Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skynet.DLL.... judgement day


  • This topic is locked This topic is locked
11 replies to this topic

#1 pendrakhis

pendrakhis

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 05 July 2009 - 10:00 PM

I have had a thread under Am I infected for a few weeks now http://www.bleepingcomputer.com/forums/t/237144/skynetdll-twice-the-round/ Called SKYNET.DLL... twice the round. Rigel has been assisting me through the steps as is shown on the thread. Now he has directed me here to post an hjt log. I hope this is the correct log from the dds report. Kind of green at this but taking notes as this goes along. After weeks of fighting this Skynet virus with antiwalware, sas, dr. web, smitfraudfix I am now here. Rootrepeal would not work through this process at all. I did a quick scan of antimalware today and SKynet is still there... Help! Please! Thank you.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Adrian Dorsey at 10:27:28.38 on 05/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.1131 [GMT -4:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vVX1000.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Adrian Dorsey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00WLGMVV\dds[1].scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [Google Update] "c:\users\adrian dorsey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ICQ Lite] "c:\program files\icqlite\ICQLite.exe" -minimize
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\program files\smartshopper\bin\2.5.0\SmrtShpr.dll
Trusted Zone: dudesons.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 antispyware;antispyware;c:\windows\system32\drivers\antispyware.sys [2008-2-22 19712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-3 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-3 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-3 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-3 298776]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S2 0277711236562837mcinstcleanup;McAfee Application Installer Cleanup (0277711236562837);c:\users\adrian~1\appdata\local\temp\027771~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\adrian~1\appdata\local\temp\027771~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a149cdaf3b43;Google Update Service (gupdate1c9a149cdaf3b43);c:\program files\google\update\GoogleUpdate.exe [2009-3-10 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2005-4-11 121472]

=============== Created Last 30 ================

2009-06-29 05:45 --d----- c:\users\adrian~1\appdata\roaming\DriverCure
2009-06-29 05:45 --d----- c:\programdata\ParetoLogic
2009-06-29 05:45 --d----- c:\programdata\DriverCure
2009-06-29 05:45 --d----- c:\program files\common files\ParetoLogic
2009-06-29 05:45 --d----- c:\progra~2\ParetoLogic
2009-06-29 05:45 --d----- c:\progra~2\DriverCure
2009-06-25 10:47 --d----- c:\windows\system32\EventProviders
2009-06-25 10:14 47,104 a------- c:\windows\system32\pcmfd3.dll
2009-06-25 10:14 148 a------- c:\windows\system32\ijw
2009-06-24 08:14 --d----- c:\programdata\AVG Security Toolbar
2009-06-24 08:14 --d----- c:\progra~2\AVG Security Toolbar
2009-06-22 09:34 --d----- c:\program files\Exterminate It!
2009-06-19 21:58 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-06-10 08:17 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-10 08:17 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-10 08:17 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-10 08:17 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-10 08:17 80,896 a------- c:\windows\system32\MSNP.ax

==================== Find3M ====================

2009-07-04 02:55 16,802 a------- c:\users\adrian~1\appdata\roaming\wklnhst.dat
2009-07-02 18:32 3,398 a------- c:\windows\system32\tmp.reg
2009-06-25 13:38 51,200 a------- c:\windows\inf\infpub.dat
2009-06-25 13:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-25 13:38 86,016 a------- c:\windows\inf\infstor.dat
2009-06-25 13:24 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-24 08:13 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 08:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-03 15:21 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-10 20:23 94,208 a------- c:\windows\ScUnin.exe
2009-05-10 20:23 32,829 a------- c:\windows\scunin.dat
2009-05-10 13:45 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-16 01:19 2,785,558 a------- c:\windows\system32\vgacache.dll
2008-05-16 11:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:29:11.85 ===============

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 09 July 2009 - 01:01 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 pendrakhis

pendrakhis
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 12 July 2009 - 03:28 PM

The third link is the only one that appears to work. It takes me to Foro de Spyware and much of it appears to be not in English... haha... not sure where to go to find the combo fix.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 12 July 2009 - 04:28 PM

Try it again please.. Link 2 and Link 3 works for me

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 pendrakhis

pendrakhis
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 12 July 2009 - 08:18 PM

Okay... GOT IT! All 11 pages? I can see SKYNET written in the log under Drivers and Services... sends chills up my spine.




ComboFix 09-07-12.03 - Adrian Dorsey 12/07/2009 20:53.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.982 [GMT -4:00]
Running from: c:\users\Adrian Dorsey\Documents\Anti-malware\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3055828942-3247080174-748254492-500
c:\programdata\99262316.ini
c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Adrian Dorsey\Favorites\Download programs.url
c:\users\Adrian Dorsey\Favorites\Games.url
c:\users\Adrian Dorsey\Favorites\Videos.url
c:\users\ADRIAN~1\FAVORI~1\Download programs.url
c:\users\ADRIAN~1\FAVORI~1\Games.url
c:\users\ADRIAN~1\FAVORI~1\Videos.url
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNETIVMXQMXT
-------\Service_SKYNETivmxqmxt


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 01:01 . 2009-07-13 01:03 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\temp
2009-07-13 01:01 . 2009-07-13 01:01 -------- d-----w- c:\users\KIDS\AppData\Local\temp
2009-07-13 01:00 . 2009-07-13 01:00 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-06-29 09:45 . 2009-06-29 09:46 -------- d-----w- c:\users\Adrian Dorsey\AppData\Roaming\DriverCure
2009-06-29 09:45 . 2009-06-29 09:50 -------- d-----w- c:\programdata\DriverCure
2009-06-29 09:45 . 2009-06-29 09:45 -------- d-----w- c:\programdata\ParetoLogic
2009-06-29 09:45 . 2009-06-29 09:45 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-28 01:36 . 2009-06-28 01:36 -------- d-----w- c:\program files\Alwil Software
2009-06-28 01:25 . 2009-07-01 20:13 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Adobe
2009-06-27 07:28 . 2009-06-27 07:28 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Apple
2009-06-27 07:27 . 2009-07-04 07:05 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Apple Computer
2009-06-25 14:47 . 2009-06-25 14:47 -------- d-----w- c:\windows\system32\EventProviders
2009-06-25 14:14 . 2009-06-25 14:14 47104 ----a-w- c:\windows\system32\pcmfd3.dll
2009-06-25 00:32 . 2009-06-14 20:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-24 12:13 . 2009-06-03 19:21 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-24 12:13 . 2009-06-03 19:21 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-06-24 12:13 . 2009-06-03 19:21 1439488 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-24 12:13 . 2009-06-03 19:21 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-06-22 13:34 . 2009-06-22 13:38 -------- d-----w- c:\program files\Exterminate It!
2009-06-20 01:58 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 01:04 . 2009-04-20 22:16 117760 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-12 21:00 . 2007-04-10 01:36 17156 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\wklnhst.dat
2009-07-12 14:44 . 2009-03-10 06:30 -------- d-----w- c:\programdata\Google Updater
2009-07-07 02:09 . 2008-11-27 19:46 -------- d-----w- c:\program files\Curse
2009-06-28 11:36 . 2007-09-29 02:47 -------- d-----w- c:\program files\Google
2009-06-27 16:06 . 2009-03-09 01:55 -------- d-----w- c:\programdata\avg8
2009-06-27 16:05 . 2007-06-24 23:48 1356 ----a-w- c:\users\Adrian Dorsey\AppData\Local\d3d9caps.dat
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-25 17:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-25 17:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-25 12:51 . 2009-03-09 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 00:32 . 2009-06-24 12:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 12:35 . 2007-05-10 18:15 -------- d-----w- c:\program files\Diablo II
2009-06-24 12:13 . 2009-06-03 19:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 12:13 . 2009-06-03 19:21 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 12:13 . 2009-06-03 19:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 12:13 . 2009-06-24 12:14 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-20 06:07 . 2009-04-02 10:59 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-20 05:11 . 2009-05-10 17:42 -------- d-----w- c:\users\Adrian Dorsey\AppData\Roaming\uTorrent
2009-06-17 15:27 . 2009-03-09 15:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-03-09 15:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 12:22 . 2006-12-16 00:15 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 19:22 . 2009-06-24 12:14 11952 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-06-02 18:35 . 2009-06-02 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg17\RealPlayer11.exe
2009-06-02 18:35 . 2009-06-02 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 17:58 . 2009-04-20 21:53 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 01:37 . 2009-05-26 01:37 -------- d-----w- c:\program files\directx
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897D.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897C.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897B.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT896B.tmp
2009-05-25 21:31 . 2009-05-25 21:30 -------- d-----w- c:\program files\Project64 1.6
2009-05-25 21:30 . 2009-05-25 21:30 8854 ----a-r- c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-25 21:30 . 2009-05-25 21:30 40960 ----a-r- c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-23 18:18 . 2009-05-23 18:18 -------- d-----w- c:\program files\Creative Labs
2009-05-22 18:35 . 2009-05-22 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg16\RealPlayer11.exe
2009-05-18 02:43 . 2008-05-12 22:16 -------- d-----w- c:\users\KIDS\AppData\Roaming\LimeWire
2009-05-16 19:41 . 2007-06-14 22:54 -------- d-----w- c:\program files\Starcraft
2009-05-14 18:35 . 2009-05-14 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg15\RealPlayer11.exe
2009-05-11 00:23 . 2009-05-11 00:20 967 ----a-w- c:\windows\ScUnin.pif
2009-05-11 00:23 . 2009-05-11 00:20 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-11 00:23 . 2009-05-11 00:20 32829 ----a-w- c:\windows\scunin.dat
2009-05-10 17:45 . 2009-05-10 17:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-09 05:50 . 2009-06-10 09:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 18:35 . 2009-05-06 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg14\RealPlayer11.exe
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 16:21 . 2009-05-01 16:21 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 12:37 . 2009-06-10 12:17 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-10 12:17 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-26 18:35 . 2009-04-26 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg13\RealPlayer11.exe
2009-04-23 12:43 . 2009-06-10 09:04 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 09:04 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 09:04 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 18:35 . 2009-04-16 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg12\RealPlayer11.exe
2009-04-16 05:19 . 2009-04-16 04:33 2785558 ----a-w- c:\windows\system32\vgacache.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-07 1966592]
"Google Update"="c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-16 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-11 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::de,fb,a3,c0,ba,f5,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1FE9B6C0-1B87-4974-A774-FF074593C772}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F27EF518-5D28-45D6-9EBB-3BF10E88F424}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EB6AB3C4-FC3B-4C99-AD41-4B5586C69367}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4BAC65C3-3E74-4689-8415-A5E0BA704E8D}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4FF7449C-CC12-4934-9088-FB66AE2A82C1}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{1FC1206A-4B01-45B9-8CA5-BC5CE9E96E12}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{7F0C30AF-B52A-41C9-AE90-E141AFF59230}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{6AFFC784-90EE-418B-B8E9-20288BBDEA93}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E9777598-EF17-46E2-A841-2793D5A12947}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{474702C0-D095-435D-AA66-D83371869CC4}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{FB5FC0AE-1936-4069-9EDD-A01645F1D81F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E7173B8C-71BA-45B6-846D-E969311DF4CB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5394F50D-589A-4B52-94F1-C24A1A883CCE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9AF0C119-0DB9-41A3-905A-43C42E1921E7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56055A82-D1D2-4638-B6CE-BFB5393A5C00}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B336B372-FE30-4F77-99F3-41140A804C45}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0EBBBA37-87E7-400B-B095-244FE2C3B711}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7FC119E7-D1CC-4F48-A86A-BD334ACC8704}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1199C993-62C3-4CF1-BE98-5E8DD4CD345E}"= UDP:c:\program files\ASPMonitor\ASMonitor.exe:System
"{96B39734-403D-4F34-BDDE-091CE364C483}"= TCP:c:\program files\ASPMonitor\ASMonitor.exe:System
"{434C7E3E-69F6-4057-9C1F-40E3FC766EFB}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C8DC5382-94A5-4AF1-850E-A8EE94D339FD}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{7BDCE8DC-9767-4E39-8B19-4345FEC1CA6C}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{27B10499-FEF4-4122-8379-7B11535D6B8C}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{2971861C-43AF-4211-8636-0F0B9497F4CE}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{653CD78B-42B8-4D9A-ADAA-C81F31158960}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{0EBBD789-41C5-4A95-83FD-D443B5962FEB}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{05537DBB-3AAC-4F0D-A6EE-5E7BF0AFD26C}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BF1625D5-0A9C-484D-A1CC-7B4F946C5F65}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{B85428DF-632B-4D7C-B8C6-8063F80B4180}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BE257A65-3CE9-4138-B700-97CDB10571E7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C3888474-6C18-4309-874A-7134C833B426}"= UDP:c:\program files\Common Files\AOL\1205613029\ee\aolsoftware.exe:AOL Services
"{A7420A5A-CCA0-4368-8DD7-B62671A0F1B9}"= TCP:c:\program files\Common Files\AOL\1205613029\ee\aolsoftware.exe:AOL Services
"TCP Query User{58E0ED95-7910-4085-BD26-E588BE85E41F}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{E16FBB65-493B-44C0-AF8E-11FE483C5ABB}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{E3B322F4-C320-4EA3-B511-AA963D68F2B0}c:\\users\\kids\\appdata\\roaming\\icq6\\icq.exe"= UDP:c:\users\kids\appdata\roaming\icq6\icq.exe:ICQ Library
"UDP Query User{BDE42D44-B51B-4CA1-9ED1-410AF51ECD44}c:\\users\\kids\\appdata\\roaming\\icq6\\icq.exe"= TCP:c:\users\kids\appdata\roaming\icq6\icq.exe:ICQ Library
"{86CAC849-40B7-49B7-B21E-991F452263C0}"= UDP:c:\aeriagames\Shaiya\Updater.exe:Shaiya
"{D0E564A8-8E22-4A16-9664-705BF22E52ED}"= TCP:c:\aeriagames\Shaiya\Updater.exe:Shaiya
"{BFE4E035-23AA-467D-8613-31F5EAC2381E}"= UDP:3724:Blizzard Downloader: 3724
"{571EC848-C232-4602-BDD6-3D5596CB2F8B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{5A9C7750-2BCD-4B18-BA7E-DBBAE3E24D45}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F1554415-4B9D-4502-B35A-E90F633F09CA}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6B571B64-2100-4C83-BE3B-4C49DF3C0D96}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{523A33A7-032A-4B29-8D16-4611E0A5C0F8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{18643692-DB0F-4BB9-B3BC-7E7B77CE3AF2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B102EAD6-2A8B-4B0A-BC21-721665406BF1}c:\\users\\adrian dorsey\\program files\\dna\\btdna.exe"= UDP:c:\users\adrian dorsey\program files\dna\btdna.exe:btdna.exe
"UDP Query User{596A6013-2E2C-4BC6-BE59-DBB389C0A2E7}c:\\users\\adrian dorsey\\program files\\dna\\btdna.exe"= TCP:c:\users\adrian dorsey\program files\dna\btdna.exe:btdna.exe
"TCP Query User{68F6D43E-A39E-49D2-87D5-5E4DDFAC8CAB}c:\\users\\adrian dorsey\\appdata\\local\\temp\\blizzard launcher temporary - 20c72b78\\launcher.exe"= UDP:c:\users\adrian dorsey\appdata\local\temp\blizzard launcher temporary - 20c72b78\launcher.exe:launcher.exe
"UDP Query User{C1A463E3-0A1E-409B-9FF3-63CE76563553}c:\\users\\adrian dorsey\\appdata\\local\\temp\\blizzard launcher temporary - 20c72b78\\launcher.exe"= TCP:c:\users\adrian dorsey\appdata\local\temp\blizzard launcher temporary - 20c72b78\launcher.exe:launcher.exe
"TCP Query User{3480DC54-1DC3-488B-9890-8F2429CDEE45}c:\\program files\\curse\\curseclient.exe"= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{45DC1097-08D5-4F62-8B2C-C059BEBDD762}c:\\program files\\curse\\curseclient.exe"= TCP:c:\program files\curse\curseclient.exe:CurseClient
"TCP Query User{A93CD659-B938-4D25-B3E6-273E062B1C4E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{EABD92D2-B398-4CB6-B935-9C96F65DA9AD}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{18DFC33E-FF79-49B7-A48A-E1E12129FE28}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F4E0711C-5C9A-4361-A02F-4A7FF3D60B86}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A1C0FB52-EE59-4180-B8C1-DD94472ADFA1}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{482825BA-03E3-49A2-983D-E28D79A5F320}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{6C278662-8FEB-4C42-AA84-601594B3C8EA}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{0F13E1AD-FD99-47AF-B7E9-D948837178D1}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{3662D7C3-09D3-414C-ABCE-7FC27D95C294}"= UDP:c:\program files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{712BB7CD-04EF-4AA0-B763-92C7E848EB98}"= TCP:c:\program files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{8C87105F-567E-47D2-976F-F3D2B5538839}"= UDP:6112:Blizzard Downloader: 6112
"{BB1033CE-9A49-442E-8378-9935B79A7FD0}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System
"{FF173501-1BA5-4A86-AE1F-FFE826142642}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System
"{99C26582-00E1-4C69-994F-29BE84D32C66}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15D2D955-3A3B-4898-A6E4-8973630B9C83}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E2320AE3-0D68-4094-AB18-54C790182912}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{31054157-6817-4228-9D3E-86234B6DFF70}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B6A39245-2F8A-42B6-B4B2-D51621433BDC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{10ADFE4B-A0E3-4D35-AC9E-861BC478E93F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{355E2D92-30B9-4797-A2CD-49720007FF00}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{16C35A7A-FE78-401D-96CA-81D36E538E04}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 antispyware;antispyware;c:\windows\System32\drivers\antispyware.sys [22/02/2008 16:09 19712]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/06/2009 15:21 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/06/2009 15:21 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/06/2009 15:21 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/06/2009 15:21 298776]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 14:32 208896]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
S2 0277711236562837mcinstcleanup;McAfee Application Installer Cleanup (0277711236562837);c:\users\ADRIAN~1\AppData\Local\Temp\027771~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\ADRIAN~1\AppData\Local\Temp\027771~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a149cdaf3b43;Google Update Service (gupdate1c9a149cdaf3b43);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2009 02:31 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 13:13 29696]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\System32\drivers\mr97310c.sys [11/04/2005 17:26 121472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-26 21:45]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 06:30]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 06:30]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015252191-728118525-2351217088-1001Core.job
- c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 10:47]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015252191-728118525-2351217088-1001UA.job
- c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 10:47]

2009-07-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-07-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{D01CB679-8B1D-4152-83ED-08F8004E79BC}.job
- c:\windows\system32\msfeedssync.exe [2009-04-28 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-ICQ Lite - c:\program files\ICQLite\ICQLite.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: dudesons.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 21:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-13 21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 01:12

Pre-Run: 102,052,839,424 bytes free
Post-Run: 105,184,079,872 bytes free

372 --- E O F --- 2009-07-09 21:43

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 13 July 2009 - 02:43 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
antispyware

File::
c:\windows\system32\pcmfd3.dll
c:\windows\System32\drivers\antispyware.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 pendrakhis

pendrakhis
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 13 July 2009 - 10:07 PM

Ok... did the combofix again as you requested. Not sure I understand the linguo at the end. You want me to post the combo fix log/report… and then… post the same log/report into a New Hijack This Log? So you want me to start a new thread? Just want to make sure I understand. Sorry... I am pretty green at this. Thank you.



ComboFix 09-07-12.03 - Adrian Dorsey 13/07/2009 22:24.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.1180 [GMT -4:00]
Running from: c:\users\Adrian Dorsey\Documents\Anti-malware\Combo-Fix.exe
Command switches used :: c:\users\Adrian Dorsey\Documents\Anti-malware\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\windows\System32\drivers\antispyware.sys"
"c:\windows\system32\pcmfd3.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\windows\System32\drivers\antispyware.sys
c:\windows\system32\pcmfd3.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTISPYWARE
-------\Service_antispyware


((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 02:30 . 2009-07-14 02:34 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\temp
2009-07-14 02:30 . 2009-07-14 02:30 -------- d-----w- c:\users\KIDS\AppData\Local\temp
2009-07-14 02:30 . 2009-07-14 02:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-07-13 18:28 . 2009-07-13 18:28 -------- d-----w- c:\program files\AskBarDis
2009-07-13 18:28 . 2009-07-14 02:30 -------- d-----w- c:\program files\Gamevance
2009-06-29 09:45 . 2009-06-29 09:46 -------- d-----w- c:\users\Adrian Dorsey\AppData\Roaming\DriverCure
2009-06-29 09:45 . 2009-06-29 09:50 -------- d-----w- c:\programdata\DriverCure
2009-06-29 09:45 . 2009-06-29 09:45 -------- d-----w- c:\programdata\ParetoLogic
2009-06-29 09:45 . 2009-06-29 09:45 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-28 01:36 . 2009-06-28 01:36 -------- d-----w- c:\program files\Alwil Software
2009-06-28 01:25 . 2009-07-01 20:13 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Adobe
2009-06-27 07:28 . 2009-06-27 07:28 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Apple
2009-06-27 07:27 . 2009-07-04 07:05 -------- d-----w- c:\users\Adrian Dorsey\AppData\Local\Apple Computer
2009-06-25 14:47 . 2009-06-25 14:47 -------- d-----w- c:\windows\system32\EventProviders
2009-06-25 00:32 . 2009-06-14 20:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-24 12:13 . 2009-06-03 19:21 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-24 12:13 . 2009-06-03 19:21 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-06-24 12:13 . 2009-06-03 19:21 1439488 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-24 12:13 . 2009-06-03 19:21 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-06-22 13:34 . 2009-06-22 13:38 -------- d-----w- c:\program files\Exterminate It!
2009-06-20 01:58 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 02:15 . 2009-03-09 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 02:15 . 2009-04-02 10:59 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-14 01:26 . 2007-04-10 01:36 17286 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\wklnhst.dat
2009-07-13 17:36 . 2009-03-09 15:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-03-09 15:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 15:45 . 2009-03-10 06:30 -------- d-----w- c:\programdata\Google Updater
2009-07-13 01:24 . 2009-04-20 22:16 117760 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-07 02:09 . 2008-11-27 19:46 -------- d-----w- c:\program files\Curse
2009-06-28 11:36 . 2007-09-29 02:47 -------- d-----w- c:\program files\Google
2009-06-27 16:06 . 2009-03-09 01:55 -------- d-----w- c:\programdata\avg8
2009-06-27 16:05 . 2007-06-24 23:48 1356 ----a-w- c:\users\Adrian Dorsey\AppData\Local\d3d9caps.dat
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-25 17:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-25 17:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-25 17:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-25 00:32 . 2009-06-24 12:14 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 12:35 . 2007-05-10 18:15 -------- d-----w- c:\program files\Diablo II
2009-06-24 12:13 . 2009-06-03 19:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 12:13 . 2009-06-03 19:21 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 12:13 . 2009-06-03 19:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 12:13 . 2009-06-24 12:14 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-20 05:11 . 2009-05-10 17:42 -------- d-----w- c:\users\Adrian Dorsey\AppData\Roaming\uTorrent
2009-06-10 12:22 . 2006-12-16 00:15 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 19:22 . 2009-06-24 12:14 11952 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-06-02 18:35 . 2009-06-02 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg17\RealPlayer11.exe
2009-06-02 18:35 . 2009-06-02 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 17:58 . 2009-04-20 21:53 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 01:37 . 2009-05-26 01:37 -------- d-----w- c:\program files\directx
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897D.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897C.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT897B.tmp
2009-05-26 01:37 . 2009-05-26 01:37 0 ----a-w- c:\windows\DXT896B.tmp
2009-05-25 21:31 . 2009-05-25 21:30 -------- d-----w- c:\program files\Project64 1.6
2009-05-25 21:30 . 2009-05-25 21:30 8854 ----a-r- c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-25 21:30 . 2009-05-25 21:30 40960 ----a-r- c:\users\Adrian Dorsey\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-23 18:18 . 2009-05-23 18:18 -------- d-----w- c:\program files\Creative Labs
2009-05-22 18:35 . 2009-05-22 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg16\RealPlayer11.exe
2009-05-18 02:43 . 2008-05-12 22:16 -------- d-----w- c:\users\KIDS\AppData\Roaming\LimeWire
2009-05-16 19:41 . 2007-06-14 22:54 -------- d-----w- c:\program files\Starcraft
2009-05-14 18:35 . 2009-05-14 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg15\RealPlayer11.exe
2009-05-11 00:23 . 2009-05-11 00:20 967 ----a-w- c:\windows\ScUnin.pif
2009-05-11 00:23 . 2009-05-11 00:20 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-11 00:23 . 2009-05-11 00:20 32829 ----a-w- c:\windows\scunin.dat
2009-05-10 17:45 . 2009-05-10 17:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-09 05:50 . 2009-06-10 09:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 18:35 . 2009-05-06 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg14\RealPlayer11.exe
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 16:21 . 2009-05-01 16:21 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 12:37 . 2009-06-10 12:17 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-10 12:17 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-26 18:35 . 2009-04-26 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg13\RealPlayer11.exe
2009-04-23 12:43 . 2009-06-10 09:04 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 09:04 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 09:04 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 18:35 . 2009-04-16 18:35 390664 ----a-w- c:\users\Adrian Dorsey\AppData\Roaming\Real\Update\temp\~Upg12\RealPlayer11.exe
2009-04-16 05:19 . 2009-04-16 04:33 2785558 ----a-w- c:\windows\system32\vgacache.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_01.03.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-08 23:46 . 2009-07-13 00:51 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-08 23:46 . 2009-07-14 02:20 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-08 23:46 . 2009-07-13 00:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-08 23:46 . 2009-07-14 02:20 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:32 . 2009-07-14 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-13 01:02 . 2009-07-13 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-13 01:02 . 2009-07-13 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:32 . 2009-07-14 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-18 17:37 . 2009-07-13 18:26 108196 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 10:33 . 2009-07-13 01:28 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-12 14:50 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-12 14:50 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-13 01:28 105448 c:\windows\System32\perfc009.dat
+ 2009-04-28 19:50 . 2009-07-13 01:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-28 19:50 . 2009-07-12 08:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2007-04-08 23:46 . 2009-07-13 00:51 1474560 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-08 23:46 . 2009-07-14 02:20 1474560 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-07 1966592]
"Google Update"="c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-16 133104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-01 1830128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-17 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-07-13 105984]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-4-11 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::de,fb,a3,c0,ba,f5,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1FE9B6C0-1B87-4974-A774-FF074593C772}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F27EF518-5D28-45D6-9EBB-3BF10E88F424}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EB6AB3C4-FC3B-4C99-AD41-4B5586C69367}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4BAC65C3-3E74-4689-8415-A5E0BA704E8D}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4FF7449C-CC12-4934-9088-FB66AE2A82C1}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{1FC1206A-4B01-45B9-8CA5-BC5CE9E96E12}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{7F0C30AF-B52A-41C9-AE90-E141AFF59230}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{6AFFC784-90EE-418B-B8E9-20288BBDEA93}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E9777598-EF17-46E2-A841-2793D5A12947}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{474702C0-D095-435D-AA66-D83371869CC4}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{FB5FC0AE-1936-4069-9EDD-A01645F1D81F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E7173B8C-71BA-45B6-846D-E969311DF4CB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5394F50D-589A-4B52-94F1-C24A1A883CCE}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9AF0C119-0DB9-41A3-905A-43C42E1921E7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56055A82-D1D2-4638-B6CE-BFB5393A5C00}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B336B372-FE30-4F77-99F3-41140A804C45}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0EBBBA37-87E7-400B-B095-244FE2C3B711}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7FC119E7-D1CC-4F48-A86A-BD334ACC8704}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1199C993-62C3-4CF1-BE98-5E8DD4CD345E}"= UDP:c:\program files\ASPMonitor\ASMonitor.exe:System
"{96B39734-403D-4F34-BDDE-091CE364C483}"= TCP:c:\program files\ASPMonitor\ASMonitor.exe:System
"{434C7E3E-69F6-4057-9C1F-40E3FC766EFB}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{C8DC5382-94A5-4AF1-850E-A8EE94D339FD}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{7BDCE8DC-9767-4E39-8B19-4345FEC1CA6C}"= UDP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{27B10499-FEF4-4122-8379-7B11535D6B8C}"= TCP:c:\program files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{2971861C-43AF-4211-8636-0F0B9497F4CE}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{653CD78B-42B8-4D9A-ADAA-C81F31158960}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{0EBBD789-41C5-4A95-83FD-D443B5962FEB}"= UDP:c:\program files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{05537DBB-3AAC-4F0D-A6EE-5E7BF0AFD26C}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BF1625D5-0A9C-484D-A1CC-7B4F946C5F65}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{B85428DF-632B-4D7C-B8C6-8063F80B4180}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BE257A65-3CE9-4138-B700-97CDB10571E7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C3888474-6C18-4309-874A-7134C833B426}"= UDP:c:\program files\Common Files\AOL\1205613029\ee\aolsoftware.exe:AOL Services
"{A7420A5A-CCA0-4368-8DD7-B62671A0F1B9}"= TCP:c:\program files\Common Files\AOL\1205613029\ee\aolsoftware.exe:AOL Services
"TCP Query User{58E0ED95-7910-4085-BD26-E588BE85E41F}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{E16FBB65-493B-44C0-AF8E-11FE483C5ABB}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{E3B322F4-C320-4EA3-B511-AA963D68F2B0}c:\\users\\kids\\appdata\\roaming\\icq6\\icq.exe"= UDP:c:\users\kids\appdata\roaming\icq6\icq.exe:ICQ Library
"UDP Query User{BDE42D44-B51B-4CA1-9ED1-410AF51ECD44}c:\\users\\kids\\appdata\\roaming\\icq6\\icq.exe"= TCP:c:\users\kids\appdata\roaming\icq6\icq.exe:ICQ Library
"{86CAC849-40B7-49B7-B21E-991F452263C0}"= UDP:c:\aeriagames\Shaiya\Updater.exe:Shaiya
"{D0E564A8-8E22-4A16-9664-705BF22E52ED}"= TCP:c:\aeriagames\Shaiya\Updater.exe:Shaiya
"{BFE4E035-23AA-467D-8613-31F5EAC2381E}"= UDP:3724:Blizzard Downloader: 3724
"{571EC848-C232-4602-BDD6-3D5596CB2F8B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{5A9C7750-2BCD-4B18-BA7E-DBBAE3E24D45}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F1554415-4B9D-4502-B35A-E90F633F09CA}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6B571B64-2100-4C83-BE3B-4C49DF3C0D96}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{523A33A7-032A-4B29-8D16-4611E0A5C0F8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{18643692-DB0F-4BB9-B3BC-7E7B77CE3AF2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B102EAD6-2A8B-4B0A-BC21-721665406BF1}c:\\users\\adrian dorsey\\program files\\dna\\btdna.exe"= UDP:c:\users\adrian dorsey\program files\dna\btdna.exe:btdna.exe
"UDP Query User{596A6013-2E2C-4BC6-BE59-DBB389C0A2E7}c:\\users\\adrian dorsey\\program files\\dna\\btdna.exe"= TCP:c:\users\adrian dorsey\program files\dna\btdna.exe:btdna.exe
"TCP Query User{68F6D43E-A39E-49D2-87D5-5E4DDFAC8CAB}c:\\users\\adrian dorsey\\appdata\\local\\temp\\blizzard launcher temporary - 20c72b78\\launcher.exe"= UDP:c:\users\adrian dorsey\appdata\local\temp\blizzard launcher temporary - 20c72b78\launcher.exe:launcher.exe
"UDP Query User{C1A463E3-0A1E-409B-9FF3-63CE76563553}c:\\users\\adrian dorsey\\appdata\\local\\temp\\blizzard launcher temporary - 20c72b78\\launcher.exe"= TCP:c:\users\adrian dorsey\appdata\local\temp\blizzard launcher temporary - 20c72b78\launcher.exe:launcher.exe
"TCP Query User{3480DC54-1DC3-488B-9890-8F2429CDEE45}c:\\program files\\curse\\curseclient.exe"= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{45DC1097-08D5-4F62-8B2C-C059BEBDD762}c:\\program files\\curse\\curseclient.exe"= TCP:c:\program files\curse\curseclient.exe:CurseClient
"TCP Query User{A93CD659-B938-4D25-B3E6-273E062B1C4E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{EABD92D2-B398-4CB6-B935-9C96F65DA9AD}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{18DFC33E-FF79-49B7-A48A-E1E12129FE28}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F4E0711C-5C9A-4361-A02F-4A7FF3D60B86}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A1C0FB52-EE59-4180-B8C1-DD94472ADFA1}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{482825BA-03E3-49A2-983D-E28D79A5F320}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{6C278662-8FEB-4C42-AA84-601594B3C8EA}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{0F13E1AD-FD99-47AF-B7E9-D948837178D1}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{3662D7C3-09D3-414C-ABCE-7FC27D95C294}"= UDP:c:\program files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{712BB7CD-04EF-4AA0-B763-92C7E848EB98}"= TCP:c:\program files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{8C87105F-567E-47D2-976F-F3D2B5538839}"= UDP:6112:Blizzard Downloader: 6112
"{BB1033CE-9A49-442E-8378-9935B79A7FD0}"= UDP:c:\program files\ACSPMonitor\ASMonitor.exe:System
"{FF173501-1BA5-4A86-AE1F-FFE826142642}"= TCP:c:\program files\ACSPMonitor\ASMonitor.exe:System
"{99C26582-00E1-4C69-994F-29BE84D32C66}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15D2D955-3A3B-4898-A6E4-8973630B9C83}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E2320AE3-0D68-4094-AB18-54C790182912}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{31054157-6817-4228-9D3E-86234B6DFF70}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B6A39245-2F8A-42B6-B4B2-D51621433BDC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{10ADFE4B-A0E3-4D35-AC9E-861BC478E93F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{355E2D92-30B9-4797-A2CD-49720007FF00}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{16C35A7A-FE78-401D-96CA-81D36E538E04}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/06/2009 15:21 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/06/2009 15:21 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/06/2009 15:21 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/06/2009 15:21 298776]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 14:32 208896]
S2 0277711236562837mcinstcleanup;McAfee Application Installer Cleanup (0277711236562837);c:\users\ADRIAN~1\AppData\Local\Temp\027771~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\ADRIAN~1\AppData\Local\Temp\027771~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a149cdaf3b43;Google Update Service (gupdate1c9a149cdaf3b43);c:\program files\Google\Update\GoogleUpdate.exe [10/03/2009 02:31 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 13:13 29696]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\System32\drivers\mr97310c.sys [11/04/2005 17:26 121472]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-26 21:45]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 06:30]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 06:30]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015252191-728118525-2351217088-1001Core.job
- c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 10:47]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4015252191-728118525-2351217088-1001UA.job
- c:\users\Adrian Dorsey\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 10:47]

2009-07-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-07-13 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-07-14 c:\windows\Tasks\User_Feed_Synchronization-{D01CB679-8B1D-4152-83ED-08F8004E79BC}.job
- c:\windows\system32\msfeedssync.exe [2009-04-28 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: dudesons.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 22:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000000BCBF3DD0D961EB9D6 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-07-14 22:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 02:43
ComboFix2.txt 2009-07-13 01:12

Pre-Run: 104,952,848,384 bytes free
Post-Run: 105,182,826,496 bytes free

378 --- E O F --- 2009-07-13 20:20

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 14 July 2009 - 05:15 AM

Ok... did the combofix again as you requested. Not sure I understand the linguo at the end. You want me to post the combo fix log/report… and then… post the same log/report into a New Hijack This Log? So you want me to start a new thread? Just want to make sure I understand. Sorry... I am pretty green at this. Thank you.


Just post ComboFix log report here if you don't have HijackThis.. Don't open a new topic while this one is active..

Reboot your computer, Download and run below file
http://oldtimer.geekstogo.com/TFC.exe


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 pendrakhis

pendrakhis
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 14 July 2009 - 12:59 PM

Eset finished what it had to do... it said that it removed 3 items. When I went to the location of the log this is all it had written in it which I posted below. Is that correct?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 15 July 2009 - 12:34 AM

Well, how's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 pendrakhis

pendrakhis
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 15 July 2009 - 06:35 AM

It is actually working 100% better. NO sign of Skynet or Arnold's Terminator anywhere... lol! Did I avoid judgement day? Haha... I can google where I want and nothing is interfering now. NO funny security thingies popping up freezing the computer. Is that it? I am so grateful for you help. Thank you very much!

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 15 July 2009 - 09:21 AM

Don't forget to do this for cleanup..

Please download OTCl and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users