Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have been infected with some bad stuff


  • This topic is locked This topic is locked
10 replies to this topic

#1 jettt111

jettt111

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 July 2009 - 06:22 PM

Referred from: http://www.bleepingcomputer.com/forums/t/242337/computer-infected-and-several-programs-wont-remove-it-moved/ ~ OB

here is the first log


DDS (Ver_09-06-26.01) - NTFSx86
Run by buddy at 18:25:30.28 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.473 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\a60yyl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\velz9.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\install.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\buddy\LOCALS~1\Temp\win.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\buddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: c:\windows\system32\ghaf8jkdfd.dll: {a36d2a01-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\ghaf8jkdfd.dll
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [mswindows restore service] c:\docume~1\buddy\locals~1\temp\a60yyl.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Windows System Recover!] c:\docume~1\buddy\locals~1\temp\win.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [nwiz] nwiz.exe /install
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: att.net\webmail
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192061230703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\ghaf8jkdfd.dll: {a36d2a01-00f3-42bd-f434-00bbc39c8953} - c:\windows\system32\ghaf8jkdfd.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli

============= SERVICES / DRIVERS ===============

R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [2001-5-15 12224]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-11-20 3968]
R1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [2001-5-17 229664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2007-1-1 45312]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2007-1-1 55936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S0 mwjuer;mwjuer;c:\windows\system32\drivers\uqufyav.sys --> c:\windows\system32\drivers\uqufyav.sys [?]
S1 ShldDrv;Panda File Shield Driver; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-7-17 38160]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]

=============== Created Last 30 ================

2009-07-17 18:04 46 a------- c:\windows\system32\p2hhr.bat
2009-07-17 18:03 --d----- c:\docume~1\alluse~1.win\applic~1\10455464
2009-07-17 18:03 15,000 a------- c:\windows\system32\ghaf8jkdfd.dll
2009-07-17 18:02 61,440 a------- c:\windows\system32\drivers\ojlxwokv.sys
2009-07-17 17:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:38 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 10:35 --d----- c:\program files\smitRem
2009-07-17 10:35 383,836 a------- c:\program files\smitRem.exe
2009-07-17 08:25 --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-17 08:25 --d----- c:\program files\SUPERAntiSpyware
2009-07-17 08:25 --d----- c:\docume~1\buddy\applic~1\SUPERAntiSpyware.com
2009-07-17 08:24 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-17 08:24 6,568,480 a------- c:\program files\SUPERAntiSpyware.exe
2009-07-17 07:07 --d----- c:\program files\Spybot - Search & Destroy
2009-07-17 07:05 16,409,960 a------- c:\program files\spybotsd162.exe
2009-07-17 06:38 306 a------- c:\program files\EnableTM.reg
2009-07-16 20:40 61,440 a------- c:\windows\system32\drivers\lgzi.sys
2009-07-16 17:50 67,072 a------- c:\windows\system32\drivers\geyekrmoexvalq.sys
2009-07-16 17:40 61,440 a------- c:\windows\system32\drivers\gcgid.sys
2009-07-07 18:57 61,440 a------- c:\windows\system32\drivers\vwyuqk.sys
2009-07-07 17:31 61,440 a------- c:\windows\system32\drivers\fnhtt.sys
2009-06-22 16:14 --d----- c:\docume~1\alluse~1.win\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

2009-07-17 18:02 3,408 a------- c:\program files\llwngk.txt
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-25 19:01 61,440 a------- c:\windows\system32\drivers\mtryk.sys
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-01-03 10:52 2,539,400 a------- c:\program files\mbam-setup.exe
2008-12-19 16:14 15,452,536 a------- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-25 08:44 379,392 a------- c:\program files\subinacl.msi
2008-05-09 20:18 877,280 a------- c:\program files\Google_Updater.exe
2008-04-10 04:45 8,548,984 a------- c:\program files\Windows-KB890830-V1.40.exe
2007-08-05 17:43 15,732,984 a------- c:\program files\Google_Earth_BZXD.exe
2007-04-29 17:07 9,746,675 a------- c:\program files\VLC_Portable_0.8.6a.paf.exe
2007-04-29 16:58 15,344,334 a------- c:\program files\vlc-0.8.6b-win32.zip
2007-03-18 12:17 4,429,593 a------- c:\program files\it222enu.exe
2007-01-27 16:38 12,307,656 a------- c:\program files\wdviewer.exe
2007-01-27 16:27 27,024,112 a------- c:\program files\PowerPointViewer.exe
2007-01-18 17:34 487,836 a------- c:\program files\CO52R$0G.zip
2007-01-18 17:32 591,384 a------- c:\program files\English.zip
2006-12-25 17:26 4,865,728 a------- c:\program files\rminstall.exe
2006-12-25 16:20 6,469,352 a------- c:\program files\avgas-setup-7.5.0.501.exe
2006-11-08 16:39 636,384 a------- c:\program files\saSetup.exe
2006-11-07 15:02 2,711,422 a------- c:\program files\BitComet_0.70_setup.exe
2006-06-05 17:56 11,817,800 a------- c:\program files\GoogleEarth-0762.exe
2006-02-13 23:17 282,601 a------- c:\program files\hijackthis_sfx.exe
2005-12-25 19:32 3,927 a------- c:\program files\hijackthisaftrereport.txt
2005-12-25 19:32 3,927 a------- c:\program files\hijackthis.log
2005-11-24 16:39 12,754,672 a------- c:\program files\MP10Setup.exe
2005-11-23 20:26 6,910,088 a------- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-23 18:03 2,560,240 a------- c:\program files\spywareblastersetup34.exe
2005-11-21 18:53 313,283 a------- c:\program files\cwshredder.zip
2005-11-21 18:50 218,112 a------- c:\program files\HijackThis.exe
2005-09-19 23:02 21,122,808 a------- c:\program files\78.01_winxp2k_english_whql.exe
2005-08-06 16:52 30,047,896 a------- c:\program files\77.72_win2kxp_international_whql.exe
2005-07-14 16:53 153,328 a------- c:\program files\RealPlayer10-5GOLD.exe
2005-07-14 16:45 78,160 a------- c:\program files\AutoFix.exe
2005-07-11 10:18 10,562,512 a------- c:\program files\GoogleEarth.exe
2005-06-22 19:11 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-03-03 16:37 786,932 a------- c:\program files\EMpgDec20.zip
2005-03-03 16:35 635,569 a------- c:\program files\XviD-1.0.3-20122004.exe
2005-02-19 18:11 7,741,336 a------- c:\program files\DivX521XP2K.exe
2005-02-10 01:39 18,219,878 a------- c:\program files\66.93_win2kxp_english.exe
2005-02-09 23:34 315,624 a------- c:\program files\dxwebsetup.exe
2004-11-18 18:41 36,750 a------- c:\program files\splitt31.zip
2004-10-20 12:42 328,488 a------- c:\program files\CWSInstall.exe
2004-07-16 14:17 3,912,870 a------- c:\program files\BespelledDeluxe.exe
2004-07-10 18:07 577,088 a------- c:\program files\TweakUiPowertoySetup.exe
2004-07-10 17:58 805 a------- c:\program files\Shortcut to Ad-aware.lnk
2004-05-14 15:46 2,150,574 a------- c:\program files\aaw6.exe
2004-05-02 17:25 137,216 a------- c:\program files\CWShredder.exe
2003-11-07 18:23 2,334,080 a------- c:\program files\MpackProWithVbRuntime.zip
2003-08-23 20:22 4,008,129 ac------ c:\program files\DivX505Bundle.exe
2003-08-23 19:08 1,897,672 ac------ c:\program files\winzip81.exe
2002-03-19 17:30 177,152 a------- c:\program files\tweakui.exe
2001-08-29 18:03 59,392 a------- c:\program files\Splitter.exe
2000-06-18 14:03 106,544 a------- c:\program files\tweakui.cpl
2000-04-15 10:13 51,238 a------- c:\program files\tweakui.hlp
2000-04-15 10:05 5,825 a------- c:\program files\tweakui.cnt
1999-11-22 16:28 2,991 a------- c:\program files\tweakui.inf

============= FINISH: 18:27:23.76 ===============






@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


here is the other






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2004 8:06:37 PM
System Uptime: 7/17/2009 6:02:31 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VT600
Processor: AMD Athlon™ XP 2600+ | Socket A | 1919/167mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 48.573 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98
Service: rtl8139

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adaptec Easy CD Creator 4
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AutoUpdate
AVG Anti-Spyware 7.5
BellSouth FastAccess DSL Help Center
BellSouth Toolbar 1.0
Bespelled Deluxe 1.03
BitComet 0.70
BroadJump Client Foundation
Bytescout XLS Viewer 2.10 (FREEWARE)
C-Media WDM Audio Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CleanUp!
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Player
Driver Detective
Easy CD Creator 5 Platinum
Elecard MPEG2 Decoder Package 2.0
EPSON Printer Software
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Google Earth
Google Updater
Half-Life 2: Episode One
Half-LifeŽ 2
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java™ 6 Update 13
Learn2 Player (Uninstall Only)
Logitech Gaming Software
Logitech iTouch Software
Logitech MouseWare 9.79
Longbow
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
Paint Shop Pro 6.01 CD
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Easy v5.1
Registry Mechanic 6.0
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB973346)
Smart Media Card Reader
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Steam™
SUPERAntiSpyware Free Edition
System Requirements Lab
The Print Shop Ensemble III
Tweakui Powertoy for Windows XP
Uniblue RegistryBooster 2009
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VirtuaGirl HD
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

7/17/2009 9:13:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AVG Anti-Spyware Driver Fips SASDIFSV SASKUTIL ShldDrv
7/16/2009 7:39:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ShldDrv Tcpip
7/16/2009 7:39:31 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 7:39:31 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/16/2009 7:38:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2009 6:08:41 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The system cannot find the file specified.
7/15/2009 9:59:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ShldDrv
7/15/2009 9:59:28 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
7/15/2009 9:59:28 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
7/15/2009 9:59:28 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/15/2009 9:59:28 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/15/2009 9:59:02 PM, error: SRService [104] - The System Restore initialization process failed.
7/14/2009 9:05:14 PM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/14/2009 9:05:13 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

Edited by Orange Blossom, 17 July 2009 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 jettt111

jettt111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 July 2009 - 07:03 PM

i also read about the combo fix for removing the root kit and ran it . here is the log from it.


ComboFix 09-07-14.08 - buddy 07/17/2009 18:45.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.725 [GMT -5:00]
Running from: c:\documents and settings\buddy\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\buddy\LOCALS~1\Temp\services.exe
c:\docume~1\buddy\LOCALS~1\Temp\svchost.exe
c:\docume~1\buddy\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\buddy\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users.WINDOWS\Application Data\10455464
c:\documents and settings\All Users.WINDOWS\Application Data\10455464\10455464.exe
c:\documents and settings\buddy\Application Data\wiaserva.log
c:\windows\Installer\10d8f15.msp
c:\windows\Installer\10d8f16.msp
c:\windows\Installer\10d8f17.msp
c:\windows\Installer\10d8f18.msp
c:\windows\Installer\10d8f19.msp
c:\windows\Installer\10d8f1a.msp
c:\windows\Installer\10d8f1b.msp
c:\windows\Installer\10d8f1c.msp
c:\windows\Installer\10d8f1d.msp
c:\windows\Installer\11b5ddf.msp
c:\windows\Installer\11b5de0.msp
c:\windows\Installer\11b5de1.msp
c:\windows\Installer\11b5de2.msp
c:\windows\Installer\11b5de3.msp
c:\windows\Installer\11b5de4.msp
c:\windows\Installer\11b5de5.msp
c:\windows\Installer\11b5de6.msp
c:\windows\Installer\11b5de7.msp
c:\windows\Installer\1ad11.msp
c:\windows\Installer\22b0b0.msp
c:\windows\Installer\22b0b1.msp
c:\windows\Installer\22b0ba.msp
c:\windows\Installer\22b0cc.msp
c:\windows\Installer\2395aa.msp
c:\windows\Installer\2395ab.msp
c:\windows\Installer\2395ac.msp
c:\windows\Installer\2395ad.msp
c:\windows\Installer\2395ae.msp
c:\windows\Installer\2395af.msp
c:\windows\Installer\2395b0.msp
c:\windows\Installer\2395b1.msp
c:\windows\Installer\2395b2.msp
c:\windows\Installer\244ac6.msp
c:\windows\Installer\244ac7.msp
c:\windows\Installer\244ac8.msp
c:\windows\Installer\244ac9.msp
c:\windows\Installer\244aca.msp
c:\windows\Installer\244acb.msp
c:\windows\Installer\244acc.msp
c:\windows\Installer\244acd.msp
c:\windows\Installer\244ace.msp
c:\windows\Installer\363c48.msp
c:\windows\Installer\363c49.msp
c:\windows\Installer\363c4a.msp
c:\windows\Installer\363c4b.msp
c:\windows\Installer\363c4c.msp
c:\windows\Installer\363c4d.msp
c:\windows\Installer\363c4e.msp
c:\windows\Installer\363c4f.msp
c:\windows\Installer\363c50.msp
c:\windows\Installer\3ad01767.msp
c:\windows\Installer\3f99ec.msp
c:\windows\Installer\3f99ed.msp
c:\windows\Installer\3f99ee.msp
c:\windows\Installer\3f99ef.msp
c:\windows\Installer\3f99f0.msp
c:\windows\Installer\3f99f1.msp
c:\windows\Installer\3f99f2.msp
c:\windows\Installer\3f99f3.msp
c:\windows\Installer\3f99f4.msp
c:\windows\Installer\4828b.msp
c:\windows\Installer\4828c.msp
c:\windows\Installer\4828d.msp
c:\windows\Installer\4828e.msp
c:\windows\Installer\4828f.msp
c:\windows\Installer\48290.msp
c:\windows\Installer\48291.msp
c:\windows\Installer\48292.msp
c:\windows\Installer\48293.msp
c:\windows\Installer\4c09d6f.msp
c:\windows\Installer\4c09d70.msp
c:\windows\Installer\4c09d71.msp
c:\windows\Installer\4c09d72.msp
c:\windows\Installer\4c09d73.msp
c:\windows\Installer\4c09d74.msp
c:\windows\Installer\4c09d75.msp
c:\windows\Installer\4c09d76.msp
c:\windows\Installer\4c09d77.msp
c:\windows\Installer\51f9e7a.msp
c:\windows\Installer\51f9e7b.msp
c:\windows\Installer\51f9e7c.msp
c:\windows\Installer\51f9e7d.msp
c:\windows\Installer\51f9e7e.msp
c:\windows\Installer\51f9e7f.msp
c:\windows\Installer\51f9e80.msp
c:\windows\Installer\51f9e81.msp
c:\windows\Installer\51f9e82.msp
c:\windows\Installer\53d5a6a.msp
c:\windows\Installer\53d5a6b.msp
c:\windows\Installer\53d5a6c.msp
c:\windows\Installer\53d5a6d.msp
c:\windows\Installer\53d5a6e.msp
c:\windows\Installer\53d5a6f.msp
c:\windows\Installer\53d5a70.msp
c:\windows\Installer\53d5a71.msp
c:\windows\Installer\53d5a72.msp
c:\windows\Installer\768ed3.msp
c:\windows\Installer\768edf.msp
c:\windows\Installer\768ef1.msp
c:\windows\Installer\768ef2.msp
c:\windows\Installer\7751306.msp
c:\windows\Installer\7751307.msp
c:\windows\Installer\7751308.msp
c:\windows\Installer\7751309.msp
c:\windows\Installer\775130a.msp
c:\windows\Installer\775130b.msp
c:\windows\Installer\775130c.msp
c:\windows\Installer\775130d.msp
c:\windows\Installer\775130e.msp
c:\windows\Installer\7788f1d.msp
c:\windows\Installer\7788f1e.msp
c:\windows\Installer\7788f1f.msp
c:\windows\Installer\7788f20.msp
c:\windows\Installer\7788f21.msp
c:\windows\Installer\7788f22.msp
c:\windows\Installer\7788f23.msp
c:\windows\Installer\7788f24.msp
c:\windows\Installer\7788f25.msp
c:\windows\Installer\779c3e.msp
c:\windows\Installer\779c3f.msp
c:\windows\Installer\779c40.msp
c:\windows\Installer\779c41.msp
c:\windows\Installer\779c42.msp
c:\windows\Installer\779c43.msp
c:\windows\Installer\779c44.msp
c:\windows\Installer\779c45.msp
c:\windows\Installer\779c46.msp
c:\windows\Installer\8ff5376d.msp
c:\windows\Installer\8ff53776.msp
c:\windows\Installer\96d9dc.msp
c:\windows\Installer\96d9dd.msp
c:\windows\Installer\96d9de.msp
c:\windows\Installer\96d9df.msp
c:\windows\Installer\96d9e0.msp
c:\windows\Installer\96d9e1.msp
c:\windows\Installer\96d9e2.msp
c:\windows\Installer\96d9e3.msp
c:\windows\Installer\96d9e4.msp
c:\windows\Installer\bda2f.msp
c:\windows\Installer\bda30.msp
c:\windows\Installer\bda31.msp
c:\windows\Installer\bda32.msp
c:\windows\Installer\bda33.msp
c:\windows\Installer\bda34.msp
c:\windows\Installer\bda35.msp
c:\windows\Installer\bda36.msp
c:\windows\Installer\bda37.msp
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\patch.exe
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003843_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003850_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003872_.tmp.dll
c:\windows\system32\_003874_.tmp.dll
c:\windows\system32\_003875_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006040_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006050_.tmp.dll
c:\windows\system32\_006051_.tmp.dll
c:\windows\system32\_006052_.tmp.dll
c:\windows\system32\_006054_.tmp.dll
c:\windows\system32\_006055_.tmp.dll
c:\windows\system32\_006058_.tmp.dll
c:\windows\system32\_006059_.tmp.dll
c:\windows\system32\_006061_.tmp.dll
c:\windows\system32\_006062_.tmp.dll
c:\windows\system32\_006063_.tmp.dll
c:\windows\system32\_006065_.tmp.dll
c:\windows\system32\_006068_.tmp.dll
c:\windows\system32\_006069_.tmp.dll
c:\windows\system32\_006073_.tmp.dll
c:\windows\system32\_006074_.tmp.dll
c:\windows\system32\_006076_.tmp.dll
c:\windows\system32\_006079_.tmp.dll
c:\windows\system32\_006081_.tmp.dll
c:\windows\system32\_006082_.tmp.dll
c:\windows\system32\_006084_.tmp.dll
c:\windows\system32\_006085_.tmp.dll
c:\windows\system32\_006088_.tmp.dll
c:\windows\system32\_006089_.tmp.dll
c:\windows\system32\_006090_.tmp.dll
c:\windows\system32\_006091_.tmp.dll
c:\windows\system32\_006092_.tmp.dll
c:\windows\system32\_006097_.tmp.dll
c:\windows\system32\_006099_.tmp.dll
c:\windows\system32\_006100_.tmp.dll
c:\windows\system32\51609.exe
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\Drivers\fnhtt.sys
c:\windows\system32\Drivers\gcgid.sys
c:\windows\system32\Drivers\jkwxr.sys
c:\windows\system32\Drivers\lgzi.sys
c:\windows\system32\Drivers\mtryk.sys
c:\windows\system32\Drivers\nxxe.sys
c:\windows\system32\Drivers\ojlxwokv.sys
c:\windows\system32\Drivers\vwyuqk.sys
c:\windows\system32\ghaf8jkdfd.dll
c:\windows\system32\hljwugsf.bin
c:\windows\system32\ntos.exe
c:\windows\system32\open.ico
c:\windows\system32\p2hhr.bat
c:\windows\system32\paytime.exe
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NPF
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-17 23:59 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-17 23:59 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-17 22:38 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 22:38 . 2009-07-17 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 22:38 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 15:35 . 2009-07-17 15:39 -------- d-----w- c:\program files\smitRem
2009-07-17 15:35 . 2009-07-17 15:35 383836 ----a-w- c:\program files\smitRem.exe
2009-07-17 14:51 . 2009-07-18 00:01 -------- d-sh--w- c:\windows\system32\wsnpoem
2009-07-17 13:25 . 2009-07-18 00:03 117760 ----a-w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-17 13:25 . 2009-07-17 13:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-17 13:25 . 2009-07-17 13:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-17 13:25 . 2009-07-17 13:25 -------- d-----w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com
2009-07-17 13:24 . 2009-07-17 13:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 13:24 . 2009-07-17 13:24 6568480 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-07-17 12:07 . 2009-07-17 12:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 12:05 . 2009-07-17 12:05 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-07-17 11:38 . 2009-07-17 11:38 306 ----a-w- c:\program files\EnableTM.reg
2009-07-16 22:50 . 2009-07-16 22:50 67072 ----a-w- c:\windows\system32\drivers\geyekrmoexvalq.sys
2009-06-22 21:14 . 2009-06-22 21:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 23:02 . 2009-07-17 23:02 3408 ----a-w- c:\program files\llwngk.txt
2009-07-17 12:45 . 2008-05-10 01:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-17 12:12 . 2005-11-22 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-16 23:39 . 2005-11-21 23:51 -------- d-----w- c:\program files\backups
2009-07-16 23:26 . 2009-05-27 11:39 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\~0
2009-07-16 19:52 . 2004-07-12 21:51 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-07-07 22:44 . 2009-05-06 12:37 -------- d-----w- c:\program files\Coupons
2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:25 . 2009-06-12 15:25 152576 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 23:08 . 2009-05-27 11:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverCure
2009-06-03 19:09 . 2004-08-07 17:44 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:45 . 2004-07-10 23:30 15 ----a-w- c:\windows\popcinfo.dat
2009-05-27 11:41 . 2009-05-27 11:41 -------- d-----w- c:\documents and settings\buddy\Application Data\DriverCure
2009-05-27 11:41 . 2009-05-27 11:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ParetoLogic
2009-05-27 11:39 . 2009-05-27 11:39 -------- d-----w- c:\documents and settings\buddy\Application Data\uniblue
2009-05-27 11:37 . 2009-05-27 11:37 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-13 05:15 . 2004-02-06 23:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-09-25 13:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-03 15:52 . 2009-01-03 15:52 2539400 ----a-w- c:\program files\mbam-setup.exe
2008-12-19 21:14 . 2008-12-19 21:14 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-25 13:44 . 2008-09-25 13:44 379392 ----a-w- c:\program files\subinacl.msi
2008-05-10 01:18 . 2008-05-10 01:18 877280 ----a-w- c:\program files\Google_Updater.exe
2008-04-10 09:45 . 2008-04-10 09:45 8548984 ----a-w- c:\program files\Windows-KB890830-V1.40.exe
2007-08-05 22:43 . 2007-08-05 22:43 15732984 ----a-w- c:\program files\Google_Earth_BZXD.exe
2007-04-29 22:07 . 2007-04-29 22:07 9746675 ----a-w- c:\program files\VLC_Portable_0.8.6a.paf.exe
2007-04-29 21:58 . 2007-04-29 21:58 15344334 ----a-w- c:\program files\vlc-0.8.6b-win32.zip
2007-03-18 17:17 . 2005-10-25 21:06 4429593 ----a-w- c:\program files\it222enu.exe
2007-01-27 21:38 . 2007-01-27 21:38 12307656 ----a-w- c:\program files\wdviewer.exe
2007-01-27 21:27 . 2007-01-27 21:27 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2007-01-18 22:34 . 2007-01-18 22:34 487836 ----a-w- c:\program files\CO52R$0G.zip
2007-01-18 22:32 . 2007-01-18 22:32 591384 ----a-w- c:\program files\English.zip
2006-12-25 22:26 . 2005-03-25 17:13 4865728 ----a-w- c:\program files\rminstall.exe
2006-12-25 21:20 . 2006-12-25 21:20 6469352 ----a-w- c:\program files\avgas-setup-7.5.0.501.exe
2006-11-08 21:39 . 2006-11-08 21:39 636384 ----a-w- c:\program files\saSetup.exe
2006-11-07 20:02 . 2006-11-07 20:02 2711422 ----a-w- c:\program files\BitComet_0.70_setup.exe
2006-06-05 22:56 . 2006-01-05 01:12 11817800 ----a-w- c:\program files\GoogleEarth-0762.exe
2006-02-14 04:17 . 2006-02-14 04:17 282601 ----a-w- c:\program files\hijackthis_sfx.exe
2005-12-26 00:32 . 2005-12-26 00:32 3927 ----a-w- c:\program files\hijackthisaftrereport.txt
2005-12-26 00:32 . 2005-11-21 23:51 3927 ----a-w- c:\program files\hijackthis.log
2005-11-24 21:39 . 2005-11-24 21:39 12754672 ----a-w- c:\program files\MP10Setup.exe
2005-11-24 01:26 . 2005-11-24 01:26 6910088 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-23 23:03 . 2005-11-23 23:03 2560240 ----a-w- c:\program files\spywareblastersetup34.exe
2005-11-21 23:53 . 2005-11-21 23:53 313283 ----a-w- c:\program files\cwshredder.zip
2005-11-21 23:50 . 2004-05-25 21:21 218112 ----a-w- c:\program files\HijackThis.exe
2005-09-20 04:02 . 2005-09-20 04:02 21122808 ----a-w- c:\program files\78.01_winxp2k_english_whql.exe
2005-08-06 21:52 . 2005-08-06 21:52 30047896 ----a-w- c:\program files\77.72_win2kxp_international_whql.exe
2005-07-14 21:53 . 2005-07-14 21:53 153328 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2005-07-14 21:45 . 2005-07-14 21:45 78160 ----a-w- c:\program files\AutoFix.exe
2005-07-11 15:18 . 2005-07-11 15:18 10562512 ----a-w- c:\program files\GoogleEarth.exe
2005-06-23 00:11 . 2005-06-13 05:18 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-03 21:37 . 2005-03-03 21:37 786932 ----a-w- c:\program files\EMpgDec20.zip
2005-03-03 21:35 . 2005-02-23 08:10 635569 ----a-w- c:\program files\XviD-1.0.3-20122004.exe
2005-02-19 23:11 . 2005-02-19 23:11 7741336 ----a-w- c:\program files\DivX521XP2K.exe
2005-02-10 06:39 . 2005-02-10 06:39 18219878 ----a-w- c:\program files\66.93_win2kxp_english.exe
2005-02-10 04:34 . 2005-02-10 04:28 315624 ----a-w- c:\program files\dxwebsetup.exe
2004-11-18 23:41 . 2004-11-18 23:41 36750 ----a-w- c:\program files\splitt31.zip
2004-10-20 17:42 . 2005-11-21 23:53 328488 ----a-w- c:\program files\CWSInstall.exe
2004-07-16 19:17 . 2004-07-16 19:17 3912870 ----a-w- c:\program files\BespelledDeluxe.exe
2004-07-10 23:07 . 2004-07-10 23:07 577088 ----a-w- c:\program files\TweakUiPowertoySetup.exe
2004-07-10 22:58 . 2004-07-10 22:58 805 ----a-w- c:\program files\Shortcut to Ad-aware.lnk
2004-05-14 20:46 . 2004-05-14 20:46 2150574 ----a-w- c:\program files\aaw6.exe
2004-05-02 22:25 . 2004-05-02 22:17 137216 ----a-w- c:\program files\CWShredder.exe
2003-11-07 23:23 . 2003-11-07 23:09 2334080 ----a-w- c:\program files\MpackProWithVbRuntime.zip
2003-08-24 01:22 . 2003-08-24 01:22 4008129 -c--a-w- c:\program files\DivX505Bundle.exe
2003-08-24 00:08 . 2003-08-24 00:08 1897672 -c--a-w- c:\program files\winzip81.exe
2002-03-19 22:30 . 2002-03-19 22:30 177152 ----a-w- c:\program files\tweakui.exe
2001-08-29 23:03 . 2006-02-22 22:47 59392 ----a-w- c:\program files\Splitter.exe
2000-06-18 19:03 . 2000-06-18 19:03 106544 ----a-w- c:\program files\tweakui.cpl
2000-04-15 15:13 . 2000-04-15 15:13 51238 ----a-w- c:\program files\tweakui.hlp
2000-04-15 15:05 . 2000-04-15 15:05 5825 ----a-w- c:\program files\tweakui.cnt
1999-11-22 21:28 . 1999-11-22 21:28 2991 ----a-w- c:\program files\tweakui.inf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Internet Answering Machine.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsf7husjnfg98gi498aejhiugjkdg4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyAxe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Recover!

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [5/15/2001 4:48 PM 12224]
R1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [5/17/2001 3:28 PM 229664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [1/1/2007 2:47 PM 45312]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [1/1/2007 2:47 PM 55936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S0 mwjuer;mwjuer;c:\windows\system32\drivers\uqufyav.sys --> c:\windows\system32\drivers\uqufyav.sys [?]
S1 ShldDrv;Panda File Shield Driver; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/17/2009 5:38 PM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2004-07-09 00:12]

2008-09-23 c:\windows\Tasks\$~$Sys1$.job
- c:\windows\System32\SchedSvc.dll [2004-07-09 00:12]

2008-09-24 c:\windows\Tasks\$~$Sys2$.job
- c:\windows\System32\SchedSvc.dll [2004-07-09 00:12]

2008-09-25 c:\windows\Tasks\$~$Sys3$.job
- c:\windows\System32\SchedSvc.dll [2004-07-09 00:12]

2008-09-25 c:\windows\Tasks\$~$Sys4$.job
- c:\windows\System32\SchedSvc.dll [2004-07-09 00:12]

2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 23:17]

2009-07-16 c:\windows\Tasks\User_Feed_Synchronization-{CD9D28AC-6503-4B26-AED6-CE43F3AC54D8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A36D2A01-00F3-42BD-F434-00BBC39C8953} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: att.net\webmail
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 19:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\snmp.exe
c:\windows\system32\dllhost.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\dllhost.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 00:09

Pre-Run: 52,069,924,864 bytes free
Post-Run: 52,432,240,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
582 --- E O F --- 2009-07-16 23:10

#3 jettt111

jettt111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 July 2009 - 08:10 AM

well doing what ya'll said helped because i was able to go to restore point when i couldnt before but it wouldnt take me back far enough so i went into registry mechanic and went back 2 months and ran scans with several programs and they only found a few things. then my last scan with malwarebytes shows nothing. here is the log for it and a hijackthis log.


Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/18/2009 8:12:45 AM
mbam-log-2009-07-18 (08-12-45).txt

Scan type: Quick Scan
Objects scanned: 123663
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.>>>>.

HIJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:05 AM, on 7/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\buddy\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192061230703
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4073 bytes

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 PM

Posted 27 July 2009 - 05:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 jettt111

jettt111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 27 July 2009 - 05:56 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by buddy at 18:02:40.10 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.482 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\buddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: att.net\webmail
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192061230703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [2001-5-15 12224]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2006-11-20 3968]
R1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [2001-5-17 229664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2007-1-1 45312]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2007-1-1 55936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S0 mwjuer;mwjuer;c:\windows\system32\drivers\uqufyav.sys --> c:\windows\system32\drivers\uqufyav.sys [?]
S1 ShldDrv;Panda File Shield Driver; [x]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]

=============== Created Last 30 ================

2009-07-17 19:08 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-17 18:59 39,424 ac------ c:\windows\system32\dllcache\grpconv.exe
2009-07-17 18:59 39,424 a------- c:\windows\system32\grpconv.exe
2009-07-17 18:40 <DIR> a-dshr-- C:\cmdcons
2009-07-17 18:38 219,648 a------- c:\windows\PEV.exe
2009-07-17 18:38 161,792 a------- c:\windows\SWREG.exe
2009-07-17 18:38 98,816 a------- c:\windows\sed.exe
2009-07-17 17:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 10:35 <DIR> --d----- c:\program files\smitRem
2009-07-17 10:35 383,836 a------- c:\program files\smitRem.exe
2009-07-17 08:25 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-17 08:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-17 08:25 <DIR> --d----- c:\docume~1\buddy\applic~1\SUPERAntiSpyware.com
2009-07-17 08:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-17 08:24 6,568,480 a------- c:\program files\SUPERAntiSpyware.exe
2009-07-17 07:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-17 07:05 16,409,960 a------- c:\program files\spybotsd162.exe
2009-07-17 06:38 306 a------- c:\program files\EnableTM.reg
2009-07-16 17:50 67,072 a------- c:\windows\system32\drivers\geyekrmoexvalq.sys

==================== Find3M ====================

2009-07-17 18:02 3,408 a------- c:\program files\llwngk.txt
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-01-03 10:52 2,539,400 a------- c:\program files\mbam-setup.exe
2008-12-19 16:14 15,452,536 a------- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-25 08:44 379,392 a------- c:\program files\subinacl.msi
2008-05-09 20:18 877,280 a------- c:\program files\Google_Updater.exe
2008-04-10 04:45 8,548,984 a------- c:\program files\Windows-KB890830-V1.40.exe
2007-08-05 17:43 15,732,984 a------- c:\program files\Google_Earth_BZXD.exe
2007-04-29 17:07 9,746,675 a------- c:\program files\VLC_Portable_0.8.6a.paf.exe
2007-04-29 16:58 15,344,334 a------- c:\program files\vlc-0.8.6b-win32.zip
2007-03-18 12:17 4,429,593 a------- c:\program files\it222enu.exe
2007-01-27 16:38 12,307,656 a------- c:\program files\wdviewer.exe
2007-01-27 16:27 27,024,112 a------- c:\program files\PowerPointViewer.exe
2007-01-18 17:34 487,836 a------- c:\program files\CO52R$0G.zip
2007-01-18 17:32 591,384 a------- c:\program files\English.zip
2006-12-25 17:26 4,865,728 a------- c:\program files\rminstall.exe
2006-12-25 16:20 6,469,352 a------- c:\program files\avgas-setup-7.5.0.501.exe
2006-11-08 16:39 636,384 a------- c:\program files\saSetup.exe
2006-11-07 15:02 2,711,422 a------- c:\program files\BitComet_0.70_setup.exe
2006-06-05 17:56 11,817,800 a------- c:\program files\GoogleEarth-0762.exe
2005-12-25 19:32 3,927 a------- c:\program files\hijackthisaftrereport.txt
2005-11-24 16:39 12,754,672 a------- c:\program files\MP10Setup.exe
2005-11-23 20:26 6,910,088 a------- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-23 18:03 2,560,240 a------- c:\program files\spywareblastersetup34.exe
2005-11-21 18:53 313,283 a------- c:\program files\cwshredder.zip
2005-09-19 23:02 21,122,808 a------- c:\program files\78.01_winxp2k_english_whql.exe
2005-08-06 16:52 30,047,896 a------- c:\program files\77.72_win2kxp_international_whql.exe
2005-07-14 16:53 153,328 a------- c:\program files\RealPlayer10-5GOLD.exe
2005-07-14 16:45 78,160 a------- c:\program files\AutoFix.exe
2005-07-11 10:18 10,562,512 a------- c:\program files\GoogleEarth.exe
2005-06-22 19:11 20,798,256 a------- c:\program files\AdbeRdr70_enu_full.exe
2005-03-03 16:37 786,932 a------- c:\program files\EMpgDec20.zip
2005-03-03 16:35 635,569 a------- c:\program files\XviD-1.0.3-20122004.exe
2005-02-19 18:11 7,741,336 a------- c:\program files\DivX521XP2K.exe
2005-02-10 01:39 18,219,878 a------- c:\program files\66.93_win2kxp_english.exe
2005-02-09 23:34 315,624 a------- c:\program files\dxwebsetup.exe
2004-11-18 18:41 36,750 a------- c:\program files\splitt31.zip
2004-10-20 12:42 328,488 a------- c:\program files\CWSInstall.exe
2004-07-16 14:17 3,912,870 a------- c:\program files\BespelledDeluxe.exe
2004-07-10 18:07 577,088 a------- c:\program files\TweakUiPowertoySetup.exe
2004-07-10 17:58 805 a------- c:\program files\Shortcut to Ad-aware.lnk
2004-05-14 15:46 2,150,574 a------- c:\program files\aaw6.exe
2004-05-02 17:25 137,216 a------- c:\program files\CWShredder.exe
2003-11-07 18:23 2,334,080 a------- c:\program files\MpackProWithVbRuntime.zip
2003-08-23 20:22 4,008,129 ac------ c:\program files\DivX505Bundle.exe
2003-08-23 19:08 1,897,672 ac------ c:\program files\winzip81.exe
2002-03-19 17:30 177,152 a------- c:\program files\tweakui.exe
2001-08-29 18:03 59,392 a------- c:\program files\Splitter.exe
2000-06-18 14:03 106,544 a------- c:\program files\tweakui.cpl
2000-04-15 10:13 51,238 a------- c:\program files\tweakui.hlp
2000-04-15 10:05 5,825 a------- c:\program files\tweakui.cnt
1999-11-22 16:28 2,991 a------- c:\program files\tweakui.inf

============= FINISH: 18:03:01.23 ===============

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:37 PM

Posted 29 July 2009 - 10:22 PM

Sorry for the delay. An HJT team member should be with you soon.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:37 PM

Posted 30 July 2009 - 10:09 AM

Hi jettt111,


Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

It seemed that you did lots of jobs by yourself. Nevertheless, due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised.
Sometimes, it will result into an unbootable machine. We need to clean some leftovers. Please do the following:


Step1

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\windows\system32\drivers\geyekrmoexvalq.sys
c:\windows\system32\drivers\uqufyav.sys 

Driver::
mwjuer
ShldDrv


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation



Please post back the logs in your next reply.


1.Combofix log
2.KAS Scan Report

Tell me how things are going now.

#8 jettt111

jettt111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 30 July 2009 - 05:55 PM

ComboFix 09-07-29.04 - buddy 07/30/2009 15:03.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -5:00]
Running from: c:\documents and settings\buddy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\buddy\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\geyekrmoexvalq.sys"
"c:\windows\system32\drivers\uqufyav.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SHLDDRV
-------\Service_mwjuer
-------\Service_ShldDrv


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-17 23:59 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-17 23:59 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-17 22:38 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 22:38 . 2009-07-17 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 22:38 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 15:35 . 2009-07-17 15:39 -------- d-----w- c:\program files\smitRem
2009-07-17 15:35 . 2009-07-17 15:35 383836 ----a-w- c:\program files\smitRem.exe
2009-07-17 13:25 . 2009-07-30 20:12 117760 ----a-w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-17 13:25 . 2009-07-17 13:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-17 13:25 . 2009-07-29 09:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-17 13:25 . 2009-07-17 13:25 -------- d-----w- c:\documents and settings\buddy\Application Data\SUPERAntiSpyware.com
2009-07-17 13:24 . 2009-07-17 13:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 13:24 . 2009-07-17 13:24 6568480 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-07-17 12:07 . 2009-07-17 12:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 12:05 . 2009-07-17 12:05 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-07-17 11:38 . 2009-07-17 11:38 306 ----a-w- c:\program files\EnableTM.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 10:35 . 2008-05-10 01:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-07-27 20:32 . 2004-07-12 21:51 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-07-17 23:02 . 2009-07-17 23:02 3408 ----a-w- c:\program files\llwngk.txt
2009-07-17 12:12 . 2005-11-22 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-07-16 23:39 . 2005-11-21 23:51 -------- d-----w- c:\program files\backups
2009-07-16 23:26 . 2009-05-27 11:39 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\~0
2009-07-07 22:44 . 2009-05-06 12:37 -------- d-----w- c:\program files\Coupons
2009-07-03 17:09 . 2004-02-06 23:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-22 21:14 . 2009-06-22 21:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 15:25 . 2009-06-12 15:25 152576 ----a-w- c:\documents and settings\buddy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 23:08 . 2009-05-27 11:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverCure
2009-06-03 19:09 . 2004-08-07 17:44 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:45 . 2004-07-10 23:30 15 ----a-w- c:\windows\popcinfo.dat
2009-05-07 15:32 . 2008-09-25 13:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-03 15:52 . 2009-01-03 15:52 2539400 ----a-w- c:\program files\mbam-setup.exe
2008-12-19 21:14 . 2008-12-19 21:14 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2008-09-25 13:44 . 2008-09-25 13:44 379392 ----a-w- c:\program files\subinacl.msi
2008-05-10 01:18 . 2008-05-10 01:18 877280 ----a-w- c:\program files\Google_Updater.exe
2008-04-10 09:45 . 2008-04-10 09:45 8548984 ----a-w- c:\program files\Windows-KB890830-V1.40.exe
2007-08-05 22:43 . 2007-08-05 22:43 15732984 ----a-w- c:\program files\Google_Earth_BZXD.exe
2007-04-29 22:07 . 2007-04-29 22:07 9746675 ----a-w- c:\program files\VLC_Portable_0.8.6a.paf.exe
2007-04-29 21:58 . 2007-04-29 21:58 15344334 ----a-w- c:\program files\vlc-0.8.6b-win32.zip
2007-03-18 17:17 . 2005-10-25 21:06 4429593 ----a-w- c:\program files\it222enu.exe
2007-01-27 21:38 . 2007-01-27 21:38 12307656 ----a-w- c:\program files\wdviewer.exe
2007-01-27 21:27 . 2007-01-27 21:27 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2007-01-18 22:34 . 2007-01-18 22:34 487836 ----a-w- c:\program files\CO52R$0G.zip
2007-01-18 22:32 . 2007-01-18 22:32 591384 ----a-w- c:\program files\English.zip
2006-12-25 22:26 . 2005-03-25 17:13 4865728 ----a-w- c:\program files\rminstall.exe
2006-12-25 21:20 . 2006-12-25 21:20 6469352 ----a-w- c:\program files\avgas-setup-7.5.0.501.exe
2006-11-08 21:39 . 2006-11-08 21:39 636384 ----a-w- c:\program files\saSetup.exe
2006-11-07 20:02 . 2006-11-07 20:02 2711422 ----a-w- c:\program files\BitComet_0.70_setup.exe
2006-06-05 22:56 . 2006-01-05 01:12 11817800 ----a-w- c:\program files\GoogleEarth-0762.exe
2005-12-26 00:32 . 2005-12-26 00:32 3927 ----a-w- c:\program files\hijackthisaftrereport.txt
2005-11-24 21:39 . 2005-11-24 21:39 12754672 ----a-w- c:\program files\MP10Setup.exe
2005-11-24 01:26 . 2005-11-24 01:26 6910088 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-11-23 23:03 . 2005-11-23 23:03 2560240 ----a-w- c:\program files\spywareblastersetup34.exe
2005-11-21 23:53 . 2005-11-21 23:53 313283 ----a-w- c:\program files\cwshredder.zip
2005-09-20 04:02 . 2005-09-20 04:02 21122808 ----a-w- c:\program files\78.01_winxp2k_english_whql.exe
2005-08-06 21:52 . 2005-08-06 21:52 30047896 ----a-w- c:\program files\77.72_win2kxp_international_whql.exe
2005-07-14 21:53 . 2005-07-14 21:53 153328 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2005-07-14 21:45 . 2005-07-14 21:45 78160 ----a-w- c:\program files\AutoFix.exe
2005-07-11 15:18 . 2005-07-11 15:18 10562512 ----a-w- c:\program files\GoogleEarth.exe
2005-06-23 00:11 . 2005-06-13 05:18 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-03-03 21:37 . 2005-03-03 21:37 786932 ----a-w- c:\program files\EMpgDec20.zip
2005-03-03 21:35 . 2005-02-23 08:10 635569 ----a-w- c:\program files\XviD-1.0.3-20122004.exe
2005-02-19 23:11 . 2005-02-19 23:11 7741336 ----a-w- c:\program files\DivX521XP2K.exe
2005-02-10 06:39 . 2005-02-10 06:39 18219878 ----a-w- c:\program files\66.93_win2kxp_english.exe
2005-02-10 04:34 . 2005-02-10 04:28 315624 ----a-w- c:\program files\dxwebsetup.exe
2004-11-18 23:41 . 2004-11-18 23:41 36750 ----a-w- c:\program files\splitt31.zip
2004-10-20 17:42 . 2005-11-21 23:53 328488 ----a-w- c:\program files\CWSInstall.exe
2004-07-16 19:17 . 2004-07-16 19:17 3912870 ----a-w- c:\program files\BespelledDeluxe.exe
2004-07-10 23:07 . 2004-07-10 23:07 577088 ----a-w- c:\program files\TweakUiPowertoySetup.exe
2004-07-10 22:58 . 2004-07-10 22:58 805 ----a-w- c:\program files\Shortcut to Ad-aware.lnk
2004-05-14 20:46 . 2004-05-14 20:46 2150574 ----a-w- c:\program files\aaw6.exe
2004-05-02 22:25 . 2004-05-02 22:17 137216 ----a-w- c:\program files\CWShredder.exe
2003-11-07 23:23 . 2003-11-07 23:09 2334080 ----a-w- c:\program files\MpackProWithVbRuntime.zip
2003-08-24 01:22 . 2003-08-24 01:22 4008129 -c--a-w- c:\program files\DivX505Bundle.exe
2003-08-24 00:08 . 2003-08-24 00:08 1897672 -c--a-w- c:\program files\winzip81.exe
2002-03-19 22:30 . 2002-03-19 22:30 177152 ----a-w- c:\program files\tweakui.exe
2001-08-29 23:03 . 2006-02-22 22:47 59392 ----a-w- c:\program files\Splitter.exe
2000-06-18 19:03 . 2000-06-18 19:03 106544 ----a-w- c:\program files\tweakui.cpl
2000-04-15 15:13 . 2000-04-15 15:13 51238 ----a-w- c:\program files\tweakui.hlp
2000-04-15 15:05 . 2000-04-15 15:05 5825 ----a-w- c:\program files\tweakui.cnt
1999-11-22 21:28 . 1999-11-22 21:28 2991 ----a-w- c:\program files\tweakui.inf
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_00.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-30 20:12 . 2009-07-30 20:12 16384 c:\windows\temp\Perflib_Perfdata_730.dat
+ 2009-07-29 08:08 . 2009-07-29 08:08 16384 c:\windows\temp\Perflib_Perfdata_6c4.dat
+ 2009-07-30 20:12 . 2009-07-30 20:12 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2006-10-27 21:09 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2006-10-27 21:09 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
- 2002-08-29 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2002-08-29 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-10 02:50 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-10 02:50 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-09 18:58 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 18:58 . 2009-03-08 09:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:22 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-07-18 00:32 . 2009-07-18 00:32 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-05-13 08:03 . 2009-05-13 08:03 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2006-10-26 20:03 . 2006-10-26 20:03 78648 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\INTLDATE.DLL
+ 2009-07-29 08:01 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 08:01 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 08:01 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2002-08-29 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
- 2006-10-27 21:09 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
+ 2006-10-27 21:09 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2002-08-29 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2002-08-29 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2002-08-29 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2006-05-10 05:23 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 19:04 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-05-09 18:58 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 18:58 . 2009-03-08 09:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-10 02:50 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-10 02:50 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:22 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-10-27 08:44 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-10-27 08:44 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-10-27 08:44 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-20 16:48 . 2009-03-20 16:48 183808 c:\windows\Installer\1c2d9e.msp
+ 2009-07-29 08:01 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 08:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 08:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 08:01 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 08:01 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 08:01 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 08:01 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 08:01 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 08:01 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2004-01-21 21:20 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-01-21 21:19 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 18:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:23 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:08 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 18:58 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-29 08:01 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 08:01 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 08:01 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2006-10-27 21:09 . 2009-07-19 23:48 11067392 c:\windows\system32\ieframe.dll
+ 2007-05-09 18:58 . 2009-07-19 23:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-04-04 12:35 . 2009-04-04 12:35 36977152 c:\windows\Installer\1c2d94.msp
+ 2009-07-29 08:01 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-29 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-24 98304]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Internet Answering Machine.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PrtSeqRd;PrtSeqRd;c:\windows\system32\drivers\PrtSeqRd.sys [5/15/2001 4:48 PM 12224]
R1 cdudf;cdudf;c:\windows\system32\drivers\Cdudf.sys [5/17/2001 3:28 PM 229664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [1/1/2007 2:47 PM 45312]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [1/1/2007 2:47 PM 55936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-10 23:17]

2009-07-18 c:\windows\Tasks\User_Feed_Synchronization-{CD9D28AC-6503-4B26-AED6-CE43F3AC54D8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: att.net\webmail
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\system32\snmp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
.
**************************************************************************
.
Completion time: 2009-07-30 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 20:16
ComboFix2.txt 2009-07-18 00:09

Pre-Run: 51,031,867,392 bytes free
Post-Run: 52,065,697,792 bytes free

275 --- E O F --- 2009-07-29 08:01



<<<<<<<<<<<<<<<<<<<<<<,



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 30, 2009 22:40:15
Records in database: 2564753
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 64348
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:44:39


File name / Threat name / Threats count
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Old-C\Documents and Settings\buddy1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\helper.class-368988e0-24f9917e.class Infected: Trojan.Java.ClassLoader.a 1
C:\Old-C\Documents and Settings\buddy1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Stat.class-243fe6e6-14e26f69.class Infected: Exploit.Java.ByteVerify 1
C:\System Volume Information\_restore{8FB5C2C2-9E70-435D-81BE-919976148E2F}\RP3\A0004035.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\System Volume Information\_restore{8FB5C2C2-9E70-435D-81BE-919976148E2F}\RP3\A0004042.sys Infected: Rootkit.Win32.Agent.nex 1

The selected area was scanned.

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:37 PM

Posted 30 July 2009 - 09:25 PM

Hi jettt111,




As far as those infected objects listed in the Kaspersky report, the AOL toolbar comes from the factory installation and it may be a false postive.
As to the old System Restore Points, Whatever is in there can't harm you unless you choose to perform a manual restore and we will be taking care of later.

You need to show all files and delete the following java caches which were infected.

C:\Old-C\Documents and Settings\buddy1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\helper.class-368988e0-24f9917e.class
C:\Old-C\Documents and Settings\buddy1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Stat.class-243fe6e6-14e26f69.class

After that, you may uninstall java and clear the Java cache from Here if you don't know how and upgrade a new one from Here .

Other than that, your logs seem to be clear now. :thumbup2: Do you have any remaining concerns on your pc? If not, let's do some tidy up.


Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2
  • Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Accept any prompts to let the program proceed.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Remember to delete tools and all the logs we have used.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#10 jettt111

jettt111
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 31 July 2009 - 08:12 AM

i did every thing you said and i appreciate the help. you are a life saver. thanks !!! :) :) :thumbup2:

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:37 PM

Posted 02 August 2009 - 05:54 PM

You are most welcome. :thumbup2:


Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users