Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware/Spyware


  • This topic is locked This topic is locked
30 replies to this topic

#1 Divaindeed22

Divaindeed22

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 15 July 2009 - 08:15 PM

I was infected with a Malware/Spyware I was assisted by another moderator on here with removing it and he advised me to post my DDS info because my computer was working a little better but was still running slow to turn on, and crashing, it also remained at a black screen after i logged in, only showing the mouse on the screen before my screen appeared: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/241167/i-think-my-computer-is-infected-with-malwarespyware/ ~ OB


DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 20:48:09.78 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.894.214 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Melissa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {196C3A46-4758-433D-A600-802C804AF39C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: []
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2007-3-10 202872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2006-9-19 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-18 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-10 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]

=============== Created Last 30 ================

2009-07-14 20:11 469,504 a------- c:\temp\RootRepeal.exe
2009-07-14 15:56 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:56 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:56 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:56 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 00:32 --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-09 00:32 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-07 21:54 --d----- c:\users\melissa\appdata\roaming\SUPERAntiSpyware.com
2009-07-07 21:54 --d----- c:\program files\SUPERAntiSpyware
2009-07-07 21:51 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-07 20:51 --d----- c:\program files\SpywareBlaster
2009-07-06 21:09 --d----- c:\temp\CE 10.1.8.8000
2009-07-06 21:09 5,666,080 a------- c:\temp\First.exe.exe
2009-07-06 21:09 3,012,768 a------- c:\temp\_SpywareBlasterSetup42.exe
2009-07-06 21:09 2,876,720 a------- c:\temp\Second.exe.exe
2009-07-06 21:09 50,688 a------- c:\temp\_ATF-Cleaner.exe
2009-07-05 08:57 91 a------- c:\windows\system32\hjgruipoxbclmf.dat
2009-07-04 21:03 135,452 a------- c:\windows\system32\hjgruiidsmxyhx.dat

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-10 21:55 51,200 a------- c:\windows\inf\infpub.dat
2009-06-10 21:55 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-06-11 03:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-27 23:16 174 a--sh--- c:\program files\desktop.ini
2007-03-23 00:44 0 a------- c:\users\melissa\appdata\roaming\wklnhst.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:49:22.08 ===============

Attached Files


Edited by Orange Blossom, 15 July 2009 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 26 July 2009 - 04:28 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 26 July 2009 - 09:03 PM

THIS IS THE DDS.txt below and uploaded is the attached.txt :


DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 21:59:19.87 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.266 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\ProgramData\Google\Google Toolbar\Update\gtbDE6E.tmp.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Users\Melissa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {196C3A46-4758-433D-A600-802C804AF39C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2007-3-10 202872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-10 101936]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]

=============== Created Last 30 ================

2009-07-21 20:55 <DIR> --d----- c:\program files\iPod
2009-07-21 20:54 <DIR> --d----- c:\program files\iTunes
2009-07-14 20:11 469,504 a------- c:\temp\RootRepeal.exe
2009-07-14 15:56 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:56 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:56 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:56 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 00:32 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-09 00:32 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\users\melissa\appdata\roaming\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 21:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-07 20:51 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-06 21:09 <DIR> --d----- c:\temp\CE 10.1.8.8000
2009-07-06 21:09 5,666,080 a------- c:\temp\First.exe.exe
2009-07-06 21:09 3,012,768 a------- c:\temp\_SpywareBlasterSetup42.exe
2009-07-06 21:09 2,876,720 a------- c:\temp\Second.exe.exe
2009-07-06 21:09 50,688 a------- c:\temp\_ATF-Cleaner.exe
2009-07-05 08:57 91 a------- c:\windows\system32\hjgruipoxbclmf.dat
2009-07-04 21:03 135,452 a------- c:\windows\system32\hjgruiidsmxyhx.dat

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-10 21:55 51,200 a------- c:\windows\inf\infpub.dat
2009-06-10 21:55 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2008-06-11 03:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-27 23:16 174 a--sh--- c:\program files\desktop.ini
2007-03-23 00:44 0 a------- c:\users\melissa\appdata\roaming\wklnhst.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:00:19.77 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 28 July 2009 - 03:30 AM

Hi,

There appears to be p2p file sharing stuff (Limewire at least) installed there. I recommend to uninstall it since dubious p2p downloads are nowadays behind big part of the infected systems.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.



Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 July 2009 - 11:43 PM

ComboFix 09-07-28.01 - Melissa 07/28/2009 23:14:36.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.187 [GMT -4:00]
Running from: C:\Users\Melissa\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-2365545147-1999384947-2466353664-500
C:\$RECYCLE.BIN\S-1-5-21-414214943-1168727838-4258520150-500
C:\WINDOWS\Installer\1598eaf1.msi
C:\Windows\system32\hjgruiidsmxyhx.dat
C:\Windows\system32\hjgruipoxbclmf.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruipptvexji


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-27 00:23:25 . 2009-07-15 08:00:00 87888 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\NAVENG.SYS
2009-07-27 00:23:25 . 2009-07-15 08:00:00 875728 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\NAVEX15.SYS
2009-07-27 00:23:25 . 2009-03-16 08:00:00 371248 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\EECTRL.SYS
2009-07-27 00:23:25 . 2009-03-16 08:00:00 2414128 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\CCERASER.DLL
2009-07-27 00:23:25 . 2009-03-16 08:00:00 177520 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\NAVENG32.DLL
2009-07-27 00:23:25 . 2009-03-16 08:00:00 1181040 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\NAVEX32A.DLL
2009-07-27 00:23:25 . 2009-03-16 08:00:00 101936 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\ERASER.SYS
2009-07-27 00:23:25 . 2009-01-14 16:09:28 259368 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090726.005\ECMSVR32.DLL
2009-07-27 00:17:55 . 2009-07-27 00:17:54 471664 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtbDE6E.tmp.exe
2009-07-22 00:55:09 . 2009-07-22 00:55:09 0 d-----w- C:\Program Files\iPod
2009-07-22 00:54:31 . 2009-07-22 00:55:43 0 d-----w- C:\Program Files\iTunes
2009-07-19 02:05:34 . 2009-07-14 08:00:00 87888 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\NAVENG.SYS
2009-07-19 02:05:34 . 2009-07-14 08:00:00 875728 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\NAVEX15.SYS
2009-07-19 02:05:34 . 2009-03-16 08:00:00 371248 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\EECTRL.SYS
2009-07-19 02:05:34 . 2009-03-16 08:00:00 177520 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\NAVENG32.DLL
2009-07-19 02:05:34 . 2009-03-16 08:00:00 1181040 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\NAVEX32A.DLL
2009-07-19 02:05:34 . 2009-03-16 08:00:00 101936 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\ERASER.SYS
2009-07-19 02:05:34 . 2009-01-14 16:09:28 259368 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\ECMSVR32.DLL
2009-07-19 02:05:33 . 2009-03-16 08:00:00 2414128 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090718.003\CCERASER.DLL
2009-07-17 02:00:12 . 2009-07-21 01:45:33 0 d-----w- C:\Users\Melissa\AppData\Local\Adobe
2009-07-15 08:00:00 . 2009-07-15 08:00:00 87888 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-07-15 08:00:00 . 2009-07-15 08:00:00 875728 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-07-15 00:11:16 . 2009-07-13 01:39:45 469504 ----a-w- C:\temp\RootRepeal.exe
2009-07-14 23:07:43 . 2009-07-14 23:07:43 0 d-----w- C:\Users\Melissa\AppData\Local\Apple
2009-07-14 19:56:08 . 2009-06-15 15:24:24 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-14 19:56:08 . 2009-06-15 15:20:27 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-14 19:56:07 . 2009-06-15 15:20:00 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-14 19:56:07 . 2009-06-15 12:52:13 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-14 19:30:40 . 2009-07-22 01:08:06 0 d-----w- C:\Users\Melissa\AppData\Local\Apple Computer
2009-07-14 19:29:42 . 2009-07-14 19:29:42 0 d-----w- C:\Users\Melissa\AppData\Local\AOL OCP
2009-07-14 19:28:23 . 2009-07-14 19:28:23 0 d-----w- C:\Users\Melissa\AppData\Local\AOL
2009-07-13 18:22:08 . 2009-07-13 18:22:08 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-10 01:59:59 . 2007-03-20 17:29:10 1332832 ----a-w- C:\ProgramData\Symantec\SyKnAppS\Freezer\CAV\SyKnAppS.dll
2009-07-09 22:44:27 . 2009-07-09 22:44:27 0 d-----w- C:\Windows\Sun
2009-07-09 04:34:02 . 2009-07-29 03:42:57 117760 ----a-w- C:\Users\Melissa\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-09 04:32:47 . 2009-07-09 04:32:47 0 d-----w- C:\ProgramData\SUPERAntiSpyware.com
2009-07-08 01:54:13 . 2009-07-09 04:32:48 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-07-08 01:54:13 . 2009-07-08 01:54:13 0 d-----w- C:\Users\Melissa\AppData\Roaming\SUPERAntiSpyware.com
2009-07-08 01:51:06 . 2009-07-08 01:51:06 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-08 00:51:37 . 2009-07-12 18:06:42 0 d-----w- C:\Program Files\SpywareBlaster
2009-07-07 01:18:47 . 2009-07-15 02:10:15 3775176 ----a-w- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-07 01:09:15 . 2009-07-07 01:09:34 0 d-----w- C:\temp\CE 10.1.8.8000
2009-07-07 01:09:12 . 2007-01-14 02:04:11 5666080 ----a-w- C:\temp\First.exe.exe
2009-07-07 01:09:09 . 2009-04-10 11:53:39 3012768 ----a-w- C:\temp\_SpywareBlasterSetup42.exe
2009-07-07 01:09:08 . 2009-03-18 18:27:20 2876720 ----a-w- C:\temp\Second.exe.exe
2009-07-07 01:09:07 . 2008-02-10 02:51:30 50688 ----a-w- C:\temp\_ATF-Cleaner.exe
2009-07-06 02:49:46 . 2009-07-12 17:57:58 680 ----a-w- C:\Users\Melissa\AppData\Local\d3d9caps.dat
2009-07-05 02:32:51 . 2009-05-09 05:34:34 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-05 02:32:47 . 2009-05-09 05:50:28 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-05 00:09:29 . 2009-03-16 08:00:00 89104 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\NAVENG.SYS
2009-07-05 00:09:29 . 2009-03-16 08:00:00 876144 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\NAVEX15.SYS
2009-07-05 00:09:29 . 2009-03-16 08:00:00 371248 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\EECTRL.SYS
2009-07-05 00:09:29 . 2009-03-16 08:00:00 177520 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\NAVENG32.DLL
2009-07-05 00:09:29 . 2009-03-16 08:00:00 1181040 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\NAVEX32A.DLL
2009-07-05 00:09:29 . 2009-03-16 08:00:00 101936 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\ERASER.SYS
2009-07-05 00:09:28 . 2009-03-16 08:00:00 2414128 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\CCERASER.DLL
2009-07-05 00:09:28 . 2009-01-14 16:09:28 259368 ----a-w- C:\ProgramData\Symantec\Definitions\VirusDefs\20090704.006\ECMSVR32.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 00:09:32 . 2008-05-17 01:04:55 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-22 00:55:08 . 2007-07-05 23:02:10 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-22 00:28:25 . 2007-03-30 03:24:42 0 d-----w- C:\Program Files\LimeWire
2009-07-15 04:14:40 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-15 02:10:33 . 2009-02-28 15:00:29 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 17:36:34 . 2009-02-28 15:00:31 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36:12 . 2009-02-28 15:00:34 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-06-19 00:55:27 . 2007-05-28 01:42:51 0 d-----w- C:\Program Files\AIM6
2009-06-19 00:55:13 . 2007-05-28 01:41:35 0 d-----w- C:\ProgramData\AOL Downloads
2009-06-12 07:13:02 . 2007-03-10 11:49:34 0 d-----w- C:\Program Files\Microsoft Works
2009-06-12 03:20:38 . 2009-06-12 03:20:38 0 d-----w- C:\Users\Melissa\AppData\Roaming\Research In Motion
2009-06-11 03:20:32 . 2007-03-22 05:07:55 106952 ----a-w- C:\Users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 02:08:53 . 2009-06-11 02:08:53 0 d-----w- C:\Users\Melissa\AppData\Roaming\InstallShield
2009-06-11 02:07:26 . 2008-01-16 03:21:22 0 d-----w- C:\ProgramData\Roxio
2009-06-11 02:04:46 . 2009-06-11 02:04:42 0 d-----w- C:\Program Files\Common Files\PX Storage Engine
2009-06-11 02:04:18 . 2007-03-10 11:45:16 0 d-----w- C:\Program Files\Common Files\Roxio Shared
2009-06-11 02:04:16 . 2007-03-10 11:45:34 0 d-----w- C:\Program Files\Roxio
2009-06-11 02:03:28 . 2007-03-10 11:45:17 0 d-----w- C:\Program Files\Common Files\Sonic Shared
2009-06-11 01:53:08 . 2009-06-11 01:52:30 0 d-----w- C:\Program Files\Common Files\Research In Motion
2009-06-11 01:52:19 . 2009-06-11 01:52:19 0 d-----w- C:\Program Files\Research In Motion
2009-06-08 22:28:39 . 2009-06-08 22:28:41 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtb8FD4.tmp.exe
2009-06-04 02:39:54 . 2009-06-04 02:38:00 0 d-----w- C:\Program Files\QuickTime
2009-05-29 17:36:16 . 2009-05-29 17:36:16 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-05-29 17:36:16 . 2009-05-29 17:36:16 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-05-19 05:35:58 . 2009-06-19 00:55:16 11568 ----a-w- C:\ProgramData\AOL Downloads\SUD4426\tbinst.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-24 00:53:24 1480296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 02:14:51 39408]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-10-31 19:22:38 50480]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 14:50:42 205480]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-09 04:32:40 1830128]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 04:51:15 2356088]
"WindowsWelcomeCenter"="oobefldr.dll" - C:\Windows\System32\oobefldr.dll [2008-01-19 07:36:02 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59:52 115816]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-26 23:18:38 22696]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 15:54:24 50696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 06:11:35 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 16:09:58 63712]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2007-12-18 18:18:54 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 20:24:20 54840]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 01:49:00 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 01:49:00 92704]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 00:58:04 177472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 11:34:38 134808]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 14:21:28 648072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"BlackBerryAutoUpdate"="C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 16:09:58 615696]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 14:37:50 236016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-15 16:26:18 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-25 00:20:34 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-09 04:32:40 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-07-09 04:32:40 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FFF61EE9-BE9A-4DD6-BDAF-AC5049C87D80}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0384CDA0-9636-4E5B-822A-EC99B93AFDDF}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A74DD46F-746B-4065-9AA8-6722ED6550FA}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{801FFAE0-E5CD-434D-A150-969B57CAA2A3}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{155609B1-116A-4CBF-A512-73E0D9843234}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DB35FC82-6F00-4F12-93A6-B149037DA14B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C695B1CD-A8E0-4562-B5C3-82D42FCC1B55}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3024F13-E196-4D53-B817-84D0807FBE22}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D2A0BD89-9501-444F-B9BF-82EC83803DAA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D3936FC0-FD77-45FC-B57C-7711AD61F3AE}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19E20B2E-FDA2-4769-945E-B5A9CD9E407F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ED5207CD-B394-411A-B555-51EEBC8B8D89}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{9204E125-826B-4391-AC88-77272B6E5BB0}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{37F6CBCB-D985-43C3-9953-666C1218ED72}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{5583D3F3-DAC3-4CAA-A203-186286D090A5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A075F8F7-8690-4B21-9DD7-F81E131331F5}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{61FE9FF6-585C-488D-8372-2154A0E4DEF1}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{A46377D8-4658-4E5F-A5DD-E66037C27A21}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{EA45609A-8FE5-4E42-9808-06499B0AA00E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C3BD7986-BB0F-42E6-97D1-95D707553268}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{234619AF-A4D7-44C3-9656-7BBAA1682D26}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B917F598-39C8-4A3B-8225-44C56E328070}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{1B5A7151-6FC7-4E5B-9A91-E2AC4438FFE3}"= UDP:C:\Program Files\Tencent\QQ Games\QQGames.exe:QQ Games
"{5C16E540-A3BC-4928-8A79-72B6E9933AAB}"= TCP:C:\Program Files\Tencent\QQ Games\QQGames.exe:QQ Games
"{38AF3260-6C4A-4416-98D7-391E7CBEF142}"= UDP:C:\Program Files\Tencent\QQ Games\QQGamesD.exe:QQ Games Downloader
"{9BE6AA6F-B375-4577-AB5C-156DF6D42C88}"= TCP:C:\Program Files\Tencent\QQ Games\QQGamesD.exe:QQ Games Downloader
"{E3956A23-90F0-46B5-A639-6812C74DF9BC}"= UDP:C:\Program Files\Tencent\QQ Games\Update\Update.exe:QQ Games Updater
"{A8A9E682-31A1-4971-8A6C-7FD484C02475}"= TCP:C:\Program Files\Tencent\QQ Games\Update\Update.exe:QQ Games Updater
"{50D3CC09-026D-4BC4-A728-C457640C8FED}"= UDP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{532BF953-A87A-4BC8-AB23-DC768647C113}"= TCP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{28AF6377-C1EA-48BA-96F1-E51804E82245}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{71B62EF5-F295-4CAB-A167-477E55218235}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A97B8F91-3E1F-4FFA-AFED-69389783020E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8C260742-E8F8-4782-B97D-F95516E1799A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C1131084-8353-43C1-98BA-11EE720FEC4E}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C2EF292E-0CE4-4958-81A2-A772393666B5}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5A5D1639-F8F7-4666-B810-DF3D65AAF04F}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{85B31F1E-1C57-4F88-B3C8-A350EA0B30B0}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{B17C936C-5ABB-482D-B147-45185044B24E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD67CE54-7D1B-4093-98C0-266274E04746}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [3/10/2007 8:03:40 AM 202872]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53:48 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 3:06:52 PM 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2009 8:23:11 PM 101936]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51:08 PM 4096]
R3 SYMNDISV;SYMNDISV;C:\Windows\System32\drivers\symndisv.sys [10/24/2006 8:40:22 AM 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Melissa.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48:18 . 2006-11-07 17:48:18]

2009-07-29 C:\Windows\Tasks\User_Feed_Synchronization-{6E65C258-AD8D-461E-9C95-B4D4A69AC42A}.job
- C:\Windows\system32\msfeedssync.exe [2009-07-05 02:29:19 . 2009-03-08 11:31:52]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.

**************************************************************************
scanning hidden processes ...



DDS LOG:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 0:40:14.40 on Wed 07/29/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.119 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\AIM6\anotify.exe
C:\Users\Melissa\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {196C3A46-4758-433D-A600-802C804AF39C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2007-3-10 202872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2006-9-19 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-10 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]

=============== Created Last 30 ================

2009-07-28 23:39 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-28 23:12 219,648 a------- c:\windows\PEV.exe
2009-07-28 23:12 161,792 a------- c:\windows\SWREG.exe
2009-07-28 23:12 98,816 a------- c:\windows\sed.exe
2009-07-28 23:12 <DIR> --ds---- C:\ComboFix
2009-07-28 23:11 318,976 a------- c:\windows\system32\CF1651.exe
2009-07-21 20:55 <DIR> --d----- c:\program files\iPod
2009-07-21 20:54 <DIR> --d----- c:\program files\iTunes
2009-07-14 20:11 469,504 a------- c:\temp\RootRepeal.exe
2009-07-14 15:56 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:56 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:56 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:56 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 00:32 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-09 00:32 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\users\melissa\appdata\roaming\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 21:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-07 20:51 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-06 21:09 <DIR> --d----- c:\temp\CE 10.1.8.8000
2009-07-06 21:09 5,666,080 a------- c:\temp\First.exe.exe
2009-07-06 21:09 3,012,768 a------- c:\temp\_SpywareBlasterSetup42.exe
2009-07-06 21:09 2,876,720 a------- c:\temp\Second.exe.exe
2009-07-06 21:09 50,688 a------- c:\temp\_ATF-Cleaner.exe

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-10 21:55 51,200 a------- c:\windows\inf\infpub.dat
2009-06-10 21:55 86,016 a------- c:\windows\inf\infstor.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2008-06-11 03:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-27 23:16 174 a--sh--- c:\program files\desktop.ini
2007-03-23 00:44 0 a------- c:\users\melissa\appdata\roaming\wklnhst.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:41:30.63 ===============

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 29 July 2009 - 02:24 AM

Hi,

It seems that there're both Norton Internet Security and Symantec Antivirus installed there. Uninstall one that you don't desire to keep.



Open notepad and copy/paste the text in the quotebox below into it:

DDS::
TB: {196C3A46-4758-433D-A600-802C804AF39C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Edited by Blade81, 29 July 2009 - 02:25 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 August 2009 - 05:11 PM

im having a problem installing java and because of this i cant run the scanner

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 02 August 2009 - 01:00 AM

Hi,

What kind of problem? Do you get some error message (if so what does it exactly say)?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 02 August 2009 - 07:59 AM

When you test the java, at the site to see if it is installed, a window pops up with this error message below:



Java Plug-in 1.6.0_14
Using JRE version 1.6.0_14-b08 Java HotSpot™ Client VM
User home directory = C:\Users\Melissa
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------


load: class testvmDynamicJavaComPopUp819.class not found.
java.lang.ClassNotFoundException: testvmDynamicJavaComPopUp819.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Exception: java.lang.ClassNotFoundException: testvmDynamicJavaComPopUp819.class

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 03 August 2009 - 08:12 AM

Hi,

Please uninstall Java 6 Update 14 and then reinstall it. See if you get rid of those errors. If not, let's try other option:
Download the latest version of Kaspersky Virus Removal Tool

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 August 2009 - 05:20 AM

Java was unable to install I was still getting the errors


Scan
----
Scanned: 1248883
Detected: 24
Untreated: 23
Start time: 8/4/2009 9:29:08 PM
Duration: 08:46:13
Finish time: 8/5/2009 6:15:21 AM


Detected
--------
Status Object
------ ------
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\035C0002.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\046C0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E80000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D80000.VBN//CryptZ
detected: Trojan program Trojan-Downloader.WMA.GetCodec.r File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN//CryptZ
detected: Trojan program Trojan-Downloader.WMA.GetCodec.r File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ECC0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0001.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4F5CF57D.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\035C0002.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\046C0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E80000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D80000.VBN//CryptZ
detected: Trojan program Trojan-Downloader.WMA.GetCodec.r File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B840000.VBN//CryptZ
detected: Trojan program Trojan-Downloader.WMA.GetCodec.r File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA80000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ECC0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0000.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F5C0001.VBN//CryptZ
detected: Trojan program Trojan.Win32.Monder.cqbi File: C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4F5CF57D.VBN//CryptZ
not found: Trojan program Trojan-Downloader.WMA.GetCodec.s File: C:\Users\Melissa\Shared\ev throwback reggae mix.snd
detected: Trojan program Trojan-Downloader.WMA.GetCodec.n File: C:\Users\Melissa\Shared\lil kim ft t-pain download.mp3


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

Edited by Divaindeed22, 05 August 2009 - 05:21 AM.


#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 05 August 2009 - 10:33 AM

Hi,

Do you have ComboFix log from last run available? Please post contents of it & fresh dds.txt contents too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 August 2009 - 02:04 PM

my last combofix log:

ComboFix 09-07-28.01 - Melissa 07/30/2009 0:17.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.202 [GMT -4:00]
Running from: c:\users\Melissa\Desktop\ComboFix.exe
Command switches used :: c:\users\Melissa\Desktop\CFScript.lnk
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\a9cf4.msi
.
---- Previous Run -------
.
c:\windows\Installer\1598eaf1.msi
c:\windows\system32\hjgruiidsmxyhx.dat
c:\windows\system32\hjgruipoxbclmf.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruipptvexji


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-27 00:23 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\NAVENG.SYS
2009-07-27 00:23 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\NAVEX15.SYS
2009-07-27 00:23 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\EECTRL.SYS
2009-07-27 00:23 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\CCERASER.DLL
2009-07-27 00:23 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\NAVENG32.DLL
2009-07-27 00:23 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\NAVEX32A.DLL
2009-07-27 00:23 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\ERASER.SYS
2009-07-27 00:23 . 2009-01-14 16:09 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090726.005\ECMSVR32.DLL
2009-07-27 00:17 . 2009-07-27 00:17 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDE6E.tmp.exe
2009-07-22 00:55 . 2009-07-22 00:55 -------- d-----w- c:\program files\iPod
2009-07-22 00:54 . 2009-07-22 00:55 -------- d-----w- c:\program files\iTunes
2009-07-19 02:05 . 2009-07-14 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\NAVENG.SYS
2009-07-19 02:05 . 2009-07-14 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\NAVEX15.SYS
2009-07-19 02:05 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\EECTRL.SYS
2009-07-19 02:05 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\NAVENG32.DLL
2009-07-19 02:05 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\NAVEX32A.DLL
2009-07-19 02:05 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\ERASER.SYS
2009-07-19 02:05 . 2009-01-14 16:09 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\ECMSVR32.DLL
2009-07-19 02:05 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090718.003\CCERASER.DLL
2009-07-17 02:00 . 2009-07-21 01:45 -------- d-----w- c:\users\Melissa\AppData\Local\Adobe
2009-07-15 08:00 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-07-15 08:00 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-07-15 00:11 . 2009-07-13 01:39 469504 ----a-w- c:\temp\RootRepeal.exe
2009-07-14 23:07 . 2009-07-14 23:07 -------- d-----w- c:\users\Melissa\AppData\Local\Apple
2009-07-14 19:56 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 19:56 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 19:56 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 19:56 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:30 . 2009-07-22 01:08 -------- d-----w- c:\users\Melissa\AppData\Local\Apple Computer
2009-07-14 19:29 . 2009-07-14 19:29 -------- d-----w- c:\users\Melissa\AppData\Local\AOL OCP
2009-07-14 19:28 . 2009-07-14 19:28 -------- d-----w- c:\users\Melissa\AppData\Local\AOL
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-09 22:44 . 2009-07-09 22:44 -------- d-----w- c:\windows\Sun
2009-07-09 04:34 . 2009-07-30 04:03 117760 ----a-w- c:\users\Melissa\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-09 04:32 . 2009-07-09 04:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-08 01:54 . 2009-07-09 04:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 01:54 . 2009-07-08 01:54 -------- d-----w- c:\users\Melissa\AppData\Roaming\SUPERAntiSpyware.com
2009-07-08 01:51 . 2009-07-08 01:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-08 00:51 . 2009-07-12 18:06 -------- d-----w- c:\program files\SpywareBlaster
2009-07-07 01:18 . 2009-07-15 02:10 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-07 01:09 . 2009-07-07 01:09 -------- d-----w- c:\temp\CE 10.1.8.8000
2009-07-07 01:09 . 2007-01-14 02:04 5666080 ----a-w- c:\temp\First.exe.exe
2009-07-07 01:09 . 2009-04-10 11:53 3012768 ----a-w- c:\temp\_SpywareBlasterSetup42.exe
2009-07-07 01:09 . 2009-03-18 18:27 2876720 ----a-w- c:\temp\Second.exe.exe
2009-07-07 01:09 . 2008-02-10 02:51 50688 ----a-w- c:\temp\_ATF-Cleaner.exe
2009-07-06 02:49 . 2009-07-12 17:57 680 ----a-w- c:\users\Melissa\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 03:56 . 2007-03-10 11:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 03:53 . 2007-03-10 11:57 -------- d-----w- c:\programdata\Symantec
2009-07-27 00:09 . 2008-05-17 01:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 00:55 . 2007-07-05 23:02 -------- d-----w- c:\program files\Common Files\Apple
2009-07-22 00:28 . 2007-03-30 03:24 -------- d-----w- c:\program files\LimeWire
2009-07-21 21:52 . 2009-07-28 23:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 23:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 23:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 23:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 04:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 02:10 . 2009-02-28 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 17:36 . 2009-02-28 15:00 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-02-28 15:00 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 00:55 . 2007-05-28 01:42 -------- d-----w- c:\program files\AIM6
2009-06-19 00:55 . 2007-05-28 01:41 -------- d-----w- c:\programdata\AOL Downloads
2009-06-12 07:13 . 2007-03-10 11:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 03:20 . 2009-06-12 03:20 -------- d-----w- c:\users\Melissa\AppData\Roaming\Research In Motion
2009-06-11 03:20 . 2007-03-22 05:07 106952 ----a-w- c:\users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 02:08 . 2009-06-11 02:08 -------- d-----w- c:\users\Melissa\AppData\Roaming\InstallShield
2009-06-11 02:07 . 2008-01-16 03:21 -------- d-----w- c:\programdata\Roxio
2009-06-11 02:04 . 2009-06-11 02:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-11 02:04 . 2007-03-10 11:45 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-11 02:04 . 2007-03-10 11:45 -------- d-----w- c:\program files\Roxio
2009-06-11 02:03 . 2007-03-10 11:45 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-11 01:53 . 2009-06-11 01:52 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-11 01:52 . 2009-06-11 01:52 -------- d-----w- c:\program files\Research In Motion
2009-06-08 22:28 . 2009-06-08 22:28 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8FD4.tmp.exe
2009-06-04 02:39 . 2009-06-04 02:38 -------- d-----w- c:\program files\QuickTime
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-19 05:35 . 2009-06-19 00:55 11568 ----a-w- c:\programdata\AOL Downloads\SUD4426\tbinst.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-29_03.39.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 22:30 . 2009-07-29 22:30 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iesetup.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iernonce.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iesetup.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iernonce.dll
+ 2009-07-28 23:39 . 2009-07-22 04:26 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedssync.exe
+ 2009-07-28 23:39 . 2009-07-22 05:59 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedsbs.dll
+ 2009-07-28 23:39 . 2009-07-21 20:13 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedssync.exe
+ 2009-07-28 23:39 . 2009-07-21 21:48 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedsbs.dll
+ 2009-07-28 23:39 . 2009-07-22 06:03 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\WininetPlugin.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\jsproxy.dll
+ 2009-07-28 23:39 . 2009-07-21 21:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\WininetPlugin.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\jsproxy.dll
+ 2007-03-10 12:09 . 2009-07-30 04:02 47652 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-30 04:03 52548 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-03-22 05:49 . 2009-07-30 04:03 10988 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-414214943-1168727838-4258520150-1000_UserData.bin
+ 2009-07-28 23:39 . 2009-07-21 20:13 13312 c:\windows\System32\msfeedssync.exe
- 2009-07-05 02:29 . 2009-03-08 11:31 13312 c:\windows\System32\msfeedssync.exe
+ 2009-07-28 23:39 . 2009-07-21 21:48 55296 c:\windows\System32\msfeedsbs.dll
- 2009-07-05 02:29 . 2009-03-08 11:31 55296 c:\windows\System32\msfeedsbs.dll
+ 2009-07-28 23:39 . 2009-07-21 21:52 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-07-05 02:32 . 2009-05-09 05:50 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 25600 c:\windows\System32\jsproxy.dll
- 2009-07-05 02:32 . 2009-05-09 05:35 25600 c:\windows\System32\jsproxy.dll
- 2009-07-05 02:32 . 2009-05-09 05:34 55808 c:\windows\System32\iernonce.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 55808 c:\windows\System32\iernonce.dll
- 2007-03-22 00:52 . 2009-07-29 03:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-03-22 00:52 . 2009-07-30 04:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-22 00:52 . 2009-07-29 03:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-22 00:52 . 2009-07-30 04:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-22 00:52 . 2009-07-29 03:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-22 00:52 . 2009-07-30 04:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-22 17:21 . 2009-07-30 03:55 5860 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-07-17 08:29 . 2009-07-30 03:30 1960 c:\windows\System32\WDI\{95c162b7-5b71-44f8-82e4-abfd3108f40f}.bin
- 2009-07-29 03:35 . 2009-07-29 03:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-30 03:57 . 2009-07-30 03:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-29 03:35 . 2009-07-29 03:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-30 03:57 . 2009-07-30 03:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-28 23:39 . 2009-07-22 05:58 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieui.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieui.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\iesysprep.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\iesysprep.dll
+ 2009-07-28 23:39 . 2009-07-22 04:27 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\ie4uinit.exe
+ 2009-07-28 23:39 . 2009-07-21 20:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe
+ 2009-07-28 23:39 . 2009-07-22 06:02 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\sqmapi.dll
+ 2009-07-28 23:39 . 2009-07-21 21:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\sqmapi.dll
+ 2009-07-28 23:39 . 2009-07-22 06:01 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\occache.dll
+ 2009-07-28 23:39 . 2009-07-21 21:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\occache.dll
+ 2009-07-28 23:39 . 2009-07-22 06:04 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
+ 2009-07-28 23:39 . 2009-07-22 04:27 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\ieUnatt.exe
+ 2009-07-28 23:39 . 2009-07-21 21:53 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
+ 2009-07-28 23:39 . 2009-07-21 20:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\ieUnatt.exe
+ 2009-07-28 23:39 . 2009-07-22 05:58 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\IEShims.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\IEShims.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\ieproxy.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\ieproxy.dll
+ 2009-07-28 23:39 . 2009-07-22 05:59 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\msfeeds.dll
+ 2009-07-28 23:39 . 2009-07-21 21:48 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\msfeeds.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\iepeers.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\iepeers.dll
+ 2009-07-28 23:39 . 2009-07-22 05:58 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\iedkcs32.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\iedkcs32.dll
+ 2009-07-28 23:39 . 2009-07-22 06:03 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
+ 2009-07-28 23:39 . 2009-07-21 21:52 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
+ 2007-03-23 14:29 . 2009-07-30 03:30 242566 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-28 23:39 . 2009-07-21 21:50 206848 c:\windows\System32\occache.dll
+ 2009-07-28 23:39 . 2009-07-21 21:48 594432 c:\windows\System32\msfeeds.dll
- 2009-07-05 02:29 . 2009-03-08 11:32 594432 c:\windows\System32\msfeeds.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 164352 c:\windows\System32\ieui.dll
- 2009-07-05 02:32 . 2009-05-09 05:34 164352 c:\windows\System32\ieui.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 184320 c:\windows\System32\iepeers.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 386048 c:\windows\System32\iedkcs32.dll
- 2009-07-05 02:32 . 2009-05-09 03:36 173056 c:\windows\System32\ie4uinit.exe
+ 2009-07-28 23:39 . 2009-07-21 20:13 173056 c:\windows\System32\ie4uinit.exe
+ 2007-03-10 11:57 . 2007-09-12 22:27 511328 c:\windows\System32\capicom.dll
+ 2009-07-29 22:30 . 2009-07-29 22:30 248832 c:\windows\Installer\d96e7.msi
+ 2009-07-28 23:39 . 2009-07-22 05:58 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\iertutil.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\iertutil.dll
+ 2009-07-28 23:40 . 2009-07-22 05:59 5938176 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
+ 2009-07-28 23:40 . 2009-07-21 21:48 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
+ 2009-07-28 23:39 . 2009-07-22 06:02 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\urlmon.dll
+ 2009-07-28 23:39 . 2009-07-21 21:52 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\urlmon.dll
+ 2009-07-28 23:39 . 2009-07-21 21:52 1208832 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-07-30 03:56 6115328 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-29 03:32 6115328 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-28 23:40 . 2009-07-21 21:48 5937152 c:\windows\System32\mshtml.dll
+ 2009-07-28 23:39 . 2009-07-21 21:47 1985536 c:\windows\System32\iertutil.dll
- 2009-07-28 01:54 . 2009-07-29 03:34 2001984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-28 01:54 . 2009-07-30 03:56 2001984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-29 04:52 . 2009-07-29 04:52 1054208 c:\windows\Installer\2cbcde.msi
+ 2009-07-28 23:40 . 2009-07-22 05:58 11068416 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll
+ 2009-07-28 23:40 . 2009-07-21 21:47 11067392 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll
+ 2009-05-09 21:18 . 2009-07-29 22:31 99497209 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2009-07-28 23:40 . 2009-07-21 21:47 11067392 c:\windows\System32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-24 1480296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-09 1830128]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-12-18 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2006-10-31 112320]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-07-09 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-07-09 04:32 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FFF61EE9-BE9A-4DD6-BDAF-AC5049C87D80}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0384CDA0-9636-4E5B-822A-EC99B93AFDDF}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A74DD46F-746B-4065-9AA8-6722ED6550FA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{801FFAE0-E5CD-434D-A150-969B57CAA2A3}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{155609B1-116A-4CBF-A512-73E0D9843234}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DB35FC82-6F00-4F12-93A6-B149037DA14B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C695B1CD-A8E0-4562-B5C3-82D42FCC1B55}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3024F13-E196-4D53-B817-84D0807FBE22}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D2A0BD89-9501-444F-B9BF-82EC83803DAA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D3936FC0-FD77-45FC-B57C-7711AD61F3AE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19E20B2E-FDA2-4769-945E-B5A9CD9E407F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ED5207CD-B394-411A-B555-51EEBC8B8D89}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9204E125-826B-4391-AC88-77272B6E5BB0}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{37F6CBCB-D985-43C3-9953-666C1218ED72}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{5583D3F3-DAC3-4CAA-A203-186286D090A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A075F8F7-8690-4B21-9DD7-F81E131331F5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{61FE9FF6-585C-488D-8372-2154A0E4DEF1}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{A46377D8-4658-4E5F-A5DD-E66037C27A21}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{EA45609A-8FE5-4E42-9808-06499B0AA00E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C3BD7986-BB0F-42E6-97D1-95D707553268}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{234619AF-A4D7-44C3-9656-7BBAA1682D26}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B917F598-39C8-4A3B-8225-44C56E328070}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{1B5A7151-6FC7-4E5B-9A91-E2AC4438FFE3}"= UDP:c:\program files\Tencent\QQ Games\QQGames.exe:QQ Games
"{5C16E540-A3BC-4928-8A79-72B6E9933AAB}"= TCP:c:\program files\Tencent\QQ Games\QQGames.exe:QQ Games
"{38AF3260-6C4A-4416-98D7-391E7CBEF142}"= UDP:c:\program files\Tencent\QQ Games\QQGamesD.exe:QQ Games Downloader
"{9BE6AA6F-B375-4577-AB5C-156DF6D42C88}"= TCP:c:\program files\Tencent\QQ Games\QQGamesD.exe:QQ Games Downloader
"{E3956A23-90F0-46B5-A639-6812C74DF9BC}"= UDP:c:\program files\Tencent\QQ Games\Update\Update.exe:QQ Games Updater
"{A8A9E682-31A1-4971-8A6C-7FD484C02475}"= TCP:c:\program files\Tencent\QQ Games\Update\Update.exe:QQ Games Updater
"{50D3CC09-026D-4BC4-A728-C457640C8FED}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{532BF953-A87A-4BC8-AB23-DC768647C113}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{28AF6377-C1EA-48BA-96F1-E51804E82245}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71B62EF5-F295-4CAB-A167-477E55218235}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A97B8F91-3E1F-4FFA-AFED-69389783020E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8C260742-E8F8-4782-B97D-F95516E1799A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C1131084-8353-43C1-98BA-11EE720FEC4E}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C2EF292E-0CE4-4958-81A2-A772393666B5}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5A5D1639-F8F7-4666-B810-DF3D65AAF04F}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{85B31F1E-1C57-4F88-B3C8-A350EA0B30B0}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{B17C936C-5ABB-482D-B147-45185044B24E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DD67CE54-7D1B-4093-98C0-266274E04746}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 3:06 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/18/2008 5:18 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2009 8:23 PM 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/24/2006 8:40 AM 37008]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 7:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\User_Feed_Synchronization-{6E65C258-AD8D-461E-9C95-B4D4A69AC42A}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 00:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-30 0:45
ComboFix-quarantined-files.txt 2009-07-30 04:45

Pre-Run: 30,570,762,240 bytes free
Post-Run: 30,442,213,376 bytes free

379 --- E O F --- 2009-07-29 22:36


New DDS:



DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 19:49:13.30 on Wed 08/05/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.65 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AIM6\anotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Melissa\Desktop\dds.scr
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Windows\system32\taskeng.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-04 21:26 <DIR> --d----- c:\programdata\is-V504V
2009-08-04 21:26 <DIR> --d----- c:\progra~2\is-V504V
2009-08-04 21:26 5,285,920 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-04 21:26 63,020 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-31 01:37 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-31 00:58 <DIR> --d----- c:\program files\AskBarDis
2009-07-31 00:58 <DIR> --d----- c:\users\melissa\appdata\roaming\Foxit
2009-07-31 00:57 <DIR> --d----- c:\program files\Foxit Software
2009-07-30 06:35 <DIR> --d----- c:\programdata\NOS
2009-07-30 06:15 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-30 00:15 <DIR> --ds---- C:\ComboFix
2009-07-28 23:12 219,648 a------- c:\windows\PEV.exe
2009-07-28 23:12 161,792 a------- c:\windows\SWREG.exe
2009-07-28 23:12 98,816 a------- c:\windows\sed.exe
2009-07-21 20:55 <DIR> --d----- c:\program files\iPod
2009-07-21 20:54 <DIR> --d----- c:\program files\iTunes
2009-07-14 20:11 469,504 a------- c:\temp\RootRepeal.exe
2009-07-14 15:56 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 15:56 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 15:56 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 15:56 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 00:32 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-09 00:32 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\users\melissa\appdata\roaming\SUPERAntiSpyware.com
2009-07-07 21:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 21:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-07 20:51 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-06 21:09 <DIR> --d----- c:\temp\CE 10.1.8.8000
2009-07-06 21:09 5,666,080 a------- c:\temp\First.exe.exe
2009-07-06 21:09 3,012,768 a------- c:\temp\_SpywareBlasterSetup42.exe
2009-07-06 21:09 2,876,720 a------- c:\temp\Second.exe.exe
2009-07-06 21:09 50,688 a------- c:\temp\_ATF-Cleaner.exe

==================== Find3M ====================

2009-07-31 01:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-31 01:17 86,016 a------- c:\windows\inf\infstor.dat
2009-07-31 01:17 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2008-06-11 03:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-27 23:16 174 a--sh--- c:\program files\desktop.ini
2007-03-23 00:44 0 a------- c:\users\melissa\appdata\roaming\wklnhst.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:51:27.53 ===============

Attached Files


Edited by Divaindeed22, 05 August 2009 - 06:53 PM.


#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:28 PM

Posted 06 August 2009 - 11:06 AM

Hi,

Uninstall Ask Toolbar if not installed on purpose.

Delete files in C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine and C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine folders

Delete C:\Users\Melissa\Shared\lil kim ft t-pain download.mp3 file too.

How's the system running now?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 08 August 2009 - 09:45 AM

It allowed me to delete some of the Quarantine, but there's 7 that it states I dont have permission to access those, and I dont know how to access permission, so it would not let me delete them, I was able to delete the lil feat t-pain, and uninstall the ask bar, but also unable to find the quarantine folder after numerous search




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users