32\infocardcpl.cpl
2009-06-10 14:09 11,264 ac------ c:\windows\system32\icardres.dll
2009-06-10 14:09 43,544 ac------ c:\windows\system32\PresentationHostProxy.dll
2009-06-10 14:09 781,344 ac------ c:\windows\system32\PresentationNative_v0300.dll
2009-06-10 14:09 326,160 ac------ c:\windows\system32\PresentationHost.exe
2009-06-10 13:52 428,032 ac------ c:\windows\system32\EncDec.dll
2009-06-10 13:52 217,088 ac------ c:\windows\system32\psisrndr.ax
2009-06-10 13:52 292,352 ac------ c:\windows\system32\psisdecd.dll
2009-06-10 13:52 1,244,672 ac------ c:\windows\system32\mcmde.dll
2009-06-10 13:52 177,152 ac------ c:\windows\system32\mpg2splt.ax
2009-06-10 13:52 68,608 ac------ c:\windows\system32\Mpeg2Data.ax
2009-06-10 13:52 80,896 ac------ c:\windows\system32\MSNP.ax
2009-06-10 13:52 57,856 ac------ c:\windows\system32\MSDvbNP.ax
2009-06-10 13:22 549,888 ac------ c:\windows\system32\rpcss.dll
2009-06-10 13:22 247,296 ac------ c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-10 13:22 3,503,584 ac------ c:\windows\system32\ntkrnlpa.exe
2009-06-10 13:22 3,469,280 ac------ c:\windows\system32\ntoskrnl.exe
2009-06-10 13:22 130,560 ac------ c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-10 13:22 654,336 ac------ c:\windows\system32\printfilterpipelinesvc.exe
2009-06-10 13:22 158,720 ac------ c:\windows\system32\sdohlp.dll
2009-06-10 13:22 97,280 ac------ c:\windows\system32\iasrecst.dll
2009-06-10 13:22 53,248 ac------ c:\windows\system32\iasads.dll
2009-06-10 13:22 37,888 ac------ c:\windows\system32\iasdatastore.dll
2009-06-10 13:22 24,576 ac------ c:\windows\system32\printfilterpipelineprxy.dll
2009-06-10 13:22 788,992 ac------ c:\windows\system32\rpcrt4.dll
2009-06-10 13:20 269,824 ac------ c:\windows\system32\schannel.dll
2009-06-10 05:57 <DIR> -cd----- c:\programdata\SUPERAntiSpyware.com
2009-06-10 05:57 <DIR> -cd----- c:\progra~2\SUPERAntiSpyware.com
2009-06-10 05:48 <DIR> -cd----- c:\users\rip~1\appdata\roaming\SUPERAntiSpyware.com
2009-06-10 05:48 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-06-10 04:58 <DIR> -cd----- c:\users\rip~1\appdata\roaming\Malwarebytes
2009-06-10 04:57 40,160 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 04:57 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-06-10 04:57 <DIR> -cd----- c:\programdata\Malwarebytes
2009-06-10 04:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 04:57 <DIR> -cd----- c:\progra~2\Malwarebytes
2009-06-10 04:47 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-06-10 04:30 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 04:30 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 04:30 <DIR> -cd----- c:\programdata\Lavasoft
2009-06-10 04:30 <DIR> -cd----- c:\program files\Lavasoft
2009-06-10 04:11 0 ac------ c:\windows\system32\8104297.jun
2009-06-10 04:11 <DIR> -cd----- c:\program files\Browser Hijack Recover
2009-06-10 04:09 <DIR> -cd----- c:\program files\SpywareGuard
2009-06-10 03:36 <DIR> -cd----- c:\program files\Trend Micro
2009-06-10 02:23 76 -c--h--- c:\windows\argsys.gid
2009-06-10 01:54 <DIR> -cd----- c:\program files\Visual Tarot 8.11.25
2009-06-10 01:40 168,448 ac------ c:\windows\system32\unrar.dll
2009-06-10 01:40 <DIR> -cd----- c:\program files\K-Lite Codec Pack
2009-06-10 01:31 <DIR> -cd----- c:\program files\GPL MPEG Decoder
2009-06-09 05:54 89 ac------ c:\windows\janus4.ini
2009-06-09 05:46 387,072 ac------ c:\windows\system32\swedll32.dll
2009-06-09 05:46 192,784 ac------ c:\windows\system32\TABCTL32.OCX
2009-06-09 05:46 129,536 ac------ c:\windows\system32\bc32l60.dll
2009-06-09 05:46 227,600 ac------ c:\windows\system32\MSFLXGRD.OCX
2009-06-09 05:46 105,472 ac------ c:\windows\system32\MHOUTB32.OCX
2009-06-09 05:46 43,520 ac------ c:\windows\system32\bc32r60.dll
2009-06-09 05:46 <DIR> -cd----- c:\program files\Janus4
2009-06-04 12:45 <DIR> -cd----- c:\program files\common files\DivX Shared
2009-06-03 14:24 376,832 ac------ c:\windows\system32\winhttp.dll
2009-06-03 14:23 2,855,424 ac------ c:\windows\system32\mf.dll
2009-06-03 14:23 996,352 ac------ c:\windows\system32\WMNetMgr.dll
2009-06-03 14:23 98,816 ac------ c:\windows\system32\mfps.dll
2009-06-03 14:23 94,720 ac------ c:\windows\system32\logagent.exe
2009-06-03 14:23 52,736 ac------ c:\windows\system32\rrinstaller.exe
2009-06-03 14:23 24,576 ac------ c:\windows\system32\mfpmp.exe
2009-06-03 14:23 2,048 ac------ c:\windows\system32\mferror.dll
2009-06-02 16:18 <DIR> -cd----- c:\program files\common files\PX Storage Engine
2009-06-02 13:37 <DIR> -cd----- c:\program files\LimeWire
2009-06-02 11:19 <DIR> -cd----- c:\programdata\Google
2009-06-02 01:52 3,495,784 ac------ c:\windows\system32\d3dx9_33.dll
2009-06-02 01:18 1,233,408 ac------ c:\windows\system32\lsasrv.dll
2009-06-02 01:18 72,704 ac------ c:\windows\system32\secur32.dll
2009-06-02 01:18 14,848 ac------ c:\windows\system32\apilogen.dll
2009-06-02 01:18 7,680 ac------ c:\windows\system32\lsass.exe
2009-06-02 01:18 25,600 ac------ c:\windows\system32\amxread.dll
2009-06-02 01:16 <DIR> -cd----- c:\program files\Turbine
2009-06-01 23:58 96,760 ac------ c:\windows\system32\dfshim.dll
2009-06-01 23:57 282,112 ac------ c:\windows\system32\mscoree.dll
2009-06-01 23:57 41,984 ac------ c:\windows\system32\netfxperf.dll
2009-06-01 23:56 158,720 ac------ c:\windows\system32\mscorier.dll
2009-06-01 23:55 83,968 ac------ c:\windows\system32\mscories.dll
2009-06-01 04:45 56 ac--h--- c:\windows\system32\ezsidmv.dat
2009-06-01 04:41 <DIR> -cd----- c:\programdata\Skype
2009-05-27 12:16 18,944 ac------ c:\windows\system32\BORLNDMM.DLL

==================== Find3M ====================

2009-06-10 13:37 174 a--sh--- c:\program files\desktop.ini
2009-05-17 18:05 410,984 ac------ c:\windows\system32\deploytk.dll
2009-05-12 20:22 22,328 ac------ c:\users\rip~1\appdata\roaming\PnkBstrK.sys
2009-05-12 20:22 66,872 ac------ c:\windows\system32\PnkBstrA.exe
2009-05-06 18:05 102,664 ac------ c:\windows\system32\drivers\tmcomm.sys
2009-05-01 17:02 90,112 ac------ c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 ac------ c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 ac------ c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 ac------ c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 ac------ c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 ac------ c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 ac------ c:\windows\system32\DivX.dll
2009-04-24 12:22 827,392 ac------ c:\windows\system32\wininet.dll
2009-04-24 12:14 56,320 ac------ c:\windows\system32\iesetup.dll
2009-04-24 12:14 78,336 ac------ c:\windows\system32\ieencode.dll
2009-04-24 12:14 52,736 ac------ c:\windows\apppatch\iebrshim.dll
2009-04-24 12:11 72,704 ac------ c:\windows\system32\admparse.dll
2009-04-24 09:53 26,624 ac------ c:\windows\system32\ieUnatt.exe
2009-04-24 08:25 48,128 ac------ c:\windows\system32\mshtmler.dll
2009-04-23 08:56 696,832 ac------ c:\windows\system32\localspl.dll
2009-04-21 08:04 2,028,032 ac------ c:\windows\system32\win32k.sys
2009-04-05 00:29 1,269,760 ac---r-- c:\windows\system32\CohUpdater.tmp
2009-04-05 00:29 643,072 ac------ c:\windows\system32\CohUpdater_UI_Win.dll
2009-03-31 15:35 17,160 ac------ c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 ac------ c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-16 21:26 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-16 21:26 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 21:26 51,200 a------- c:\windows\inf\infpub.dat
2008-06-11 19:09 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 ac------ c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 ac------ c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 ac------ c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 ac------ c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 ac------ c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 ac------ c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 ac------ c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 ac------ c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:10:55.61 ===============

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 25 June 2009 - 09:47 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run GooredFix
  • Please download Goored.exe to your desktop.
  • Double click Goored.exe to run the program. If you are using Windows Vista, right click the icon and select "Run as Administrator".
  • Type 1 followed by Enter.
  • A logfile will open shortly. Post back with it in your next reply.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#6 BHSaint

BHSaint
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 29 June 2009 - 05:00 PM

The only changes that have been made to my system are those files that were deleted by ComboFix...


Here is my ComboFix Log

ComboFix 09-06-29.02 - R I P 06/29/2009 17:33.1 - NTFSx86
Running from: c:\users\R I P\Desktop\NotanotherCombo.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXosqsgtvksmtivtuvpwdetvntetjtmyst.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfljexnyrdtgowcxvwdhlliotatnhulpd.dll
c:\windows\system32\MSIVXseontnexqumvolaomtsfgltktoidonul.dll
E:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 21:47 . 2009-06-29 21:47 -------- dc----w- c:\users\R I P\AppData\Local\temp
2009-06-29 21:47 . 2009-06-29 21:47 -------- dc----w- c:\users\s a m\AppData\Local\temp
2009-06-29 01:14 . 2009-06-29 01:14 746744 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-22 08:33 . 2009-06-22 08:32 64160 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-17 15:35 . 2007-03-09 17:50 4390912 -c--a-w- c:\users\R I P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtHDVCpl.exe
2009-06-11 19:08 . 2009-06-22 02:27 -------- dc----w- c:\users\R I P\AppData\Local\Adobe
2009-06-10 18:36 . 2009-06-16 22:18 -------- dc----w- c:\program files\a-squared Anti-Malware
2009-06-10 18:15 . 2008-10-21 23:31 2048 -c--a-w- c:\windows\system32\tzres.dll
2009-06-10 18:09 . 2008-06-20 01:17 97800 -c--a-w- c:\windows\system32\infocardapi.dll
2009-06-10 18:09 . 2008-06-20 01:18 105016 -c--a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-10 18:09 . 2008-06-20 01:17 622080 -c--a-w- c:\windows\system32\icardagt.exe
2009-06-10 18:09 . 2008-06-20 01:17 11264 -c--a-w- c:\windows\system32\icardres.dll
2009-06-10 18:09 . 2008-06-20 01:18 43544 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-10 18:09 . 2008-06-20 01:18 781344 -c--a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-10 18:09 . 2008-06-20 01:18 326160 -c--a-w- c:\windows\system32\PresentationHost.exe
2009-06-10 17:52 . 2009-04-30 12:42 428032 -c--a-w- c:\windows\system32\EncDec.dll
2009-06-10 17:52 . 2009-04-30 12:52 292352 -c--a-w- c:\windows\system32\psisdecd.dll
2009-06-10 17:52 . 2009-04-30 12:44 1244672 -c--a-w- c:\windows\system32\mcmde.dll
2009-06-10 17:22 . 2009-03-03 04:19 549888 -c--a-w- c:\windows\system32\rpcss.dll
2009-06-10 17:22 . 2009-03-03 01:59 247296 -c--a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-10 17:22 . 2009-03-03 04:24 3503584 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-10 17:22 . 2009-03-03 04:24 3469280 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-06-10 17:22 . 2009-03-03 04:20 130560 -c--a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-10 17:22 . 2009-03-03 04:19 158720 -c--a-w- c:\windows\system32\sdohlp.dll
2009-06-10 17:22 . 2009-03-03 04:19 24576 -c--a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-06-10 17:22 . 2009-03-03 04:16 97280 -c--a-w- c:\windows\system32\iasrecst.dll
2009-06-10 17:22 . 2009-03-03 04:16 53248 -c--a-w- c:\windows\system32\iasads.dll
2009-06-10 17:22 . 2009-03-03 04:16 37888 -c--a-w- c:\windows\system32\iasdatastore.dll
2009-06-10 17:22 . 2009-03-03 02:40 654336 -c--a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-10 17:22 . 2009-04-23 13:01 788992 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 17:20 . 2008-11-27 04:42 269824 -c--a-w- c:\windows\system32\schannel.dll
2009-06-10 09:58 . 2009-06-10 23:23 117760 -c--a-w- c:\users\R I P\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-10 09:57 . 2009-06-10 09:57 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2009-06-10 09:48 . 2009-06-10 09:57 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-06-10 09:48 . 2009-06-10 09:48 -------- dc----w- c:\users\R I P\AppData\Roaming\SUPERAntiSpyware.com
2009-06-10 08:58 . 2009-06-10 08:58 -------- dc----w- c:\users\R I P\AppData\Roaming\Malwarebytes
2009-06-10 08:57 . 2009-05-26 17:20 40160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 08:57 . 2009-06-10 08:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 08:57 . 2009-06-10 08:57 -------- dc----w- c:\programdata\Malwarebytes
2009-06-10 08:57 . 2009-05-26 17:19 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 08:47 . 2009-03-09 19:06 15688 -c--a-w- c:\windows\system32\lsdelete.exe
2009-06-10 08:30 . 2009-06-10 08:30 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 08:30 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-10 08:30 . 2009-06-10 08:31 -------- dc----w- c:\programdata\Lavasoft
2009-06-10 08:30 . 2009-06-10 08:30 -------- dc----w- c:\program files\Lavasoft
2009-06-10 08:11 . 2009-06-10 23:59 -------- dc----w- c:\program files\Browser Hijack Recover
2009-06-10 08:09 . 2009-06-11 00:02 -------- dc----w- c:\program files\SpywareGuard
2009-06-10 07:55 . 2009-06-10 07:55 -------- dc----w- c:\users\R I P\AppData\Local\Apps
2009-06-10 07:36 . 2009-06-10 07:36 -------- dc----w- c:\program files\Trend Micro
2009-06-10 05:54 . 2009-06-10 05:54 -------- dc----w- c:\program files\Visual Tarot 8.11.25
2009-06-10 05:45 . 2009-06-10 05:48 -------- dc----w- c:\users\R I P\AppData\Roaming\Media Player Classic
2009-06-10 05:40 . 2008-09-16 19:23 168448 -c--a-w- c:\windows\system32\unrar.dll
2009-06-10 05:40 . 2009-06-10 05:42 -------- dc----w- c:\program files\K-Lite Codec Pack
2009-06-10 05:31 . 2009-06-10 05:31 -------- dc----w- c:\program files\GPL MPEG Decoder
2009-06-09 09:46 . 2003-07-10 17:41 387072 -c--a-w- c:\windows\system32\swedll32.dll
2009-06-09 09:46 . 1998-05-21 14:00 129536 -c--a-w- c:\windows\system32\bc32l60.dll
2009-06-09 09:46 . 1998-05-21 16:12 43520 -c--a-w- c:\windows\system32\bc32r60.dll
2009-06-09 09:46 . 2009-06-16 14:43 -------- dc----w- c:\program files\Janus4
2009-06-04 16:47 . 2009-06-04 18:24 -------- dc----w- c:\users\R I P\AppData\Roaming\DivX
2009-06-04 16:45 . 2009-06-04 16:45 -------- dc----w- c:\program files\Common Files\DivX Shared
2009-06-03 18:32 . 2008-12-04 05:25 120832 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 18:24 . 2008-12-08 04:34 376832 -c--a-w- c:\windows\system32\winhttp.dll
2009-06-03 18:23 . 2008-06-23 01:52 2855424 -c--a-w- c:\windows\system32\mf.dll
2009-06-03 18:23 . 2008-06-23 01:52 996352 -c--a-w- c:\windows\system32\WMNetMgr.dll
2009-06-03 18:23 . 2008-06-23 01:52 98816 -c--a-w- c:\windows\system32\mfps.dll
2009-06-03 18:23 . 2008-06-23 01:52 52736 -c--a-w- c:\windows\system32\rrinstaller.exe
2009-06-03 18:23 . 2008-06-23 01:52 94720 -c--a-w- c:\windows\system32\logagent.exe
2009-06-03 18:23 . 2008-06-23 01:52 24576 -c--a-w- c:\windows\system32\mfpmp.exe
2009-06-03 18:23 . 2008-06-22 22:34 2048 -c--a-w- c:\windows\system32\mferror.dll
2009-06-02 20:18 . 2009-06-04 16:46 -------- dc----w- c:\program files\Common Files\PX Storage Engine
2009-06-02 20:17 . 2009-06-02 20:21 -------- dc----w- c:\users\R I P\AppData\Roaming\Winamp
2009-06-02 20:17 . 2009-06-02 20:18 -------- dc----w- c:\program files\Winamp
2009-06-02 05:52 . 2007-03-12 20:42 3495784 -c--a-w- c:\windows\system32\d3dx9_33.dll
2009-06-02 05:51 . 2009-06-02 05:51 -------- dc----w- c:\users\R I P\AppData\Local\Turbine
2009-06-02 05:18 . 2009-06-02 05:18 -------- dc----w- c:\users\R I P\AppData\Local\Turbine,_Inc
2009-06-02 05:18 . 2009-02-13 07:26 1233408 -c--a-w- c:\windows\system32\lsasrv.dll
2009-06-02 05:18 . 2009-02-13 07:26 72704 -c--a-w- c:\windows\system32\secur32.dll
2009-06-02 05:18 . 2009-03-17 03:16 14848 -c--a-w- c:\windows\system32\apilogen.dll
2009-06-02 05:18 . 2009-02-13 07:26 7680 -c--a-w- c:\windows\system32\lsass.exe
2009-06-02 05:18 . 2009-03-17 03:16 25600 -c--a-w- c:\windows\system32\amxread.dll
2009-06-02 05:16 . 2009-06-03 14:55 -------- dc----w- c:\program files\Turbine
2009-06-02 03:58 . 2008-07-27 18:00 96760 -c--a-w- c:\windows\system32\dfshim.dll
2009-06-02 03:57 . 2008-07-27 18:00 282112 -c--a-w- c:\windows\system32\mscoree.dll
2009-06-02 03:57 . 2008-07-27 18:00 41984 -c--a-w- c:\windows\system32\netfxperf.dll
2009-06-02 03:56 . 2008-07-27 18:00 158720 -c--a-w- c:\windows\system32\mscorier.dll
2009-06-02 03:55 . 2008-07-27 18:00 83968 -c--a-w- c:\windows\system32\mscories.dll
2009-06-01 08:45 . 2009-06-01 08:45 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-06-01 08:45 . 2009-06-02 04:55 -------- dc----w- c:\users\R I P\AppData\Roaming\skypePM
2009-06-01 08:41 . 2009-06-02 15:24 -------- dc----w- c:\programdata\Skype
2009-06-01 08:29 . 2009-06-01 08:41 -------- dc----w- c:\users\R I P\AppData\Local\Google
2009-06-01 08:28 . 2009-06-03 21:03 -------- dc----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 21:06 . 2008-12-24 21:29 -------- dc----w- c:\users\R I P\AppData\Roaming\uTorrent
2009-06-11 14:09 . 2008-09-29 22:31 6648 -c--a-w- c:\users\R I P\AppData\Local\d3d9caps.dat
2009-06-10 21:46 . 2008-09-29 21:18 161360 -c--a-w- c:\users\R I P\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-10 20:46 . 2007-08-21 08:42 -------- dc----w- c:\programdata\Microsoft Help
2009-06-10 20:31 . 2007-08-21 08:41 -------- dc----w- c:\program files\Microsoft Works
2009-06-10 09:47 . 2008-04-16 06:28 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 07:25 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-06-10 06:20 . 2009-01-07 00:50 -------- dc----w- c:\program files\MB Free Daily Numerology
2009-06-10 06:18 . 2007-12-11 07:35 -------- dc----w- c:\program files\Bonjour
2009-06-09 22:33 . 2008-10-04 00:30 -------- dc----w- c:\users\R I P\AppData\Roaming\LimeWire
2009-06-04 16:46 . 2009-01-24 23:36 -------- dc----w- c:\program files\DivX
2009-05-27 19:28 . 2009-05-17 22:18 1 -c--a-w- c:\users\R I P\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-19 06:12 . 2009-05-19 05:24 -------- dc----w- c:\users\R I P\AppData\Roaming\Flock
2009-05-19 02:20 . 2009-03-17 01:35 -------- dc----w- c:\program files\iPod
2009-05-19 01:10 . 2009-05-19 01:09 -------- dc----w- c:\users\R I P\AppData\Roaming\SecondLife
2009-05-17 22:16 . 2009-05-17 22:16 -------- dc----w- c:\users\R I P\AppData\Roaming\OpenOffice.org
2009-05-17 22:05 . 2009-02-28 18:28 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-05-17 18:26 . 2007-08-21 08:46 -------- dc----w- c:\programdata\CyberLink
2009-05-17 18:07 . 2008-05-28 08:51 -------- dc----w- c:\program files\Windows Live
2009-05-17 18:06 . 2009-05-17 18:06 -------- dc----w- c:\program files\Microsoft
2009-05-17 18:06 . 2009-05-17 18:06 -------- dc----w- c:\program files\Windows Live SkyDrive
2009-05-17 18:02 . 2009-05-17 18:02 -------- dc----w- c:\program files\Common Files\Windows Live
2009-05-17 11:27 . 2007-11-28 12:40 -------- dc----w- c:\program files\Common Files\Adobe
2009-05-17 10:55 . 2009-04-27 03:37 -------- dc----w- c:\program files\Common Files\Adobe AIR
2009-05-17 10:55 . 2009-01-24 08:51 38208 -c--a-w- c:\users\R I P\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-17 10:52 . 2009-05-17 10:52 -------- dc----w- c:\users\R I P\AppData\Roaming\AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-17 10:52 . 2009-05-17 10:52 -------- dc----w- c:\program files\AdobeSupportAdvisor
2009-05-17 10:02 . 2009-05-17 09:42 -------- dc----w- c:\users\R I P\AppData\Roaming\Download Manager
2009-05-17 03:24 . 2009-05-17 03:24 -------- dc----w- c:\program files\Mandala Painter 3
2009-05-15 20:23 . 2009-05-15 20:23 416128 -c--a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 15:06 . 2007-08-21 08:10 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-05-13 00:22 . 2009-05-13 00:15 22328 -c--a-w- c:\users\R I P\AppData\Roaming\PnkBstrK.sys
2009-05-13 00:22 . 2009-05-13 00:15 22328 -c--a-w- c:\users\R I P\AppData\Roaming\PnkBstrK.sys
2009-05-13 00:22 . 2009-05-13 00:14 66872 -c--a-w- c:\windows\system32\PnkBstrA.exe
2009-05-12 06:26 . 2009-05-12 00:28 -------- dc----w- c:\users\R I P\AppData\Roaming\FOG Downloader
2009-05-06 22:05 . 2009-05-06 22:05 102664 -c--a-w- c:\windows\system32\drivers\tmcomm.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 -c--a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 -c--a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 -c--a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 -c--a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 -c--a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 -c--a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 -c--a-w- c:\windows\system32\DivX.dll
2009-04-28 16:40 . 2007-11-20 20:58 157184 -c--a-w- c:\users\s a m\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 16:22 . 2009-06-16 21:10 827392 -c--a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-16 21:10 56320 -c--a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-16 21:10 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-16 21:10 72704 -c--a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-16 21:10 26624 -c--a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-16 21:10 48128 -c--a-w- c:\windows\system32\mshtmler.dll
2009-04-23 12:56 . 2009-06-10 17:23 696832 -c--a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-10 17:23 2028032 -c--a-w- c:\windows\system32\win32k.sys
2009-04-17 20:58 . 2009-04-23 18:01 954368 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 20:58 . 2009-04-23 18:01 103424 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 20:58 . 2009-04-23 18:01 344064 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 20:58 . 2009-04-23 18:01 71652 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 20:58 . 2009-04-23 18:01 65536 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 20:58 . 2009-04-23 18:01 4579328 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 20:58 . 2009-04-23 18:01 1161626 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 20:58 . 2009-04-23 18:01 4534272 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 20:58 . 2009-04-23 18:01 131868 -c--a-w- c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-06 04:41 . 2009-04-06 04:41 114688 -c--a-w- c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-04-05 09:43 . 2009-04-05 09:43 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-05 09:43 . 2009-04-05 09:43 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-05 09:43 . 2009-04-05 09:43 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-05 09:43 . 2009-04-05 09:43 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-05 09:38 . 2009-04-05 09:38 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-04-05 09:38 . 2009-04-05 09:38 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-04-05 09:38 . 2009-04-05 09:38 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-04-05 09:38 . 2009-04-05 09:38 207872 -c--a-w- c:\users\s a m\AppData\Roaming\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-04-05 04:29 . 2009-04-05 04:13 643072 -c--a-w- c:\windows\system32\CohUpdater_UI_Win.dll
2009-04-05 04:29 . 2009-04-05 04:13 1269760 -c--a-r- c:\windows\system32\CohUpdater.tmp
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-06-10 3207824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\users\R I P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RtHDVCpl.exe [2007-3-9 4390912]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\l:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CCBF8BBC-B5DC-4A6D-A6AD-B9B147C8651A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{54B525A2-6990-4628-96D6-6DEE23F1565E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72C6D7DE-2C4B-4BB6-A950-06D1B0B6ED7C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{16F1BC0B-4CBA-42D5-B319-627509208D46}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5C565845-6A13-4955-B4CD-82AAD268017F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3853C94B-61A1-4B9B-A787-C7CAD06D7D54}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{031C1789-7883-4761-8A98-5720739D5532}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{302C73F5-9FE6-4D23-9222-55E6A148AE49}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2414E-CEC8-4DE5-98DA-617715E7FA80}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{45AE4311-2B52-459E-8D44-151EB6C27C3A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3457A866-BEE7-430C-9E06-D96D99FED3BB}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{6A0BB0C5-FF07-4AD6-90A4-7AD1C874C814}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{727F472D-880F-44AB-94A5-13FA53CFA2CF}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{CFA1A7FB-077A-4203-80C6-49A2AF15E32C}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{DCDD547F-222C-4306-89B0-C2F92D004E7A}"= UDP:c:\program files\Common Files\aol\1197041867\ee\aolsoftware.exe:AOL Shared Components
"{75E161D3-3C30-488F-AAD8-A1DEC71223E5}"= TCP:c:\program files\Common Files\aol\1197041867\ee\aolsoftware.exe:AOL Shared Components
"{C7698B9B-B769-4760-AC1C-7862FF7B50ED}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{D471911E-F764-4A03-A7A7-724FA8CF1877}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{C35BBC43-A129-4598-8477-42CE4B0CB9F8}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{47FE53B4-78C3-46D7-88AC-048726C302F7}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C0275F9F-9BF6-4FE1-BD83-558366884A16}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{3E0E6A6A-4F24-49E6-B698-B4D2E4CD68FD}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A3370416-0606-468C-B54A-4F7C893506EB}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{81BECA3F-4FB1-4674-AF07-66C5ED293C5B}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{8CC3C02B-A4E3-4D8F-A34C-BE1EB7C58596}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{0A658704-C214-44D4-91CB-54D24A57CE5A}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"ef08b0b1-772d-40ea-8fd4-2d6eca141ff7"= %USERPROFILE%\Desktop\World of Warcraft\WoW.exe:WoW
"f01e72ba-e70e-4dc6-b882-6919c485b819"= %USERPROFILE%\Desktop\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:WoW 2.3
"{3F99F4E3-7753-465D-BF68-741DFC734CE6}"= UDP:c:\windows\System32\LMabcoms.exe:Lexmark Enhanced TCP/IP
"{597ADF82-F76A-46AC-878C-8739B721820E}"= TCP:c:\windows\System32\LMabcoms.exe:Lexmark Enhanced TCP/IP
"{BC1D14D2-5547-4027-B7D9-F7E5CBACDD97}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{B1069679-14BA-448C-AC71-2ADF4274B3BF}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{99D41533-D16D-412E-B2E9-BFEED5BB171C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{309E3A57-2D14-4C43-B281-652B0857F680}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{29A5DA25-0285-43C1-B8FD-90BB48E9BFAD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{D4771B41-851F-4FD4-8F1A-E9B9814653E5}c:\\users\\s a m\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\s a m\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{40693710-B81A-4B60-B59A-D49286906C26}c:\\users\\s a m\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\s a m\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{D0BB742E-8A90-4C44-B25D-87BCFC273246}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{32A3B11B-3359-42D3-B405-1365AD99C0B5}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{D43D954F-AEAA-46C9-AC91-FFD853EEA505}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F1F5AB92-85A9-4843-8F15-EE582FD6DB54}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{25544E43-A2B1-4F7F-B5E3-2C9111834451}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC62963E-3181-4C45-B019-B25B61BC46FA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C2A89416-5BB6-4763-A674-D92D7E37F43B}c:\\program files\\ubisoft\\lost via domus\\yeti_final_win32.exe"= UDP:c:\program files\ubisoft\lost via domus\yeti_final_win32.exe:Lost
"UDP Query User{8E4A6C9A-9697-4C70-A71D-B2FEB7A23E2B}c:\\program files\\ubisoft\\lost via domus\\yeti_final_win32.exe"= TCP:c:\program files\ubisoft\lost via domus\yeti_final_win32.exe:Lost
"{D3451187-1464-42B0-9931-2C63CAE94915}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3FF0A24C-3730-404C-AB5D-216DFEC33CBC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1A1930F5-DF0E-43B0-8DB6-338FCC829AB7}"= UDP:d:\limewire\LimeWire.exe:LimeWire
"{5A207AE8-63D8-4321-A226-E03C0DC42CA2}"= TCP:d:\limewire\LimeWire.exe:LimeWire
"{80949EA5-7296-4AE2-8933-C28763615909}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{DEA9DAF6-2FEE-40B7-B607-09BED7752D66}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{8B82B58C-513D-46E4-8A78-CBECDAA0E114}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8E881138-D7C4-430D-A98F-9CB1408547EB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4252E082-DF0D-4464-83E4-8F70FDB9DE29}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ADED1B29-18EB-48CB-8D30-F07AC3E80760}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{16E69673-7D2A-4C00-BC64-4B2A5ED3A364}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F6796441-C3EF-437F-99CD-D2388D1C5DEF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A31BDB0D-5AA0-4C00-BE0C-5EC537AC3988}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{9B95B64D-D84C-43E3-B87D-EC4FE05B202E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{5088A91B-8BF9-4B73-9BC4-6ACF0FBD24D4}"= UDP:c:\windows\System32\LMabcoms.exe:Lexmark Enhanced TCP/IP
"{552415D6-0540-4E3D-A477-F440E3D177FC}"= TCP:c:\windows\System32\LMabcoms.exe:Lexmark Enhanced TCP/IP
"TCP Query User{D29964A1-24F8-4DAA-8973-A65884CF7847}c:\\users\\r i p\\desktop\\yuleech-runesofmagic2_0_1_1821-en.exe"= UDP:c:\users\r i p\desktop\yuleech-runesofmagic2_0_1_1821-en.exe:yuleech-runesofmagic2_0_1_1821-en.exe
"UDP Query User{65FBD0F2-3150-4362-ABD5-37273F03AC82}c:\\users\\r i p\\desktop\\yuleech-runesofmagic2_0_1_1821-en.exe"= TCP:c:\users\r i p\desktop\yuleech-runesofmagic2_0_1_1821-en.exe:yuleech-runesofmagic2_0_1_1821-en.exe
"{93897139-1F8E-48BD-AEF2-302D1CACC34B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CAD9DDCB-F0E2-457A-8850-4E547DEC0672}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7464DBDB-C254-4837-847B-E31721898783}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B5E1A25A-D369-417C-BA30-8A2E8CACD1F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F58968B5-DBF7-4C54-A42D-2AC2246C29F8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{47A4E3E5-B7BC-4B2E-BB81-17FCC50F244D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6A2C0EE7-265B-467D-A89C-0137B511BDD2}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{A493111C-B733-4823-BF78-46B0EBC96881}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{1821E17B-5D3B-4231-A949-4A4EC135DD8C}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{AA3CE488-B1A2-4693-87F4-49007F0AB895}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{128F53AA-ED8B-4BAF-8D23-DC827707941A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{793F802D-89B5-42BC-A311-5128CBB67767}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A6981D8F-C61A-47EA-BE3F-E916028D24AE}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{B8E7222E-F22B-4362-AF1B-1C7A8FA00BDD}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"{A5E42F74-EA13-4A42-A2A5-DA64FA15C996}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{F40A9F86-E4A0-47E6-8BE5-53306A9B9662}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{8C2A2F75-19B8-4C5A-8868-87B0E2FEC387}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{CAF2873C-6656-4C94-8595-9FAC27717AB8}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/22/2009 4:33 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:32]

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{2C82BAE3-6FA8-4F4F-A64D-C2C9397BF6A3}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{36F4FD5F-0D2D-4E92-8439-59324F4A355C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
FF - component: c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\R I P\AppData\Roaming\Mozilla\Firefox\Profiles\du1fjvx7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 17:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-29 17:51
ComboFix-quarantined-files.txt 2009-06-29 21:51

Pre-Run: 44,453,060,608 bytes free
Post-Run: 45,576,515,584 bytes free

371 --- E O F --- 2009-06-26 15:03



And here is my GMER Log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 17:54:18
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB23EB4E7]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


I was not sure if you also wanted the Goored log so here it is as well:

GooredFix v1.92 by jpshortstuff
Log created at 17:53 on 29/06/2009 running Option #1 (R I P)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Edited by BHSaint, 29 June 2009 - 05:02 PM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 29 June 2009 - 06:02 PM

Hello.

Posted ImageBackdoor Threat
I'm sorry to say that your computer was infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.
  • Click the Start Menu (or Windows Orb), then All Programs, then Windows Update.
  • On the left, choose Change Settings
  • Ensure that the checkbox Use Microsoft Update at the bottom of the window is checked.
  • Press OK and accept the UAC prompt. You shouldn't need to check this checkbox every single time you update, only the first time.
  • Click Check for Updates in the upper left corner.
  • Follow the instructions to install the latest updates.
  • Reboot and repeat the "Check for Updates" until there are no more critical updates to install.

Take a new DDS.txt log after.

Give me an update on the symptoms.

With Regards,
The panda

#8 BHSaint

BHSaint
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 30 June 2009 - 11:34 AM

All symptoms seem to have been cleared (no more browser hijackings, and updates seem to be running smoothly)- at least so far.

Here is my newest DDS Log (after Windows Update)


DDS (Ver_09-06-26.01) - NTFSx86
Run by R I P at 12:23:24.78 on Tue 06/30/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.577 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\servicing\vsp1ceip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\R I P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtHDVCpl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\R I P\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mWindow Title =
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
StartupFolder: c:\users\r i p\appdata\roaming\microsoft\windows\start menu\programs\startup\RtHDVCpl.exe
StartupFolder: c:\users\rip~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rip~1\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
FF - component: c:\users\r i p\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\r i p\appdata\roaming\mozilla\firefox\profiles\du1fjvx7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-30 11:56 <DIR> -cd----- C:\PerfLogs
2009-06-29 17:51 <DIR> -cdsh--- C:\$RECYCLE.BIN
2009-06-29 17:22 <DIR> -cds---- C:\NotanotherCombo
2009-06-29 17:09 161,792 ac------ c:\windows\SWREG.exe
2009-06-29 17:09 155,136 ac------ c:\windows\PEV.exe
2009-06-29 17:09 98,816 ac------ c:\windows\sed.exe
2009-06-22 04:33 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-06-10 14:36 <DIR> -cd----- c:\program files\a-squared Anti-Malware
2009-06-10 14:15 2,048 ac------ c:\windows\system32\tzres.dll
2009-06-10 14:09 97,800 ac------ c:\windows\system32\infocardapi.dll
2009-06-10 14:09 622,080 ac------ c:\windows\system32\icardagt.exe
2009-06-10 14:09 105,016 ac------ c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-10 14:09 37,384 ac------ c:\windows\system32\infocardcpl.cpl
2009-06-10 14:09 11,264 ac------ c:\windows\system32\icardres.dll
2009-06-10 14:09 43,544 ac------ c:\windows\system32\PresentationHostProxy.dll
2009-06-10 14:09 781,344 ac------ c:\windows\system32\PresentationNative_v0300.dll
2009-06-10 14:09 326,160 ac------ c:\windows\system32\PresentationHost.exe
2009-06-10 13:52 428,544 ac------ c:\windows\system32\EncDec.dll
2009-06-10 13:52 293,376 ac------ c:\windows\system32\psisdecd.dll
2009-06-10 13:52 217,088 ac------ c:\windows\system32\psisrndr.ax
2009-06-10 13:52 177,664 ac------ c:\windows\system32\mpg2splt.ax
2009-06-10 13:52 80,896 ac------ c:\windows\system32\MSNP.ax
2009-06-10 13:22 3,599,328 ac------ c:\windows\system32\ntkrnlpa.exe
2009-06-10 13:22 3,547,632 ac------ c:\windows\system32\ntoskrnl.exe
2009-06-10 13:22 247,296 ac------ c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-10 13:22 129,024 ac------ c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-10 13:22 98,304 ac------ c:\windows\system32\iasrecst.dll
2009-06-10 13:22 44,032 ac------ c:\windows\system32\iasdatastore.dll
2009-06-10 13:22 54,784 ac------ c:\windows\system32\iasads.dll
2009-06-10 13:22 26,112 ac------ c:\windows\system32\printfilterpipelineprxy.dll
2009-06-10 13:22 784,896 ac------ c:\windows\system32\rpcrt4.dll
2009-06-10 13:20 268,288 ac------ c:\windows\system32\schannel.dll
2009-06-10 05:57 <DIR> -cd----- c:\programdata\SUPERAntiSpyware.com
2009-06-10 05:57 <DIR> -cd----- c:\progra~2\SUPERAntiSpyware.com
2009-06-10 05:48 <DIR> -cd----- c:\users\rip~1\appdata\roaming\SUPERAntiSpyware.com
2009-06-10 05:48 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-06-10 04:58 <DIR> -cd----- c:\users\rip~1\appdata\roaming\Malwarebytes
2009-06-10 04:57 40,160 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 04:57 19,096 ac------ c:\windows\system32\drivers\mbam.sys
2009-06-10 04:57 <DIR> -cd----- c:\programdata\Malwarebytes
2009-06-10 04:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 04:57 <DIR> -cd----- c:\progra~2\Malwarebytes
2009-06-10 04:47 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-06-10 04:30 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 04:30 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-10 04:30 <DIR> -cd----- c:\programdata\Lavasoft
2009-06-10 04:30 <DIR> -cd----- c:\program files\Lavasoft
2009-06-10 04:11 0 ac------ c:\windows\system32\8104297.jun
2009-06-10 04:11 <DIR> -cd----- c:\program files\Browser Hijack Recover
2009-06-10 04:09 <DIR> -cd----- c:\program files\SpywareGuard
2009-06-10 03:36 <DIR> -cd----- c:\program files\Trend Micro
2009-06-10 02:23 76 -c--h--- c:\windows\argsys.gid
2009-06-10 01:54 <DIR> -cd----- c:\program files\Visual Tarot 8.11.25
2009-06-10 01:40 168,448 ac------ c:\windows\system32\unrar.dll
2009-06-10 01:40 <DIR> -cd----- c:\program files\K-Lite Codec Pack
2009-06-10 01:31 <DIR> -cd----- c:\program files\GPL MPEG Decoder
2009-06-09 05:54 89 ac------ c:\windows\janus4.ini
2009-06-09 05:46 387,072 ac------ c:\windows\system32\swedll32.dll
2009-06-09 05:46 192,784 ac------ c:\windows\system32\TABCTL32.OCX
2009-06-09 05:46 129,536 ac------ c:\windows\system32\bc32l60.dll
2009-06-09 05:46 227,600 ac------ c:\windows\system32\MSFLXGRD.OCX
2009-06-09 05:46 105,472 ac------ c:\windows\system32\MHOUTB32.OCX
2009-06-09 05:46 43,520 ac------ c:\windows\system32\bc32r60.dll
2009-06-09 05:46 <DIR> -cd----- c:\program files\Janus4
2009-06-04 12:45 <DIR> -cd----- c:\program files\common files\DivX Shared
2009-06-03 14:24 376,832 ac------ c:\windows\system32\winhttp.dll
2009-06-03 14:23 2,868,736 ac------ c:\windows\system32\mf.dll
2009-06-03 14:23 996,352 ac------ c:\windows\system32\WMNetMgr.dll
2009-06-03 14:23 53,248 ac------ c:\windows\system32\rrinstaller.exe
2009-06-03 14:23 98,816 ac------ c:\windows\system32\mfps.dll
2009-06-03 14:23 94,720 ac------ c:\windows\system32\logagent.exe
2009-06-03 14:23 24,576 ac------ c:\windows\system32\mfpmp.exe
2009-06-02 16:18 <DIR> -cd----- c:\program files\common files\PX Storage Engine
2009-06-02 13:37 <DIR> -cd----- c:\program files\LimeWire
2009-06-02 11:19 <DIR> -cd----- c:\programdata\Google
2009-06-02 01:52 3,495,784 ac------ c:\windows\system32\d3dx9_33.dll
2009-06-02 01:18 1,255,936 ac------ c:\windows\system32\lsasrv.dll
2009-06-02 01:18 13,780 ac------ c:\windows\system32\wbem\lsasrv.mof
2009-06-02 01:18 441,400 ac------ c:\windows\system32\drivers\ksecdd.sys
2009-06-02 01:18 72,704 ac------ c:\windows\system32\secur32.dll
2009-06-02 01:18 9,728 ac------ c:\windows\system32\lsass.exe
2009-06-02 01:18 24,064 ac------ c:\windows\system32\amxread.dll
2009-06-02 01:18 13,824 ac------ c:\windows\system32\apilogen.dll
2009-06-02 01:16 <DIR> -cd----- c:\program files\Turbine
2009-06-01 23:58 96,760 ac------ c:\windows\system32\dfshim.dll
2009-06-01 23:57 282,112 ac------ c:\windows\system32\mscoree.dll
2009-06-01 23:57 41,984 ac------ c:\windows\system32\netfxperf.dll
2009-06-01 23:56 158,720 ac------ c:\windows\system32\mscorier.dll
2009-06-01 23:55 83,968 ac------ c:\windows\system32\mscories.dll
2009-06-01 04:45 56 ac--h--- c:\windows\system32\ezsidmv.dat
2009-06-01 04:41 <DIR> -cd----- c:\programdata\Skype

==================== Find3M ====================

2009-06-30 12:12 174 a--sh--- c:\program files\desktop.ini
2009-06-30 12:03 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-30 12:03 86,016 a------- c:\windows\inf\infstor.dat
2009-06-30 12:03 51,200 a------- c:\windows\inf\infpub.dat
2009-06-30 11:55 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-30 11:38 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-30 11:38 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-17 18:05 410,984 ac------ c:\windows\system32\deploytk.dll
2009-05-12 20:22 22,328 ac------ c:\users\rip~1\appdata\roaming\PnkBstrK.sys
2009-05-12 20:22 66,872 ac------ c:\windows\system32\PnkBstrA.exe
2009-05-06 18:05 102,664 ac------ c:\windows\system32\drivers\tmcomm.sys
2009-05-01 17:02 90,112 ac------ c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 ac------ c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 ac------ c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 ac------ c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 ac------ c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 ac------ c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 ac------ c:\windows\system32\DivX.dll
2009-04-24 12:05 827,904 ac------ c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 ac------ c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 ac------ c:\windows\system32\ieUnatt.exe
2009-04-23 08:42 636,928 ac------ c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 ac------ c:\windows\system32\win32k.sys
2009-04-05 00:29 1,269,760 ac---r-- c:\windows\system32\CohUpdater.tmp
2009-04-05 00:29 643,072 ac------ c:\windows\system32\CohUpdater_UI_Win.dll
2006-11-02 08:42 287,440 ac------ c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 ac------ c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 ac------ c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 ac------ c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 ac------ c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 ac------ c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 ac------ c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 ac------ c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:28:50.40 ===============

Edited by BHSaint, 30 June 2009 - 11:36 AM.


#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 30 June 2009 - 01:14 PM

Hello.

New logs look clean. Let's check for anything remaining.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

With Regards,
The Panda

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 10 July 2009 - 08:08 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users