Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

b.exe and random music


  • This topic is locked This topic is locked
14 replies to this topic

#1 inamiks

inamiks

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 21 July 2009 - 02:49 PM

I have random music coming on. I want my $1000 gift card from walmart, lol.

I can not run spybot search and destroy(and a couple other programs), run in safe mode, and a few new programs.

thanks for any help!







DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 12:38:35.01 on Tue 07/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE -k sfx
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\ld12.exe
C:\windows\pp10.exe
C:\Documents and Settings\Owner\XP Deluxe Protector\xpdeluxe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: VMware Class: {3113c6d7-d1bf-4096-94fe-5df265ac881d} - c:\windows\system32\gdi32lib.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Cognac] c:\docume~1\owner\locals~1\temp\b.exe
uRun: [xpprotect] c:\documents and settings\owner\xp deluxe protector\xpdeluxe.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [sysldtray] c:\windows\ld12.exe
mRun: [pp] c:\windows\pp10.exe
mRun: [sysfbtray] c:\windows\freddy49.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\o3clvt97.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 sfxdrv;sfxdrv;c:\program files\sfx\sfX.sYs [2009-7-16 9472]
R2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2007-12-1 14336]
S3 usbwte;usbwte;c:\windows\system32\usbwte.sys [2007-12-1 2304]

=============== Created Last 30 ================

2009-07-21 11:16 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue
2009-07-16 14:11 <DIR> --d----- c:\program files\sFX
2009-07-16 14:09 <DIR> --d----- c:\documents and settings\owner\XP Deluxe Protector
2009-07-15 12:18 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-15 12:18 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-15 12:18 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-15 12:18 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-15 11:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-15 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-15 10:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\19472654
2009-07-14 21:33 <DIR> --d----- c:\program files\common files\HP
2009-07-14 21:31 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-07-14 20:55 <DIR> --d----- c:\program files\HP
2009-07-08 16:24 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-07-08 16:16 <DIR> --d----- c:\documents and settings\owner\temp
2009-07-08 16:12 <DIR> --d----- c:\program files\iPod
2009-07-08 16:12 <DIR> --d----- c:\program files\iTunes
2009-07-08 11:04 <DIR> --d----- c:\docume~1\owner\applic~1\Dropbox
2009-07-08 11:04 <DIR> --d----- c:\program files\Dropbox
2009-07-04 10:12 <DIR> --d----- c:\program files\Sun
2009-07-04 10:05 <DIR> --d----- c:\program files\OpenOffice.org 2.2
2009-07-04 10:00 <DIR> --d----- c:\docume~1\owner\applic~1\.clamwin
2009-07-04 10:00 <DIR> --d----- c:\program files\ClamWin
2009-07-04 10:00 <DIR> --d----- c:\documents and settings\all users\.clamwin
2009-06-30 16:52 <DIR> --d----- c:\program files\Motorola
2009-06-30 16:51 <DIR> --d----- c:\program files\IDT
2009-06-30 11:06 <DIR> --d----- c:\program files\SigmaTel
2009-06-30 10:28 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-06-30 10:28 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-06-30 10:22 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-06-30 10:14 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-30 10:13 <DIR> --d----- c:\docume~1\owner\applic~1\Intel
2009-06-30 10:02 <DIR> --dsh--- c:\documents and settings\owner\UserData
2009-06-30 08:51 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-30 08:51 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-30 08:51 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-30 08:49 <DIR> --d----- c:\program files\Online Services
2009-06-30 08:49 <DIR> --d----- c:\program files\Messenger
2009-06-30 08:49 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-30 08:48 <DIR> --d----- c:\program files\Windows NT
2009-06-30 04:46 <DIR> --d----- c:\program files\common files\ODBC
2009-06-30 04:46 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-30 04:45 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-07-21 12:38 115,916 a------- c:\windows\system32\drivers\156e12a2.sys
2009-07-16 15:11 18,432 a------- c:\windows\nbron_1247771478.exe
2009-07-16 14:11 15,360 ----h--- c:\windows\pp10.exe
2009-07-16 14:10 15,360 a------- c:\windows\ld12.exe
2009-07-16 14:09 29,184 a------- c:\windows\system32\gdi32lib.dll
2009-07-15 15:30 131,584 a------- c:\windows\system32\sopidkc.exe
2009-07-15 15:30 162,816 a------- c:\windows\system32\tpsaxyd.exe
2009-07-15 10:54 69,845 a------- c:\windows\system32\drivers\smss.exe
2009-07-15 10:54 69,845 a------- C:\fjaiekpk.exe
2009-07-15 10:54 138,752 a------- c:\windows\msa.exe
2009-07-15 10:54 45,056 a--shr-- c:\windows\system32\flashd.dll
2009-07-15 10:54 212,105 a------- C:\uudoam.exe
2009-07-15 10:54 26,624 a------- c:\windows\system32\diskcheck.exe
2009-07-15 10:54 15,000 a------- c:\windows\system32\gsf83iujid.dll
2009-07-15 10:53 141,828 a------- c:\windows\system32\msxml71.dll
2009-07-14 21:34 118,642 a------- c:\windows\hpoins09.dat
2009-07-14 12:40 36,864 a------- c:\windows\system32\wiawow32.sys
2009-07-09 20:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-30 16:52 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-30 16:51 388 a------- c:\windows\system32\drivers\sthdae.log
2009-06-30 10:13 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-06-30 10:13 21,361 a------- c:\windows\AegisP.sys
2009-06-30 08:49 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-30 01:17 1,613,824 a------- c:\windows\system32\sfcfiles.dll
2009-06-30 01:17 250,368 a------- c:\windows\system32\drivers\iaStor.sys
2009-06-30 01:17 990,208 a------- c:\windows\system32\syssetup.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 12:39:55.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 31 July 2009 - 04:42 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 04 August 2009 - 06:15 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 05 August 2009 - 04:51 PM

Reopened at OP request.

unite.jpg


#5 inamiks

inamiks
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 August 2009 - 05:58 AM

the mbam program would not come up at all. I have attached the info.txt and the log.text.

thanks

info.txt logfile of random's system information tool 1.06 2009-08-05 17:29:32

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
ClamWin Free Antivirus 0.93.1-->"C:\Program Files\ClamWin\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dropbox-->"C:\Program Files\Dropbox\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 2.2-->MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{607398CF-354B-4E21-B1BC-549424BFD04C}\setup.exe -runfromtemp -l0x0409
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Hosts File Missing
======System event log======

Computer Name: OWNER-PC
Event Code: 7023
Message: The 6to4 service terminated with the following error:
The system cannot find the file specified.


Record Number: 10066
Source Name: Service Control Manager
Time Written: 20090730090608.000000-240
Event Type: error
User:

Computer Name: OWNER-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 10065
Source Name: Tcpip
Time Written: 20090730090603.000000-240
Event Type: warning
User:

Computer Name: OWNER-PC
Event Code: 825
Message:
Record Number: 10062
Source Name: Rasman
Time Written: 20090730090440.000000-240
Event Type: warning
User:

Computer Name: OWNER-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 10061
Source Name: DCOM
Time Written: 20090730090440.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Record Number: 10060
Source Name: DCOM
Time Written: 20090730090434.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: OWNER-PC
Event Code: 1004
Message: Faulting application services.exe, version 5.1.2600.5755, faulting module unknown, version 0.0.0.0, fault address 0x010bfb35.

Record Number: 278
Source Name: Application Error
Time Written: 20090714212328.000000-240
Event Type: error
User:

Computer Name: OWNER-PC
Event Code: 1000
Message: Faulting application services.exe, version 5.1.2600.5755, faulting module unknown, version 0.0.0.0, fault address 0x010bfb35.

Record Number: 273
Source Name: Application Error
Time Written: 20090714205814.000000-240
Event Type: error
User:

Computer Name: OWNER-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 271
Source Name: MsiInstaller
Time Written: 20090714205635.000000-240
Event Type: warning
User: OWNER-PC\Owner

Computer Name: OWNER-PC
Event Code: 20
Message:
Record Number: 256
Source Name: Google Update
Time Written: 20090712221905.000000-240
Event Type: error
User: OWNER-PC\Owner

Computer Name: OWNER-PC
Event Code: 20
Message:
Record Number: 255
Source Name: Google Update
Time Written: 20090712211905.000000-240
Event Type: error
User: OWNER-PC\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------








Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-06 06:45:09
Microsoft Windows XP Professional Service Pack 3, v.5755
System drive C: has 145 GB (95%) free of 153 GB
Total RAM: 1014 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:14 AM, on 8/6/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\websrvx\websrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMware Class - {3113c6d7-d1bf-4096-94fe-5df265ac881d} - C:\WINDOWS\system32\gdi32lib.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy53.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Owner\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [xpprotect] C:\Documents and Settings\Owner\XP Deluxe Protector\xpdeluxe.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ColdWare] C:\WINDOWS\msa.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU (nmsaccessu) - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 (pml driver hpz12) - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1425521274-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1425521274-1801674531-1003UA.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3113c6d7-d1bf-4096-94fe-5df265ac881d}]
VMware Class - C:\WINDOWS\system32\gdi32lib.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\WINDOWS\system32\msxml71.dll [2009-07-15 141828]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-11-01 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-11-01 1101824]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-18 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-18 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-18 118784]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-09-27 573440]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-12-27 413696]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-06-14 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"sysldtray"=C:\windows\ld12.exe []
"pp"=C:\windows\pp10.exe []
"sysfbtray"=c:\windows\freddy53.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-07 133104]
"Cognac"=C:\DOCUME~1\Owner\LOCALS~1\Temp\b.exe []
"xpprotect"=C:\Documents and Settings\Owner\XP Deluxe Protector\xpdeluxe.exe []
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"ColdWare"=C:\WINDOWS\msa.exe [2009-07-15 138752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-18 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f0f32cc-65b7-11de-84ce-0018de95d2cf}]
shell\AutoRun\command - E:\


======List of files/folders created in the last 1 months======

2009-08-05 17:29:20 ----D---- C:\Program Files\trend micro
2009-08-05 17:29:19 ----D---- C:\rsit
2009-08-04 08:58:47 ----D---- C:\Program Files\WinRAR
2009-07-29 16:40:24 ----D---- C:\Program Files\websrvx
2009-07-21 22:43:27 ----D---- C:\Documents and Settings\Owner\Application Data\CDBurnerXP_Soft
2009-07-21 22:42:49 ----D---- C:\Program Files\CDBurnerXP
2009-07-21 12:30:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-21 12:30:54 ----D---- C:\Program Files\MSBuild
2009-07-21 12:30:46 ----D---- C:\Program Files\Reference Assemblies
2009-07-21 12:30:17 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-21 12:30:17 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-21 12:30:16 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-21 12:30:16 ----D---- C:\f47df14df4e86bcab7791dc77c
2009-07-21 12:29:39 ----RSD---- C:\WINDOWS\assembly
2009-07-21 12:29:21 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-21 11:32:03 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-21 11:16:21 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2009-07-16 16:42:54 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-16 16:36:49 ----A---- C:\WINDOWS\WORDPAD.INI
2009-07-16 15:11:20 ----A---- C:\WINDOWS\nbron_1247771478.exe
2009-07-16 14:11:23 ----D---- C:\Program Files\sFX
2009-07-16 00:40:34 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-07-15 23:51:36 ----SHD---- C:\WINDOWS\system32\lowsec
2009-07-15 12:18:51 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-07-15 12:18:51 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-15 12:18:50 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-07-15 12:18:49 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-07-15 11:03:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-15 11:03:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-15 10:55:50 ----D---- C:\WINDOWS\Minidump
2009-07-15 10:54:47 ----D---- C:\Documents and Settings\All Users\Application Data\19472654
2009-07-15 10:54:45 ----A---- C:\WINDOWS\msa.exe
2009-07-15 10:54:37 ----A---- C:\WINDOWS\system32\tpsaxyd.exe
2009-07-15 10:54:37 ----A---- C:\WINDOWS\system32\sopidkc.exe
2009-07-15 10:54:23 ----A---- C:\fjaiekpk.exe
2009-07-15 10:54:22 ----RASH---- C:\WINDOWS\system32\flashd.dll
2009-07-15 10:54:19 ----A---- C:\WINDOWS\system32\diskcheck.exe
2009-07-15 10:54:11 ----SHD---- C:\WINDOWS\System Volume Information
2009-07-15 10:54:00 ----A---- C:\WINDOWS\system32\gsf83iujid.dll
2009-07-15 10:53:45 ----A---- C:\WINDOWS\system32\msxml71.dll
2009-07-14 22:28:19 ----D---- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2009-07-14 22:18:56 ----D---- C:\Documents and Settings\Owner\Application Data\HP
2009-07-14 21:34:17 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-07-14 21:33:08 ----D---- C:\Program Files\Common Files\HP
2009-07-14 21:31:56 ----D---- C:\Program Files\Hewlett-Packard
2009-07-14 21:31:35 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-07-14 20:58:02 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-07-14 20:58:02 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-07-14 20:56:46 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-07-14 20:56:46 ----A---- C:\WINDOWS\IsUninst.exe
2009-07-14 20:55:30 ----D---- C:\Program Files\HP
2009-07-14 20:55:04 ----HD---- C:\Config.Msi
2009-07-09 20:56:37 ----D---- C:\WINDOWS\Sun
2009-07-09 20:53:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-08 16:24:16 ----A---- C:\WINDOWS\system32\unrar.dll
2009-07-08 16:24:14 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-07-08 16:24:14 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-07-08 16:24:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-07-08 16:24:13 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-07-08 16:24:13 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-07-08 16:24:13 ----A---- C:\WINDOWS\system32\divx.dll
2009-07-08 16:24:12 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-07-08 16:24:12 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-07-08 16:24:11 ----D---- C:\Program Files\K-Lite Codec Pack
2009-07-08 16:24:11 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-07-08 16:13:00 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-07-08 16:12:51 ----D---- C:\Program Files\iPod
2009-07-08 16:12:48 ----D---- C:\Program Files\iTunes
2009-07-08 16:12:23 ----D---- C:\Program Files\QuickTime
2009-07-08 16:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-08 16:12:13 ----D---- C:\Program Files\Apple Software Update
2009-07-08 16:12:05 ----D---- C:\Program Files\Common Files\Apple
2009-07-08 16:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-08 11:04:38 ----D---- C:\Documents and Settings\Owner\Application Data\Dropbox
2009-07-08 11:04:31 ----D---- C:\Program Files\Dropbox
2009-07-07 10:56:34 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-07-07 10:56:34 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe

======List of files/folders modified in the last 1 months======

2009-08-06 06:38:48 ----D---- C:\WINDOWS\Temp
2009-08-06 06:38:48 ----D---- C:\WINDOWS\system32
2009-08-06 06:38:07 ----SD---- C:\WINDOWS\Tasks
2009-08-06 06:38:04 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2009-08-05 18:09:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-05 17:29:20 ----RD---- C:\Program Files
2009-08-04 20:37:12 ----D---- C:\WINDOWS\Prefetch
2009-08-04 16:32:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-31 19:37:24 ----D---- C:\Program Files\Mozilla Firefox
2009-07-29 19:36:35 ----D---- C:\WINDOWS
2009-07-21 12:31:50 ----SHD---- C:\WINDOWS\Installer
2009-07-21 12:31:45 ----D---- C:\WINDOWS\WinSxS
2009-07-21 12:31:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 12:30:55 ----D---- C:\WINDOWS\system32\en-US
2009-07-21 12:30:50 ----RSD---- C:\WINDOWS\Fonts
2009-07-21 12:30:35 ----HD---- C:\WINDOWS\inf
2009-07-21 12:30:34 ----D---- C:\WINDOWS\system32\spool
2009-07-21 12:30:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 12:30:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-21 12:29:23 ----D---- C:\Program Files\Internet Explorer
2009-07-21 11:44:20 ----SHD---- C:\System Volume Information
2009-07-21 11:42:36 ----D---- C:\WINDOWS\repair
2009-07-21 11:42:32 ----D---- C:\WINDOWS\Registration
2009-07-21 11:32:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-21 11:23:48 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 15:53:34 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-15 15:08:25 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 14:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-15 13:47:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-15 10:54:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 21:34:19 ----A---- C:\WINDOWS\win.ini
2009-07-14 21:33:08 ----D---- C:\Program Files\Common Files
2009-07-14 21:31:59 ----D---- C:\WINDOWS\twain_32
2009-07-09 20:52:52 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-09 20:52:52 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-09 20:52:52 ----A---- C:\WINDOWS\system32\java.exe
2009-07-09 20:52:49 ----D---- C:\Program Files\Java
2009-07-08 16:26:13 ----D---- C:\Program Files\ClamWin
2009-07-08 16:12:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 sfxdrv;sfxdrv; \??\C:\Program Files\sFX\sfX.sYs []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-30 21361]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-12-01 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-11-30 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-18 1166972]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-10-31 2236544]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-12-01 61824]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-09-27 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-12-14 290816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 usbwte;usbwte; \??\C:\WINDOWS\system32\usbwte.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-01 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-09 152984]
R2 nmsaccessu;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-01 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-01 1183744]
R2 sfx;sfx; C:\WINDOWS\sySTEM32\SvchoSt.ExE [2007-12-01 14336]
R2 websrvx;websrvx; C:\Program Files\websrvx\websrvx.exe [2009-07-29 13312]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 6to4;6to4; C:\WINDOWS\System32\svchost.exe [2007-12-01 14336]
S2 pml driver hpz12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 fontcache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-12-01 14336]
S4 nettcpportsharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by inamiks, 06 August 2009 - 08:55 AM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 06 August 2009 - 08:55 AM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 inamiks

inamiks
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 August 2009 - 09:06 AM

is there anything I can do to force combo fix to run? it does not run at all.

Edited by inamiks, 06 August 2009 - 09:14 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 06 August 2009 - 09:10 AM

Any reason for the blank post?

unite.jpg


#9 inamiks

inamiks
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 August 2009 - 09:22 AM

combofix does not run as well.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 06 August 2009 - 09:23 AM

Ok, lets try this, delete the copy you have and download it again making sure you rename it first.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .

Edited by syler, 06 August 2009 - 10:05 AM.

unite.jpg


#11 inamiks

inamiks
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 August 2009 - 10:14 AM

ComboFix 09-08-04.04 - Owner 08/06/2009 11:01.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.733 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1609461989
c:\docume~1\Owner\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Owner\XP Deluxe Protector
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\sFX
c:\program files\sFX\SfX.DlL
c:\program files\sFX\sfX.sYs
c:\program files\websrvx
c:\program files\websrvx\websrvx.exe
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\0101120101464853.dat
c:\windows\01011201014650120.dat
c:\windows\0101120101465053.dat
c:\windows\0101120101465153.dat
c:\windows\0101120101465752.dat
c:\windows\934fdfg34fgjf23
c:\windows\bf23567.dat
c:\windows\Fonts\services.exe
c:\windows\Installer\3ba931.msi
c:\windows\Installer\6e34c.msi
c:\windows\msa.exe
c:\windows\msupdate.exe
c:\windows\run.log
c:\windows\system32\6to4v32.dll
c:\windows\system32\comsa32.sys
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\156e12a2.sys
c:\windows\system32\drivers\smss.exe
c:\windows\system32\drivers\UAClydbritcqdfuofxra.sys
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msxml71.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\UACarmrwqpulkmlgexrl.dll
c:\windows\system32\UACdckdnnaaaqqjjlmvf.dll
c:\windows\system32\UACfuxxtkpdpb.dll
c:\windows\system32\UACgkhollyeydxslvmbb.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnrbqbrlcln.dll
c:\windows\system32\UACqelwbwutfuxovdllt.dll
c:\windows\system32\UACrkvmnnsphhaycfnfn.dll
c:\windows\system32\UACsauvrjeuruoabxwfy.dat
c:\windows\system32\UACskjjkivtvxbxegfma.dll
c:\windows\system32\usbwte.sys
c:\windows\system32\wiawow32.sys
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\zinipelu.dll
c:\windows\system32\zodetego.dll
c:\windows\th823567.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_6to4
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_usbwte
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_156e12a2
-------\Service_6to4
-------\Service_sfx
-------\Service_sfxdrv
-------\Service_usbwte
-------\Legacy_websrvx
-------\Service_websrvx


((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 21:29 . 2009-08-06 10:45 -------- d-----w- c:\program files\trend micro
2009-08-05 21:29 . 2009-08-05 21:31 -------- d-----w- C:\rsit
2009-07-22 02:43 . 2009-07-22 02:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CDBurnerXP_Soft
2009-07-22 02:43 . 2009-07-22 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\CDBurnerXP_Soft
2009-07-22 02:42 . 2009-07-22 02:42 -------- d-----w- c:\program files\CDBurnerXP
2009-07-21 16:31 . 2009-07-21 16:31 66520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\program files\MSBuild
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 16:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 16:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-21 16:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- C:\f47df14df4e86bcab7791dc77c
2009-07-21 16:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-21 15:32 . 2009-07-21 15:45 -------- d-----w- c:\windows\system32\NtmsData
2009-07-21 15:16 . 2009-07-21 15:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-07-16 19:11 . 2009-07-16 19:11 18432 ----a-w- c:\windows\nbron_1247771478.exe
2009-07-16 04:40 . 2009-07-16 04:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-07-15 19:09 . 2009-07-15 19:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 18:38 . 2009-07-15 18:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-15 15:03 . 2009-07-15 16:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-15 15:03 . 2009-07-15 15:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 14:54 . 2009-07-15 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\19472654
2009-07-15 14:54 . 2009-07-15 14:54 69845 ----a-w- C:\fjaiekpk.exe
2009-07-15 14:54 . 2009-07-15 14:54 45056 --sha-r- c:\windows\system32\flashd.dll
2009-07-15 14:54 . 2009-07-15 14:54 26624 ----a-w- c:\windows\system32\diskcheck.exe
2009-07-15 14:54 . 2009-07-15 14:54 54272 ----a-w- c:\windows\system32\drivers\UACxpcgptxiql.sys
2009-07-15 14:54 . 2009-07-15 14:54 -------- d-sh--w- c:\windows\System Volume Information
2009-07-15 02:28 . 2009-07-15 02:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-07-15 01:37 . 2009-07-15 01:37 14304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 01:34 . 2009-07-15 01:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\HP
2009-07-15 01:34 . 2009-07-15 01:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP
2009-07-15 01:33 . 2009-07-15 01:33 -------- d-----w- c:\program files\Common Files\HP
2009-07-15 01:31 . 2009-07-15 01:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:31 . 2009-07-15 01:31 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-15 01:25 . 2009-07-15 01:34 118642 ----a-w- c:\windows\hpoins09.dat
2009-07-15 01:23 . 2006-02-01 00:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-15 01:23 . 2006-02-01 00:48 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-15 00:58 . 2006-02-09 19:45 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-07-15 00:58 . 2006-01-04 08:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-07-15 00:57 . 2007-11-30 21:28 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-15 00:57 . 2007-11-30 21:28 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-15 00:56 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-07-15 00:56 . 2005-03-15 07:09 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-07-15 00:56 . 2005-03-15 05:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-07-15 00:56 . 2005-03-15 05:33 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-07-15 00:56 . 2005-03-09 05:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-07-15 00:56 . 2005-03-09 05:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-07-15 00:56 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-15 00:55 . 2009-07-16 04:41 -------- d-----w- c:\program files\HP
2009-07-15 00:49 . 2009-07-21 16:34 14304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 23:09 . 2007-11-30 21:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-14 23:09 . 2007-11-30 21:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-14 22:54 . 2007-11-30 21:31 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-14 22:54 . 2007-11-30 21:31 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-10 00:56 . 2009-07-10 00:56 -------- d-----w- c:\windows\Sun
2009-07-10 00:53 . 2009-07-10 00:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-10 00:52 . 2009-07-10 00:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 20:24 . 2007-09-04 21:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-07-08 20:24 . 2007-07-25 18:24 1559040 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-08 20:24 . 2007-03-10 16:51 282624 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-08 20:24 . 2004-01-25 21:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-08 20:24 . 2007-12-04 06:33 682496 ----a-w- c:\windows\system32\divx.dll
2009-07-08 20:24 . 2007-11-30 03:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-08 20:24 . 2007-11-30 03:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-07-08 20:24 . 2007-12-24 17:49 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-08 20:24 . 2009-07-08 20:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 20:24 . 2004-01-12 03:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 20:16 . 2009-07-08 20:16 -------- d-----w- c:\documents and settings\Owner\temp
2009-07-08 20:13 . 2009-07-08 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\iPod
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\iTunes
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\QuickTime
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\Common Files\Apple
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-07-08 20:11 . 2009-07-08 20:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-08 15:04 . 2009-07-08 20:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2009-07-08 15:04 . 2009-07-08 15:04 -------- d-----w- c:\program files\Dropbox
2009-07-07 21:15 . 2009-07-07 21:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-07 21:14 . 2009-07-07 21:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 15:06 . 2009-07-04 14:16 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-08-06 11:29 . 2009-05-06 11:29 84992 --sha-w- c:\windows\system32\fosajugu.dll
2009-07-10 00:52 . 2009-07-04 14:05 -------- d-----w- c:\program files\Java
2009-07-08 20:26 . 2009-07-04 14:00 -------- d-----w- c:\program files\ClamWin
2009-07-04 14:12 . 2009-07-04 14:12 -------- d-----w- c:\program files\Sun
2009-07-04 14:06 . 2009-07-04 14:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\OpenOffice.org 2.2
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\Common Files\Java
2009-07-04 14:01 . 2009-07-04 14:00 -------- d-----w- c:\documents and settings\Owner\Application Data\.clamwin
2009-07-01 20:39 . 2009-07-01 20:39 0 ----a-w- c:\windows\nsreg.dat
2009-06-30 20:52 . 2009-06-30 12:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 20:52 . 2009-06-30 20:52 -------- d-----w- c:\program files\Motorola
2009-06-30 20:51 . 2009-06-30 20:51 388 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-06-30 20:51 . 2009-06-30 20:51 -------- d-----w- c:\program files\IDT
2009-06-30 18:41 . 2009-06-30 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 15:06 . 2009-06-30 15:06 -------- d-----w- c:\program files\SigmaTel
2009-06-30 15:06 . 2009-06-30 15:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 14:14 . 2009-06-30 14:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-30 14:13 . 2009-06-30 14:13 21361 ----a-w- c:\windows\AegisP.sys
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Intel
2009-06-30 14:12 . 2009-06-30 14:00 -------- d-----w- c:\program files\Intel
2009-06-30 12:52 . 2009-06-30 12:52 -------- d-----w- c:\program files\microsoft frontpage
2009-06-30 12:49 . 2009-06-30 12:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 05:17 . 2009-06-30 05:17 1613824 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-30 05:17 . 2009-06-30 05:17 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-06-30 05:17 . 2009-06-30 05:17 990208 ----a-w- c:\windows\system32\syssetup.dll
2009-05-13 05:15 . 2007-12-01 04:26 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-06 11:24 . 2009-05-06 11:24 49664 --sha-w- c:\windows\system32\gekininu.dll
2009-05-06 11:24 . 2009-05-06 11:24 49664 --sha-w- c:\windows\system32\yozezuna.dll
.

------- Sigcheck -------

[-] 2009-06-30 05:17 1613824 B92C87C03B966ECA8FBFB1374510A917 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11c230b0-7a34-454d-aa2d-25dc2a42bfa0}]
2009-05-06 11:24 49664 --sha-w- c:\windows\system32\gekininu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-18 118784]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-27 573440]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-06-14 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"lajonigike"="c:\windows\system32\yozezuna.dll" [2009-05-06 49664]
"CPMa322bc28"="c:\windows\system32\fosajugu.dll" [2009-08-06 84992]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\fosajugu.dll" [2009-08-06 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fosajugu.dll [2009-08-06 84992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-xpprotect - c:\documents and settings\Owner\XP Deluxe Protector\xpdeluxe.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-ColdWare - c:\windows\msa.exe
HKLM-Run-sysfbtray - c:\windows\freddy53.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: facebook.com\www
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\o3clvt97.default\
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 11:06
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\yozezuna.dll
c:\windows\system32\fosajugu.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-08-06 11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 15:08

Pre-Run: 151,495,086,080 bytes free
Post-Run: 151,547,711,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

356

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 06 August 2009 - 11:14 AM

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\sfcfiles.dll

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/243336/bexe-and-random-music/

Collect::
c:\windows\nbron_1247771478.exe
C:\fjaiekpk.exe
c:\windows\system32\flashd.dll
c:\windows\system32\diskcheck.exe
c:\windows\system32\drivers\UACxpcgptxiql.sys
c:\windows\system32\fosajugu.dll
c:\windows\system32\gekininu.dll
c:\windows\system32\yozezuna.dll
Folder::
c:\docume~1\ALLUSE~1\APPLIC~1\19472654
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11c230b0-7a34-454d-aa2d-25dc2a42bfa0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lajonigike"=-
"CPMa322bc28"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

I see that you have Clamwin AntiVirus installed, this does not offer realtime protection like other AntiViruses, so you should remove it, and install
one of these.
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Then please post back here with the following:
  • Jotti result
  • Combofix.txt
  • MBAM log
Thanks

unite.jpg


#13 inamiks

inamiks
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 August 2009 - 12:33 PM

Filename: sfcfiles.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 6 Aug 2009 18:38:29 (CET) Permalink



ComboFix 09-08-04.04 - Owner 08/06/2009 13:03.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.624 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

file zipped: c:\windows\system32\flashd.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\19472654
c:\docume~1\ALLUSE~1\APPLIC~1\19472654\19472654
c:\windows\system32\flashd.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 16:58 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-06 16:58 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-06 16:58 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-06 16:58 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-06 16:58 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-06 16:58 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 16:58 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-06 16:58 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-06 16:58 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-06 16:58 . 2009-08-06 16:58 -------- d-----w- c:\program files\Alwil Software
2009-08-06 15:41 . 2009-08-06 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-06 15:40 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 15:40 . 2009-08-06 15:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 15:40 . 2009-08-06 15:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-06 15:40 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 21:29 . 2009-08-06 10:45 -------- d-----w- c:\program files\trend micro
2009-08-05 21:29 . 2009-08-05 21:31 -------- d-----w- C:\rsit
2009-07-22 02:43 . 2009-07-22 02:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CDBurnerXP_Soft
2009-07-22 02:43 . 2009-07-22 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\CDBurnerXP_Soft
2009-07-22 02:42 . 2009-07-22 02:42 -------- d-----w- c:\program files\CDBurnerXP
2009-07-21 16:31 . 2009-07-21 16:31 66520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\program files\MSBuild
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 16:30 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 16:30 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-21 16:30 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 16:30 . 2009-07-21 16:30 -------- d-----w- C:\f47df14df4e86bcab7791dc77c
2009-07-21 16:30 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-21 15:32 . 2009-07-21 15:45 -------- d-----w- c:\windows\system32\NtmsData
2009-07-21 15:16 . 2009-07-21 15:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-07-16 04:40 . 2009-07-16 04:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-07-15 19:09 . 2009-07-15 19:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-15 18:38 . 2009-07-15 18:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-15 16:18 . 2009-07-15 16:18 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-15 15:03 . 2009-07-15 16:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-15 15:03 . 2009-07-15 15:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 14:54 . 2009-07-15 14:54 -------- d-sh--w- c:\windows\System Volume Information
2009-07-15 02:28 . 2009-07-15 02:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-07-15 01:37 . 2009-07-15 01:37 14304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 01:34 . 2009-07-15 01:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\HP
2009-07-15 01:34 . 2009-07-15 01:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HP
2009-07-15 01:33 . 2009-07-15 01:33 -------- d-----w- c:\program files\Common Files\HP
2009-07-15 01:31 . 2009-07-15 01:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:31 . 2009-07-15 01:31 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-15 01:25 . 2009-07-15 01:34 118642 ----a-w- c:\windows\hpoins09.dat
2009-07-15 01:23 . 2006-02-01 00:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-15 01:23 . 2006-02-01 00:48 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-15 00:58 . 2006-02-09 19:45 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-07-15 00:58 . 2006-01-04 08:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2009-07-15 00:57 . 2007-11-30 21:28 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-15 00:57 . 2007-11-30 21:28 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-15 00:56 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-07-15 00:56 . 2005-03-15 07:09 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-07-15 00:56 . 2005-03-15 05:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-07-15 00:56 . 2005-03-15 05:33 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-07-15 00:56 . 2005-03-09 05:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-07-15 00:56 . 2005-03-09 05:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-07-15 00:56 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-15 00:55 . 2009-07-16 04:41 -------- d-----w- c:\program files\HP
2009-07-15 00:49 . 2009-07-21 16:34 14304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 23:09 . 2007-11-30 21:31 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-14 23:09 . 2007-11-30 21:31 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-14 22:54 . 2007-11-30 21:31 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-14 22:54 . 2007-11-30 21:31 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-10 00:56 . 2009-07-10 00:56 -------- d-----w- c:\windows\Sun
2009-07-10 00:53 . 2009-07-10 00:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-10 00:52 . 2009-07-10 00:52 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-08 20:24 . 2007-09-04 21:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-07-08 20:24 . 2007-07-25 18:24 1559040 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-08 20:24 . 2007-03-10 16:51 282624 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-08 20:24 . 2004-01-25 21:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-08 20:24 . 2007-12-04 06:33 682496 ----a-w- c:\windows\system32\divx.dll
2009-07-08 20:24 . 2007-11-30 03:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-08 20:24 . 2007-11-30 03:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-07-08 20:24 . 2007-12-24 17:49 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-08 20:24 . 2009-07-08 20:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-08 20:24 . 2004-01-12 03:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 20:16 . 2009-07-08 20:16 -------- d-----w- c:\documents and settings\Owner\temp
2009-07-08 20:13 . 2009-07-08 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\iPod
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\iTunes
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\QuickTime
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\program files\Common Files\Apple
2009-07-08 20:12 . 2009-07-08 20:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-07-08 20:11 . 2009-07-08 20:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-08 15:04 . 2009-07-08 20:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Dropbox
2009-07-08 15:04 . 2009-07-08 15:04 -------- d-----w- c:\program files\Dropbox
2009-07-07 21:15 . 2009-08-06 15:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-07 21:14 . 2009-07-07 21:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 17:25 . 2009-07-04 14:16 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-07-10 00:52 . 2009-07-04 14:05 -------- d-----w- c:\program files\Java
2009-07-04 14:12 . 2009-07-04 14:12 -------- d-----w- c:\program files\Sun
2009-07-04 14:06 . 2009-07-04 14:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\OpenOffice.org 2.2
2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\Common Files\Java
2009-07-01 20:39 . 2009-07-01 20:39 0 ----a-w- c:\windows\nsreg.dat
2009-06-30 20:52 . 2009-06-30 12:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 20:52 . 2009-06-30 20:52 -------- d-----w- c:\program files\Motorola
2009-06-30 20:51 . 2009-06-30 20:51 388 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-06-30 20:51 . 2009-06-30 20:51 -------- d-----w- c:\program files\IDT
2009-06-30 18:41 . 2009-06-30 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 15:06 . 2009-06-30 15:06 -------- d-----w- c:\program files\SigmaTel
2009-06-30 15:06 . 2009-06-30 15:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 14:14 . 2009-06-30 14:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-30 14:13 . 2009-06-30 14:13 21361 ----a-w- c:\windows\AegisP.sys
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-06-30 14:13 . 2009-06-30 14:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Intel
2009-06-30 14:12 . 2009-06-30 14:00 -------- d-----w- c:\program files\Intel
2009-06-30 12:52 . 2009-06-30 12:52 -------- d-----w- c:\program files\microsoft frontpage
2009-06-30 12:49 . 2009-06-30 12:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 05:17 . 2009-06-30 05:17 1613824 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-30 05:17 . 2009-06-30 05:17 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-06-30 05:17 . 2009-06-30 05:17 990208 ----a-w- c:\windows\system32\syssetup.dll
2009-05-13 05:15 . 2007-12-01 04:26 915456 ----a-w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2009-06-30 05:17 1613824 B92C87C03B966ECA8FBFB1374510A917 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-06_15.06.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 17:24 . 2009-08-06 17:24 16384 c:\windows\Temp\Perflib_Perfdata_748.dat
+ 2009-08-06 17:24 . 2009-08-06 17:24 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-18 118784]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-27 573440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/6/2009 12:58 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2009 12:58 PM 20560]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: facebook.com\www
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\o3clvt97.default\
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 13:24
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2009-08-06 13:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 17:26
ComboFix2.txt 2009-08-06 15:08

Pre-Run: 151,430,356,992 bytes free
Post-Run: 151,411,130,368 bytes free

288




Malwarebytes' Anti-Malware 1.40
Database version: 2570
Windows 5.1.2600 Service Pack 3, v.5755

8/6/2009 11:59:56 AM
mbam-log-2009-08-06 (11-59-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116359
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\fosajugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yozezuna.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11c230b0-7a34-454d-aa2d-25dc2a42bfa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11c230b0-7a34-454d-aa2d-25dc2a42bfa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\vmwareapp.vmware (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vmwareapp.vmware.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11c230b0-7a34-454d-aa2d-25dc2a42bfa0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lajonigike (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma322bc28 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fosajugu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fosajugu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yozezuna.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\fosajugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gekininu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\fjaiekpk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\19472654\19472654.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\sFX\SfX.DlL.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\sFX\sfX.sYs.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\websrvx\websrvx.exe.vir (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\msupdate.exe.vir (Worm.Emold) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACskjjkivtvxbxegfma.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsf83iujid.dll.vir (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACarmrwqpulkmlgexrl.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdckdnnaaaqqjjlmvf.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfuxxtkpdpb.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnrbqbrlcln.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqelwbwutfuxovdllt.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrkvmnnsphhaycfnfn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\usbwte.sys.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zodetego.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\smss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UAClydbritcqdfuofxra.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C26CAC89-EC64-433F-B1D7-1224014EA238}\RP29\A0004807.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C26CAC89-EC64-433F-B1D7-1224014EA238}\RP29\A0004808.DlL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C26CAC89-EC64-433F-B1D7-1224014EA238}\RP29\A0004809.sYs (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C26CAC89-EC64-433F-B1D7-1224014EA238}\RP29\A0004810.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\nbron_1247771478.exe (Trojan.LdPinch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcheck.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A9KDERC9\exe[1].exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACxpcgptxiql.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\windef.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\logcde.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\cooecp.tlb (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\windef.Log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\winpaged.ocx (Trojan.Downloader) -> Quarantined and deleted successfully.

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 07 August 2009 - 05:31 PM

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then please post back here with the following:
  • Bitdefender report
  • New Rsit log
Thanks

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:51 AM

Posted 11 August 2009 - 07:00 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users