Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - Not sure of what's infected my computer


  • This topic is locked This topic is locked
45 replies to this topic

#1 footballmom813

footballmom813

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 17 July 2009 - 08:08 AM

I've been trying for a couple of days to get my computer back. Here is my latest HJT log. Any help is appreciated on what my next step should be.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:26 AM, on 7/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hiwhrmon] "C:\WINDOWS\system32\hiwhrmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Michelle\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [cdloader] "C:\Documents and Settings\Michelle\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized (User '?')
O4 - HKUS\S-1-5-21-701221768-1186730467-2756938374-1007\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - HKUS\S-1-5-18\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213823934891
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213835077546
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: fdfggt.dll c:\windows\system32\yajumano.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC FineTune Task Manager (pc finetune task manager) - Avanquest North America, Inc. - C:\PROGRA~1\EARTHL~1\PCFINE~1\MXTask.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 12617 bytes

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:40 PM

Posted 27 July 2009 - 01:21 PM

Hello footballmom813 and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 30 July 2009 - 11:35 PM

Hi there! Well, I had gotten a virus and it changed everything on my desktop to default icons with .lnk at the end, same with favorites, but they were .url. It also unistalled windows installer and I couldn't run .exe or any other program. Fixed all that, for the most part. But now, my icons on my desktop take about 10 minutes to pop up at start up and everything has a 1-2 minute lag from the time you click on it. On the desktop, in windows, on IE....

Here is the logs from that scan...


DDS (Ver_09-07-30.01) - NTFSx86
Run by Michelle at 0:22:08.90 on Fri 07/31/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc598.mail.yahoo.com/mc/welcome?.gx=1&.tm=1248489541&.rand=aofe5mat043nv#_pg=showFolder;_ylc=X3oDMTBuZWpiMG10BF9TAzM5ODMwMTAxNARhYwNkZWxNc2dz&&filterBy=&fid=Inbox&nsc&hash=566ae30c9a1b217305fba86910f74f99&.jsrand=9262837
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Shell=explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [cdloader] "c:\documents and settings\michelle\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hiwhrmon] "c:\windows\system32\hiwhrmon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213823934891
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213835077546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: fdfggt.dll c:\windows\system32\yajumano.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-31 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-07-30 23:32 <DIR> --d----- c:\windows\pss
2009-07-28 22:12 <DIR> --d----- c:\program files\WinSCP
2009-07-23 14:05 57,344 a------- c:\windows\system32\ESQULxtijklwnfbcsionqekccsegggxtugjwj.dll
2009-07-23 14:05 23,552 a------- c:\windows\system32\ESQULfmmevijevuvkocacotlsqciybebysxiq.dll
2009-07-23 14:05 4 a------- c:\windows\system32\ESQULzcounter
2009-07-17 09:48 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-07-17 09:48 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-07-17 09:47 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-07-17 09:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 09:47 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-07-17 09:47 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-07-17 09:47 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-07-17 09:47 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-07-17 09:47 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-07-17 09:47 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-07-17 09:47 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-07-17 08:25 <DIR> --d----- c:\program files\Trend Micro
2009-07-16 05:40 <DIR> --d----- c:\program files\ESET
2009-07-14 18:23 <DIR> --d----- c:\program files\ACW
2009-07-14 17:34 <DIR> --d----- c:\docume~1\michelle\applic~1\GlarySoft
2009-07-14 17:32 <DIR> --d----- c:\program files\Glary Registry Repair
2009-07-14 17:11 <DIR> --d----- c:\docume~1\michelle\applic~1\Uniblue
2009-07-14 17:04 <DIR> --d----- c:\docume~1\michelle\applic~1\IObit
2009-07-14 17:04 <DIR> --d----- c:\program files\IObit
2009-07-14 02:17 <DIR> --d----- c:\program files\CCleaner
2009-07-13 22:14 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-13 03:03 287,275 a------- C:\toontown spoofer [cracked by SND].zip
2009-07-13 02:59 380,587 a------- C:\toontown spoofer + crack.zip
2009-07-13 02:58 286,647 a------- C:\toontown spoofer + keygen.zip

==================== Find3M ====================

2009-07-13 15:22 1,975 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 10:01 374,008 a------- C:\copytrans 3 from TSRh team (cracked).zip
2009-06-11 12:46 37,985 a------- C:\remove.exe
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-21 05:22 3 a------- c:\program files\winfin34.txt
2009-04-02 12:08 2,713 ---sh--- c:\windows\system32\gopoguyi.dll
2009-04-03 20:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040320090404\index.dat

============= FINISH: 0:24:41.92 ===============



AND-----



==== Installed Programs ======================

Disney's Toontown Online
DNA
IObit Security 360 Beta 2.2
Octoshape add-in for Adobe Flash Player
SmartDraw 2009
WinSCP 4.1.9

==== End Of File ===========================



THANK YOU!!!!

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 31 July 2009 - 12:57 PM

Hello.

Please run Rooter followed by GMER please.

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning.
  • At the main control page, please click the green Posted Image button.
  • It will now begin to scan, please be paitent. The scan should not take more than 3 minutes
  • A Notepad file containing the report will open soon. It can also be foun/d at %systemdrive%\Rooter$\Rooter_1.txt
  • Now push the Posted Image button to close Rooter.
  • Please post the contents of that log file here in your next reply.
----

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 02 August 2009 - 03:31 PM

Hi there and thank you. I ran the additional scans and here are the reports.....

FROM ROOTER-

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 75 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-NTFS] .. ( Total:292 Go - Free:202 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
L:\ [Removable]
.
Scan : 10:32.46
Path : C:\Documents and Settings\Michelle\Desktop\Rooter.exe
User : Michelle ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (640)
______ \??\C:\WINDOWS\system32\csrss.exe (712)
______ \??\C:\WINDOWS\system32\winlogon.exe (736)
______ C:\WINDOWS\system32\services.exe (780)
______ C:\WINDOWS\system32\lsass.exe (792)
______ C:\WINDOWS\system32\svchost.exe (972)
______ C:\WINDOWS\system32\svchost.exe (1020)
______ C:\WINDOWS\System32\svchost.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1216)
______ C:\WINDOWS\system32\svchost.exe (1276)
______ C:\WINDOWS\system32\spoolsv.exe (1464)
______ C:\WINDOWS\system32\svchost.exe (1572)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1612)
______ C:\WINDOWS\arservice.exe (1624)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1732)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1744)
______ C:\WINDOWS\system32\cisvc.exe (1764)
______ C:\WINDOWS\eHome\ehRecvr.exe (1824)
______ C:\WINDOWS\eHome\ehSched.exe (1948)
______ C:\Program Files\IObit\IObit Security 360\IS360srv.exe (2000)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (152)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (196)
______ C:\Program Files\Java\jre6\bin\jqs.exe (456)
______ C:\WINDOWS\system32\nvsvc32.exe (484)
______ C:\PROGRA~1\EARTHL~1\PCFINE~1\MXTask.exe (560)
______ C:\WINDOWS\system32\HPZipm12.exe (1140)
______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (1192)
______ C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (1204)
______ C:\WINDOWS\system32\svchost.exe (1644)
______ C:\WINDOWS\system32\svchost.exe (1656)
______ C:\WINDOWS\ehome\mcrdsvc.exe (1940)
______ C:\WINDOWS\system32\SearchIndexer.exe (2156)
______ C:\Program Files\AVG\AVG8\avgscanx.exe (2612)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (2632)
______ C:\WINDOWS\system32\cidaemon.exe (3692)
______ C:\WINDOWS\system32\imapi.exe (2564)
______ C:\Program Files\iPod\bin\iPodService.exe (3064)
______ C:\PROGRA~1\EARTHL~1\PCFINE~1\mxtask2.exe (1716)
______ C:\WINDOWS\explorer.exe (1096)
______ C:\Program Files\Internet Explorer\iexplore.exe (604)
______ C:\WINDOWS\system32\ctfmon.exe (796)
______ C:\WINDOWS\ARPWRMSG.EXE (1132)
______ C:\WINDOWS\RTHDCPL.EXE (3100)
______ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (3132)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2776)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (1168)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1776)
______ C:\WINDOWS\system32\hiwhrmon.exe (3796)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3664)
______ C:\Program Files\iTunes\iTunesHelper.exe (3680)
______ C:\WINDOWS\ehome\ehtray.exe (3648)
______ C:\Program Files\IObit\IObit Security 360\IS360tray.exe (3552)
______ C:\WINDOWS\eHome\ehmsas.exe (320)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2960)
______ C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (3512)
______ C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe (3268)
______ C:\Program Files\Messenger\msmsgs.exe (1256)
______ C:\WINDOWS\system32\taskmgr.exe (4084)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (3004)
______ C:\Program Files\DNA\btdna.exe (3532)
______ C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (3848)
______ C:\Program Files\BigFix\bigfix.exe (1304)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1260)
______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (4072)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (900)
______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (1880)
______ C:\Documents and Settings\Michelle\Desktop\Rooter.exe (1412)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:5749470720 | Length:314320849920)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:5749438464)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-701221768-1186730467-2756938374-1006.job
C:\WINDOWS\Tasks\IObit Security 360.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Michelle\My Documents\LimeWire\Incomplete\T-1313754829-Photoshop CS3 Extended + Serial and crack + Adobe Illustrator CS3.zip
C:\DOCUME~1\Michelle\My Documents\LimeWire\Incomplete\T-77282-flash 4d crack.zip
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 10:32.47
.
C:\Rooter$\Rooter_2.txt - (02/08/2009 | 10:32.47).c



----------------------------the other-------------------------------

GMER 1.0.15.15011 [pykz2poz.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 16:26:24
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\MJY2U13A\iframe3[1].htm 1091 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\MJY2U13A\iframe3[2].htm 0 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\MJY2U13A\st[1] 5641 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\01[1].htm 903 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\01[2].htm 897 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\01[3].htm 0 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\iframe3[1].htm 2286 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\iframe3[2].htm 0 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\st[1] 5627 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\N6VLYMJG\st[2] 5636 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\P6L2ZULK\st[1] 5633 bytes
File C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\P6L2ZULK\st[2] 5648 bytes

---- EOF - GMER 1.0.15 ----

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 03 August 2009 - 09:29 AM

Hello.

First.

Cracks and Keygenes.

Cracks and Key Generators Warning

I see evidence of cracks/keygene related files on your computer. This means You have used or downloaded cracks or key generators.

You should know that use of these is considered illegal activity, as it bypasses copyright laws.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. They are illegal. Cracked software is notorious for carrying malware/infections.

Antivirus programs cannot protect you against what you are deliberately running. If you have or are using a CRACKED version of ANY security programs you are basically infecting yourself by installing that software, as it's not going to protect you. Please uninstall them if you have any installed.

We will remove these these as a threat, so please delete them or uninstall them if you have any of these installed.

---

You still have some infections on your system, so let's clear out some of them.

Please run Malwarebytes Anti-Malware. Once it's done, please take a new DDS Run and post back with both the DDS and Attach logs. Thanks.


Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 03 August 2009 - 06:53 PM

Here is the DDs report after running MB-------


DDS (Ver_09-07-30.01) - NTFSx86
Run by Michelle at 19:48:15.07 on Mon 08/03/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc598.mail.yahoo.com/mc/welcome?.gx=1&.tm=1248489541&.rand=aofe5mat043nv#_pg=showFolder;_ylc=X3oDMTBuZWpiMG10BF9TAzM5ODMwMTAxNARhYwNkZWxNc2dz&&filterBy=&fid=Inbox&nsc&hash=566ae30c9a1b217305fba86910f74f99&.jsrand=9262837
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Shell=explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [cdloader] "c:\documents and settings\michelle\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hiwhrmon] "c:\windows\system32\hiwhrmon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213823934891
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213835077546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: fdfggt.dll c:\windows\system32\yajumano.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-02 10:28 <DIR> --d----- C:\Rooter$
2009-08-01 14:37 34 a------- c:\documents and settings\michelle\jagex_runescape_preferences.dat
2009-08-01 14:37 <DIR> --d----- c:\windows\.jagex_cache_32
2009-07-31 03:38 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-31 03:29 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-31 03:29 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-31 03:27 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-07-31 03:26 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-07-31 03:26 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-07-31 03:25 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-07-31 03:25 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-07-31 03:25 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-07-31 03:25 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-07-31 03:25 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-07-31 03:25 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-07-31 03:24 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-31 03:24 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-31 03:24 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-07-31 03:24 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-31 03:24 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-07-31 03:24 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-07-31 03:24 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-31 03:24 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-31 03:21 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 03:21 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-31 03:21 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 03:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-31 03:20 <DIR> --d----- c:\program files\AVG
2009-07-31 03:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-31 03:08 <DIR> --d----- c:\docume~1\michelle\applic~1\AVG8
2009-07-31 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-07-30 23:32 <DIR> --d----- c:\windows\pss
2009-07-28 22:12 <DIR> --d----- c:\program files\WinSCP
2009-07-17 09:48 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-07-17 09:48 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-07-17 09:47 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-07-17 09:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 09:47 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-07-17 09:47 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-07-17 09:47 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-07-17 09:47 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-07-17 09:47 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-07-17 09:47 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-07-17 09:47 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-07-17 08:25 <DIR> --d----- c:\program files\Trend Micro
2009-07-16 05:40 <DIR> --d----- c:\program files\ESET
2009-07-14 18:23 <DIR> --d----- c:\program files\ACW
2009-07-14 17:34 <DIR> --d----- c:\docume~1\michelle\applic~1\GlarySoft
2009-07-14 17:32 <DIR> --d----- c:\program files\Glary Registry Repair
2009-07-14 17:11 <DIR> --d----- c:\docume~1\michelle\applic~1\Uniblue
2009-07-14 17:04 <DIR> --d----- c:\docume~1\michelle\applic~1\IObit
2009-07-14 17:04 <DIR> --d----- c:\program files\IObit
2009-07-14 02:17 <DIR> --d----- c:\program files\CCleaner
2009-07-13 22:14 664 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 15:22 1,975 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-11 12:46 37,985 a------- C:\remove.exe
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-01-21 05:22 3 a------- c:\program files\winfin34.txt
2009-04-02 12:08 2,713 ---sh--- c:\windows\system32\gopoguyi.dll
2009-04-03 20:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040320090404\index.dat

============= FINISH: 19:50:46.98 ===============


Also this-----


==== Installed Programs ======================

AVG Free 8.5
Disney's Toontown Online
DNA
IObit Security 360 Beta 2.2
Malwarebytes' Anti-Malware
Octoshape add-in for Adobe Flash Player
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SmartDraw 2009
WinSCP 4.1.9

==== End Of File ===========================

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 03 August 2009 - 09:04 PM

Hello.

May I see the Malwarebytes log. The Attach log doesn't appear to be the full Attach log, can you please post the full attach log for me.

Thanks.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 04 August 2009 - 10:32 AM

OK, you need a MB log and another DDS log? Correct?

#10 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 04 August 2009 - 10:50 AM

Here ya go!

Malwarebytes' Anti-Malware 1.40
Database version: 2553
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/4/2009 11:42:50 AM
mbam-log-2009-08-04 (11-42-50).txt

Scan type: Quick Scan
Objects scanned: 123080
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------------------------------------------------------------



DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Michelle at 11:46:36.89 on Tue 08/04/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc598.mail.yahoo.com/mc/welcome?.gx=1&.tm=1248489541&.rand=aofe5mat043nv#_pg=showFolder;_ylc=X3oDMTBuZWpiMG10BF9TAzM5ODMwMTAxNARhYwNkZWxNc2dz&&filterBy=&fid=Inbox&nsc&hash=566ae30c9a1b217305fba86910f74f99&.jsrand=9262837
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Shell=explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [cdloader] "c:\documents and settings\michelle\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hiwhrmon] "c:\windows\system32\hiwhrmon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213823934891
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213835077546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: fdfggt.dll c:\windows\system32\yajumano.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-02 10:28 <DIR> --d----- C:\Rooter$
2009-08-01 14:37 34 a------- c:\documents and settings\michelle\jagex_runescape_preferences.dat
2009-08-01 14:37 <DIR> --d----- c:\windows\.jagex_cache_32
2009-07-31 03:38 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-31 03:29 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-31 03:29 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-31 03:27 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-07-31 03:26 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-07-31 03:26 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-07-31 03:25 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-07-31 03:25 161,792 -c------ c:\windows\system32\dllcache\msdtcuiu.dll
2009-07-31 03:25 91,648 -c------ c:\windows\system32\dllcache\mtxoci.dll
2009-07-31 03:25 66,560 -c------ c:\windows\system32\dllcache\mtxclu.dll
2009-07-31 03:25 58,880 -c------ c:\windows\system32\dllcache\msdtclog.dll
2009-07-31 03:25 956,928 -c------ c:\windows\system32\dllcache\msdtctm.dll
2009-07-31 03:24 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-31 03:24 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-31 03:24 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-07-31 03:24 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-31 03:24 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-07-31 03:24 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-07-31 03:24 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-31 03:24 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-31 03:21 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 03:21 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-31 03:21 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 03:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-31 03:20 <DIR> --d----- c:\program files\AVG
2009-07-31 03:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-31 03:08 <DIR> --d----- c:\docume~1\michelle\applic~1\AVG8
2009-07-31 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-07-30 23:32 <DIR> --d----- c:\windows\pss
2009-07-28 22:12 <DIR> --d----- c:\program files\WinSCP
2009-07-17 09:48 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-07-17 09:48 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-07-17 09:47 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-07-17 09:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 09:47 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-07-17 09:47 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-07-17 09:47 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-07-17 09:47 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-07-17 09:47 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-07-17 09:47 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-07-17 09:47 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-07-17 08:25 <DIR> --d----- c:\program files\Trend Micro
2009-07-16 05:40 <DIR> --d----- c:\program files\ESET
2009-07-14 18:23 <DIR> --d----- c:\program files\ACW
2009-07-14 17:34 <DIR> --d----- c:\docume~1\michelle\applic~1\GlarySoft
2009-07-14 17:32 <DIR> --d----- c:\program files\Glary Registry Repair
2009-07-14 17:11 <DIR> --d----- c:\docume~1\michelle\applic~1\Uniblue
2009-07-14 17:04 <DIR> --d----- c:\docume~1\michelle\applic~1\IObit
2009-07-14 17:04 <DIR> --d----- c:\program files\IObit
2009-07-14 02:17 <DIR> --d----- c:\program files\CCleaner
2009-07-13 22:14 664 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 15:22 1,975 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-11 12:46 37,985 a------- C:\remove.exe
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-01-21 05:22 3 a------- c:\program files\winfin34.txt
2009-04-02 12:08 2,713 ---sh--- c:\windows\system32\gopoguyi.dll
2009-04-03 20:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040320090404\index.dat

============= FINISH: 11:48:54.92 ===============



There are about 4 or 5 things at the bottom of the black DDS box that say "Can't read such n such....and can't find such n such.....etc etc....

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 04 August 2009 - 11:58 AM

Hello.

We are going to run Combofix and see what's still left.
Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 04 August 2009 - 12:05 PM

I can not open Combofix because my computer says "can not open .pif" or something to that nature. Any suggestions on how to open it?

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 04 August 2009 - 12:08 PM

Hello.

I can not open Combofix because my computer says "can not open .pif" or something to that nature. Any suggestions on how to open it?

May I see the exact error code or message you recieve please?

Run OTL for me:

Download and run OTL
  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the Posted Image icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 footballmom813

footballmom813
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 04 August 2009 - 12:24 PM

Ok, got ComboFix to run. Here are the results for you.

ComboFix 09-08-04.01 - Michelle 08/04/2009 13:16.1.2 - NTFSx86 NETWORK
Running from: c:\documents and settings\Michelle\Desktop\Spyware And Virus Programs\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Michelle\Application Data\020000006b209eb1565C.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1565O.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1565P.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1565S.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1623C.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1623O.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1623P.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1623S.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1638C.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1638O.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1638P.manifest
c:\documents and settings\Michelle\Application Data\020000006b209eb1638S.manifest
c:\documents and settings\Michelle\Favorites\DVD - Forty Yard Dash Fundamentals Running Mechanics .com.url
c:\documents and settings\Michelle\Favorites\Favorites display the trailing .URL for Internet shortcuts.url
c:\documents and settings\Michelle\Favorites\Repair association with .EXE files.url
c:\documents and settings\Michelle\Favorites\YouTube - Golden Girls (S3) - .url
c:\documents and settings\Owner.Milts\Application Data\020000006b209eb1623C.manifest
c:\documents and settings\Owner.Milts\Application Data\020000006b209eb1623O.manifest
c:\documents and settings\Owner.Milts\Application Data\020000006b209eb1623P.manifest
c:\documents and settings\Owner.Milts\Application Data\020000006b209eb1623S.manifest
c:\documents and settings\Owner.Milts\Favorites\www.weldingsupply.com . . . (ground clamp).url
c:\documents and settings\Zerek\Application Data\020000006b209eb1638C.manifest
c:\documents and settings\Zerek\Application Data\020000006b209eb1638O.manifest
c:\documents and settings\Zerek\Application Data\020000006b209eb1638P.manifest
c:\documents and settings\Zerek\Application Data\020000006b209eb1638S.manifest
c:\program files\IEToolbar
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\program files\winfin34.txt
c:\recycler\S-1-5-21-675275195-1571110354-3152284402-500
c:\windows\GnuHashes.ini
c:\windows\Installer\55962.msp
c:\windows\kb913800.exe
c:\windows\rgmonsvc.exe
c:\windows\system32\Drivers\pfkv.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GZk2y.exe
c:\windows\system32\iHs1d.exe
c:\windows\system32\iWu4h.exe
c:\windows\system32\ko5Qs.exe
c:\windows\system32\v3kP8.exe
C:\xcrashdump.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 17:18 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-02 14:28 . 2009-08-02 14:32 -------- d-----w- C:\Rooter$
2009-08-02 14:26 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Michelle\Application Data\mjusbsp\in00000\setup.exe
2009-08-02 14:26 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ar00000\install.exe
2009-08-02 14:26 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-08-02 04:14 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Michelle\Application Data\mjusbsp\Upgrade\setup2.exe
2009-08-02 04:14 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Michelle\Application Data\mjusbsp\Upgrade\install2.exe
2009-08-01 18:37 . 2009-08-02 02:17 34 ----a-w- c:\documents and settings\Michelle\jagex_runescape_preferences.dat
2009-08-01 18:37 . 2009-08-01 18:37 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\Michelle\Application Data\mjusbsp\cdloader2.exe
2009-07-31 07:38 . 2009-08-04 12:12 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-31 07:29 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-31 07:29 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-31 07:27 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-07-31 07:26 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-07-31 07:26 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-07-31 07:25 . 2008-12-16 12:30 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-07-31 07:25 . 2008-06-12 14:23 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-07-31 07:25 . 2008-06-12 14:23 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-07-31 07:25 . 2008-06-12 14:23 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-07-31 07:25 . 2008-06-12 14:23 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-07-31 07:25 . 2008-06-12 14:23 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-07-31 07:24 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-31 07:24 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-31 07:24 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-31 07:24 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-31 07:24 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-07-31 07:24 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-31 07:24 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-31 07:24 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-31 07:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-31 07:23 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-31 07:21 . 2009-07-31 07:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 07:21 . 2009-07-31 07:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-31 07:21 . 2009-07-31 07:21 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 07:21 . 2009-07-31 07:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 07:21 . 2009-08-04 13:46 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-31 07:20 . 2009-07-31 07:20 -------- d-----w- c:\program files\AVG
2009-07-31 07:20 . 2009-07-31 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-31 07:08 . 2009-07-31 07:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\AVG8
2009-07-31 04:18 . 2009-07-31 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-29 02:12 . 2009-07-29 02:12 -------- d-----w- c:\program files\WinSCP
2009-07-17 13:48 . 2001-08-17 18:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2009-07-17 13:48 . 2001-08-17 17:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2009-07-17 13:47 . 2004-08-10 19:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-07-17 13:47 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-17 13:47 . 2004-08-10 19:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-07-17 13:47 . 2004-08-10 19:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-07-17 13:47 . 2004-08-10 19:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2009-07-17 13:47 . 2004-08-10 19:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-07-17 13:47 . 2004-08-10 19:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-07-17 13:47 . 2004-08-10 19:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2009-07-17 12:25 . 2009-07-17 12:25 -------- d-----w- c:\program files\Trend Micro
2009-07-16 09:40 . 2009-07-16 09:40 -------- d-----w- c:\program files\ESET
2009-07-14 22:23 . 2009-07-14 22:23 -------- d-----w- c:\program files\ACW
2009-07-14 21:34 . 2009-07-14 21:34 -------- d-----w- c:\documents and settings\Michelle\Application Data\GlarySoft
2009-07-14 21:32 . 2009-07-27 00:14 -------- d-----w- c:\program files\Glary Registry Repair
2009-07-14 21:11 . 2009-07-14 21:11 -------- d-----w- c:\documents and settings\Michelle\Application Data\Uniblue
2009-07-14 21:04 . 2009-07-27 07:53 -------- d-----w- c:\documents and settings\Michelle\Application Data\IObit
2009-07-14 21:04 . 2009-07-31 04:18 -------- d-----w- c:\program files\IObit
2009-07-14 06:17 . 2009-07-14 06:18 -------- d-----w- c:\program files\CCleaner
2009-07-14 02:14 . 2009-07-31 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 01:33 . 2009-06-20 23:54 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2013-06-21 04:10 . 2009-06-20 23:54 -------- d-----w- c:\documents and settings\Zerek\Application Data\Smart-Shopper
2009-08-04 15:34 . 2009-05-22 02:08 -------- d-----w- c:\documents and settings\Michelle\Application Data\DNA
2009-08-04 01:34 . 2009-05-22 02:08 -------- d-----w- c:\program files\DNA
2009-08-03 23:26 . 2009-02-27 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 23:26 . 2009-04-02 22:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-03 17:36 . 2009-02-27 17:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-02-27 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 14:26 . 2009-06-03 23:59 -------- d-----w- c:\documents and settings\Michelle\Application Data\mjusbsp
2009-07-30 23:12 . 2008-11-14 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-28 09:05 . 2008-08-01 19:54 45480 ----a-w- c:\documents and settings\Michelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 23:41 . 2009-06-26 01:49 117760 ----a-w- c:\documents and settings\Michelle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-18 02:05 . 2008-12-08 15:37 45480 ----a-w- c:\documents and settings\Zerek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 07:44 . 2008-11-03 23:34 -------- d-----w- c:\program files\Graboid
2009-07-14 22:18 . 2008-08-14 08:51 -------- d-----w- c:\program files\NOS
2009-07-14 22:18 . 2008-08-14 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-14 22:17 . 2008-06-18 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 20:16 . 2009-06-25 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-14 20:14 . 2009-04-04 18:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 03:27 . 2008-08-01 20:10 -------- d-----w- c:\documents and settings\Michelle\Application Data\LimeWire
2009-06-26 23:57 . 2009-06-26 23:57 -------- d-----w- c:\documents and settings\Michelle\Application Data\VoipStunt
2009-06-26 23:56 . 2009-06-26 23:56 -------- d-----w- c:\program files\VoipStunt.com
2009-06-26 01:57 . 2009-06-26 01:56 -------- d-----w- c:\program files\iTunes
2009-06-26 01:56 . 2009-06-26 01:56 -------- d-----w- c:\program files\iPod
2009-06-26 01:56 . 2008-07-30 13:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-26 01:56 . 2008-07-21 09:43 -------- d-----w- c:\program files\QuickTime
2009-06-26 01:49 . 2009-06-26 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-26 01:32 . 2009-06-26 01:32 -------- d-----w- c:\program files\Exterminate It!
2009-06-25 19:14 . 2009-06-25 19:14 -------- d-----w- c:\documents and settings\Michelle\Application Data\SUPERAntiSpyware.com
2009-06-25 17:09 . 2008-11-20 09:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-25 06:23 . 2009-06-20 23:55 -------- d-----w- c:\program files\Speeditup Free
2009-06-25 03:34 . 2009-06-25 03:34 -------- d-----w- c:\program files\iPodRobot
2009-06-25 03:34 . 2009-06-25 03:34 -------- d-----w- c:\program files\Common Files\eSellerate
2009-06-25 03:34 . 2009-06-23 13:38 -------- d-----w- c:\program files\The Spoof Net
2009-06-25 03:34 . 2008-06-18 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 03:34 . 2009-06-24 12:39 -------- d-----w- c:\program files\QuickFreedom
2009-06-25 03:34 . 2009-06-24 13:21 -------- d-----w- c:\program files\LibUSB-Win32
2009-06-25 03:33 . 2009-06-24 16:48 -------- d-----w- c:\program files\Pod to PC
2009-06-24 20:58 . 2008-06-18 18:15 -------- d-----w- c:\program files\Gateway Games
2009-06-24 13:41 . 2009-06-24 13:41 -------- d-----w- c:\program files\Daniusoft
2009-06-20 23:56 . 2009-06-20 23:54 -------- d-----w- c:\program files\RealArcade
2009-06-20 23:55 . 2009-06-20 23:55 -------- d-----w- c:\documents and settings\Zerek\Application Data\WeatherBug
2009-06-20 23:54 . 2009-06-20 23:54 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-06-18 22:48 . 2008-12-25 11:26 -------- d-----w- c:\documents and settings\Zerek\Application Data\Apple Computer
2009-06-18 01:58 . 2008-06-18 18:15 -------- d-----w- c:\program files\Java
2009-06-18 01:58 . 2009-06-18 01:58 152576 ----a-w- c:\documents and settings\Michelle\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 19:07 . 2008-07-21 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-16 14:36 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 20:11 . 2009-04-04 21:45 -------- d-----w- c:\documents and settings\Michelle\Application Data\EarthLink
2009-06-13 20:11 . 2009-04-04 18:43 -------- d-----w- c:\program files\EarthLink
2009-06-13 20:08 . 2008-06-18 18:10 -------- d-----w- c:\program files\CyberLink
2009-06-13 19:59 . 2009-04-16 14:17 -------- d-----w- c:\documents and settings\Zerek\Application Data\EarthLink
2009-06-13 19:59 . 2009-04-08 19:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\EarthLink
2009-06-13 19:59 . 2009-04-04 18:43 -------- d-----w- c:\documents and settings\Owner.Milts\Application Data\EarthLink
2009-06-13 19:59 . 2009-04-04 18:44 -------- d-----w- c:\program files\Common Files\EarthLink
2009-06-13 19:58 . 2009-05-21 22:01 -------- d-----w- c:\program files\EasyDVDVideoCopy
2009-06-13 19:57 . 2008-09-07 17:04 -------- d-----w- c:\program files\Pix2Fone
2009-06-13 19:56 . 2009-05-21 21:57 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2009-06-11 16:52 . 2009-06-11 16:52 -------- d-----w- c:\documents and settings\Zerek\Application Data\AVS4YOU
2009-06-11 16:51 . 2009-05-22 13:52 -------- d-----w- c:\program files\AVS4YOU
2009-06-11 16:46 . 2009-06-11 16:46 37985 ----a-w- C:\remove.exe
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\Zerek\Application Data\PictureTrail
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 15:42 . 2009-05-06 21:49 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-11-02 03:18 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2006-06-17 09:23 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 15:33 . 2009-05-06 18:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 01:25 . 2009-04-03 14:29 0 ----a-w- c:\windows\system32\drivers\a7a43528.sys
2009-05-07 15:32 . 2007-07-12 13:20 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:07 . 2009-05-06 18:07 152576 ----a-w- c:\documents and settings\Michelle\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 16:08 . 2009-04-02 16:08 2713 --sh--w- c:\windows\system32\gopoguyi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Michelle\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2009-07-09 9089840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-31 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-09 4363504]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-22 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-10-01 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"hiwhrmon"="c:\windows\system32\hiwhrmon.exe" [2009-02-26 860160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-07-26 827664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-31 2000152]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-14 16010752]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-6-18 2168360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 07:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 a7a43528;a7a43528;c:\windows\System32\drivers\a7a43528.sys [2009-05-15 0]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-07-26 304912]
R2 pc finetune task manager;pc finetune task manager;c:\progra~1\EARTHL~1\PCFINE~1\MXTask.exe [2008-11-14 120088]
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-07-08 66056]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2007-07-27 517632]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-31 108552]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-701221768-1186730467-2756938374-1006.job
- c:\documents and settings\Owner.Milts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 23:26]

2009-07-31 c:\windows\Tasks\IObit Security 360.job
- c:\program files\IObit\IObit Security 360\IObit Security 360.exe [2009-07-31 18:10]

2009-08-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-12-16 11:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc598.mail.yahoo.com/mc/welcome?.gx=1&.tm=1248489541&.rand=aofe5mat043nv#_pg=showFolder;_ylc=X3oDMTBuZWpiMG10BF9TAzM5ODMwMTAxNARhYwNkZWxNc2dz&&filterBy=&fid=Inbox&nsc&hash=566ae30c9a1b217305fba86910f74f99&.jsrand=9262837
uInternet Settings,ProxyOverride = *.local
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 13:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BitTorrent DNA = "c:\program files\DNA\btdna.exe"??l???????!?"c:\program files\dn

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-04 13:20
ComboFix-quarantined-files.txt 2009-08-04 17:20

Pre-Run: 217,729,228,800 bytes free
Post-Run: 221,397,843,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
345 --- E O F --- 2009-02-27 06:44

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:40 PM

Posted 04 August 2009 - 12:40 PM

Hello.

A few things we need to fix here.

Before, we do that, I want to see a few more scans here.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post a new set of DDS logs afterwards.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users