Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected TrojanDownloader:Win32/Renos.IO


  • This topic is locked This topic is locked
18 replies to this topic

#1 zorboman

zorboman

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 28 July 2009 - 01:43 PM

After posting in the "I am infected" forum,Clicky, I was sent here for additional assistance.

After running various malware programs, there are still traces programs showing up in the scans. And recently something strange has been happening. I am unable to access Bleepingcomputer.com.I just get a blank screen that never loads. I'm only able to access it by using a proxy.

Here is the DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Andrew at 13:07:36.00 on Tue 07/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.154 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew.SOPHIALEE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://www.mrfindalot.com/search.asp?si=
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: PrintViewBHO Class: {d4e0c464-30ce-4075-9a10-71fd106c2847} - c:\progra~1\printv~1\PRINTH~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Word Racer - hxxp://origin.games.yahoo.net/games/clients/y/wt1_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {08BF311F-789B-4413-B7B9-05355A612410} - hxxp://www.stop-sign.com/downloads/online_scanner.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144597757153
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144598957357
DPF: {886DDE35-E955-11D0-A707-000000881958} - hxxp://69.56.176.75/webplugin.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {AB5D38A6-FC19-40DF-AB9C-5299DB261483} = 192.168.2.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew~1.sop\applic~1\mozilla\firefox\profiles\nxjb58vo.default\
FF - plugin: c:\documents and settings\andrew.sophialee\application data\mozilla\firefox\profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-4-30 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-4-30 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-4-30 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-4-30 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-27 15:15 --d----- c:\documents and settings\andrew.sophialee\DoctorWeb
2009-07-26 20:46 --d----- c:\program files\ESET
2009-07-26 00:28 --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-26 00:28 --d----- c:\program files\SUPERAntiSpyware
2009-07-26 00:28 --d----- c:\docume~1\andrew~1.sop\applic~1\SUPERAntiSpyware.com
2009-07-26 00:27 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-24 23:42 --d----- c:\program files\Sophos
2009-07-24 22:04 --d----- c:\docume~1\andrew~1.sop\applic~1\Malwarebytes
2009-07-24 18:40 226 a------- c:\documents and settings\andrew.sophialee\dl.exe
2009-07-24 18:35 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 18:35 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-24 18:35 --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-23 22:43 67,584 a------- c:\windows\system32\drivers\vsfocemlnvbbnx.sys
2009-07-05 21:14 --d----- c:\program files\EA Games
2009-07-04 10:24 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-07-03 22:55 --d----- c:\windows\system32\XPSViewer
2009-07-03 22:53 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-07-03 22:53 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-03 22:53 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-03 22:53 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-03 22:53 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-03 22:53 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-03 22:53 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-03 22:53 --d----- C:\91ae27cf5ed57ded4c18
2009-07-03 22:47 --d----- c:\program files\MSXML 6.0
2009-07-03 21:29 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-03 21:29 139,152 a------- c:\docume~1\andrew~1.sop\applic~1\PnkBstrK.sys
2009-07-03 21:29 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-07-03 21:29 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-03 21:29 75,064 a------- c:\windows\system32\PnkBstrA.exe

==================== Find3M ====================

2009-07-08 18:14 474,792 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-01 17:19 15,939,266 a------- c:\program files\mov-converter-standard.exe
2009-05-01 16:50 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-01 16:50 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-13 19:06 1,734,304 a------- c:\program files\BitTorrent-6.1.2.exe
2009-02-25 20:17 75,935,232 a------- c:\program files\NP2k9WinDemo.exe
2009-01-28 22:18 1,234,120 a------- c:\program files\wrar380.exe
2008-10-29 20:15 303,270 a------- c:\program files\KeyBored2.0.zip

============= FINISH: 13:08:56.15 ===============

Attached Files


Edited by zorboman, 28 July 2009 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 06 August 2009 - 07:09 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 07 August 2009 - 10:53 PM

MBAM log:

Malwarebytes' Anti-Malware 1.39
Database version: 2551
Windows 5.1.2600 Service Pack 2

8/5/2009 3:32:22 PM
mbam-log-2009-08-05 (15-32-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217963
Time elapsed: 2 hour(s), 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________________________________________________________________________

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrew at 2009-08-07 23:03:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (50%) free of 29 GB
Total RAM: 511 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:52 PM, on 8/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew.SOPHIALEE\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: SmartUI.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Word Racer - http://origin.games.yahoo.net/games/clients/y/wt1_x.cab
O16 - DPF: {08BF311F-789B-4413-B7B9-05355A612410} - http://www.stop-sign.com/downloads/online_scanner.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144597757153
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144598957357
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB5D38A6-FC19-40DF-AB9C-5299DB261483}: NameServer = 192.168.2.1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9032 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-03 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-17 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4E0C464-30CE-4075-9A10-71FD106C2847}]
PrintViewBHO Class - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-03 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2002-08-12 45108]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2002-08-12 36864]
"SetDefPrt"=C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe [2003-10-31 45056]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-13 282624]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-09-03 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-01 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-13 282624]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-13 321344]
"Octoshape Streaming Services"=C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-02-02 240544]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1144721718\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144721718\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1144721718\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144721718\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\WinAntiVirus Pro 2007\AVupd.exe"="C:\Program Files\WinAntiVirus Pro 2007\AVupd.exe:*:Enabled:avupd.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{460d6d98-6e1d-11dd-b70e-0040055de08d}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-07 23:03:35 ----D---- C:\Program Files\trend micro
2009-08-07 23:03:29 ----D---- C:\rsit
2009-08-07 15:56:01 ----D---- C:\Program Files\Warcraft III
2009-08-03 23:04:49 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Octoshape
2009-07-28 16:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-26 20:46:48 ----D---- C:\Program Files\ESET
2009-07-26 00:28:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-26 00:28:17 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-26 00:28:17 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com
2009-07-26 00:27:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-24 23:42:50 ----D---- C:\Program Files\Sophos
2009-07-24 22:04:52 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Malwarebytes
2009-07-24 18:35:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-24 18:26:25 ----D---- C:\WINDOWS\ERDNT
2009-07-14 23:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 23:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 23:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-07 23:48:09 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\DNA
2009-08-07 23:08:48 ----D---- C:\Program Files\Mozilla Firefox
2009-08-07 23:03:57 ----D---- C:\WINDOWS\Prefetch
2009-08-07 23:03:35 ----AD---- C:\Program Files
2009-08-07 23:00:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 23:00:22 ----SD---- C:\WINDOWS\Tasks
2009-08-07 22:58:34 ----D---- C:\WINDOWS\Temp
2009-08-07 22:58:03 ----D---- C:\Program Files\DNA
2009-08-07 18:12:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-07 16:05:23 ----A---- C:\WINDOWS\War3Unin.exe
2009-08-06 22:44:53 ----SHD---- C:\WINDOWS\Installer
2009-08-05 19:42:01 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-08-05 13:01:54 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 23:54:07 ----D---- C:\Program Files\Starcraft
2009-08-03 23:04:50 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Mozilla
2009-07-28 21:42:20 ----D---- C:\WINDOWS
2009-07-28 21:35:18 ----SHD---- C:\WINDOWS\system32
2009-07-28 16:53:44 ----HD---- C:\WINDOWS\inf
2009-07-28 16:53:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-28 16:53:34 ----D---- C:\Program Files\Internet Explorer
2009-07-28 16:53:00 ----HD---- C:\Config.Msi
2009-07-28 16:53:00 ----D---- C:\WINDOWS\WinSxS
2009-07-28 13:09:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-27 16:47:00 ----D---- C:\Program Files\Common Files\Companion Wizard
2009-07-27 13:10:53 ----D---- C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Google
2009-07-26 21:30:16 ----D---- C:\Program Files\PrintView
2009-07-26 20:51:52 ----D---- C:\AHEDW
2009-07-26 04:19:51 ----D---- C:\WINDOWS\sv3978
2009-07-26 04:19:51 ----D---- C:\WINDOWS\sv3977
2009-07-26 04:19:50 ----D---- C:\WINDOWS\sv3976
2009-07-26 04:19:50 ----D---- C:\WINDOWS\sv3975
2009-07-26 04:19:49 ----SHD---- C:\WINDOWS\U29waGlh
2009-07-26 04:19:46 ----D---- C:\Program Files\Batty
2009-07-26 00:27:15 ----AD---- C:\Program Files\Common Files
2009-07-24 23:30:12 ----D---- C:\Program Files\EA Games
2009-07-24 22:45:15 ----SHD---- C:\Program Files\outlook
2009-07-23 22:44:04 ----D---- C:\WINDOWS\Minidump
2009-07-23 20:00:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-14 23:12:49 ----A---- C:\WINDOWS\imsins.BAK
2009-07-08 18:02:23 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-08 18:02:00 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\System32\DRIVERS\airplus.sys [2003-03-05 155520]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 BrSerWDM;Brother WDM Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-14 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\7.tmp []
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-04 63744]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-03-19 65536]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-03 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-21 182768]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

_______________________________________________________________________________________________________

info.txt:

info.txt logfile of random's system information tool 1.06 2009-08-07 23:48:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\uninst.exe -fC:\Maxis\SimPark\DeIsL1.isu
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7CB56B9-1059-4729-8F2C-5D49E515CBF5}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera WIA Driver 6.2.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4B66765B-8596-4698-A208-E23D11D84AA7} /l1033 /x
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link AirPlus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Finale NotePad 2009-->C:\Program Files\Finale NotePad 2009\uninstallNP.exe
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
Icons-->C:\WINDOWS\system32\uninstIcn.exe
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Malwarebytes' Anti-Malware-->"C:\Documents and Settings\Andrew.SOPHIALEE\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
PaperPort 8.0 SE-->MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The American Heritage Talking Dictionary-->C:\AHEDW\unsetup.exe
The Sims Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: SOPHIALEE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Record Number: 12287
Source Name: Service Control Manager
Time Written: 20090705171154.000000-240
Event Type: error
User:

Computer Name: SOPHIALEE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Record Number: 12268
Source Name: Service Control Manager
Time Written: 20090705154727.000000-240
Event Type: error
User:

Computer Name: SOPHIALEE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Record Number: 12248
Source Name: Service Control Manager
Time Written: 20090705140837.000000-240
Event Type: error
User:

Computer Name: SOPHIALEE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Record Number: 12229
Source Name: Service Control Manager
Time Written: 20090705104810.000000-240
Event Type: error
User:

Computer Name: SOPHIALEE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 12220
Source Name: Tcpip
Time Written: 20090705103201.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: SOPHIALEE
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 11
Source Name: Userenv
Time Written: 20090706154932.000000-240
Event Type: warning
User: SOPHIALEE\Andrew

Computer Name: SOPHIALEE
Event Code: 1517
Message: Windows saved user SOPHIALEE\Andrew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8
Source Name: Userenv
Time Written: 20090705224916.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SOPHIALEE
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 7
Source Name: Userenv
Time Written: 20090705224915.000000-240
Event Type: warning
User: SOPHIALEE\Andrew

Computer Name: SOPHIALEE
Event Code: 1517
Message: Windows saved user SOPHIALEE\Andrew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4
Source Name: Userenv
Time Written: 20090705160852.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SOPHIALEE
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 3
Source Name: Userenv
Time Written: 20090705160851.000000-240
Event Type: warning
User: SOPHIALEE\Andrew

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 08 August 2009 - 08:26 AM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Bitorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 09 August 2009 - 10:42 AM

I only downloaded one thing using BitTorrent. I don't need it any more so I uninstalled it. I Also installed avast antivirus.


Here's the log:

GMER 1.0.15.15020 [el7rom6w.exe] - http://www.gmer.net
Rootkit scan 2009-08-09 11:34:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF65F06B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF65F0574] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF65F0A52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF65F014C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF65F064E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF65F008C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF65F00F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF65F076E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF65F072E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF65F08AE] <-- ROOTKIT !!!

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACdebwqgodpu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACdebwqgodpu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACdebwqgodpu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACavvkbeifoa.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoylyakdkte.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvppjnavrdi.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjbqfybkayx.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACmqlqjalrmm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrbxoyubfdp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcxdxpytejb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACdebwqgodpu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACdebwqgodpu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACavvkbeifoa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoylyakdkte.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACvppjnavrdi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACjbqfybkayx.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACmqlqjalrmm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrbxoyubfdp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcxdxpytejb.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{16DC048B-2B63-8CFC-5739-F8ED01851A2F}\InprocServer32@ C:\WINDOWS\System32\qcap.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{16DC048B-2B63-8CFC-5739-F8ED01851A2F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib@ {D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}
Reg HKLM\SOFTWARE\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib@Version 2.1
Reg HKLM\SOFTWARE\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib@ {D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}
Reg HKLM\SOFTWARE\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib@Version 2.1
Reg HKLM\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib@ {569304BA-83ED-4CFF-AC26-BE3E482F7208}
Reg HKLM\SOFTWARE\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib@Version 1.0
Reg HKLM\SOFTWARE\Classes\VAXObject.Chl\CLSID@ {6BF52A52-394A-11D3-B153-00C04F79FAA6}

---- EOF - GMER 1.0.15 ----

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 09 August 2009 - 12:07 PM

Hi zorboman,

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 09 August 2009 - 01:01 PM

This is computer isn't used for any business transactions or storing personal information of any kind. Only casual internet surfing and gaming. So I've decided to go on and try to clean up the machine.

Combofixlog:

ComboFix 09-08-08.04 - Andrew 08/09/2009 13:36.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.190 [GMT -4:00]
Running from: c:\documents and settings\Andrew.SOPHIALEE\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrew.SOPHIALEE\dl.exe
c:\documents and settings\andrew\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\andrew\Start Menu\Programs\Startup\Z_Start.lnk
c:\documents and settings\andrew\Start Menu\Programs\UCmore - The Search Accelerator
c:\documents and settings\andrew\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk
c:\documents and settings\andrew\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk
c:\documents and settings\andrew\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk
c:\documents and settings\dad\Application Data\Sskdmns.dll
c:\documents and settings\dad\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
c:\documents and settings\mom\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\SophiaLee\Local Settings\Temporary Internet Files\Ssk.log
c:\documents and settings\SophiaLee\Start Menu\Programs\UCmore - The Search Accelerator
c:\documents and settings\SophiaLee\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk
c:\documents and settings\SophiaLee\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk
c:\documents and settings\SophiaLee\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk
c:\progra~1\COMMON~1\{7543A~1
c:\progra~1\COMMON~1\{7543A~2
c:\program files\batty
c:\program files\batty\datahtml.sdf
c:\program files\batty\datajava.sdf
c:\program files\batty\Uninstall.exe
c:\program files\Common Files\companion wizard
c:\program files\Common Files\mbols~1
c:\program files\outlook
c:\program files\printview
c:\program files\printview\chnlist.dat
c:\program files\printview\hotlist.dat
c:\program files\printview\remlist.dat
c:\program files\printview\setup.exe
c:\program files\Utility
c:\program files\Utility\ftoolbar.xml
c:\program files\Utility\logo.bmp
c:\program files\Utility\nav.bmp
c:\program files\Utility\nav_hot.bmp
c:\program files\Utility\public.xml
c:\program files\Utility\version
c:\recycler\S-1-5-21-1275210071-1770027372-682003330-1004
c:\recycler\S-1-5-21-1275210071-1770027372-682003330-1005
c:\recycler\S-1-5-21-1275210071-1770027372-682003330-1006
c:\recycler\S-1-5-21-1275210071-1770027372-682003330-1007
c:\recycler\S-1-5-21-1275210071-1770027372-682003330-500
c:\recycler\S-1-5-21-1645522239-823518204-839522115-1005
c:\recycler\S-1-5-21-1645522239-823518204-839522115-1006
c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
c:\windows\Installer\249bae.msi
c:\windows\Installer\835bf4.msi
c:\windows\run.log
c:\windows\smbols~1
c:\windows\system32\aaa00000.sys
c:\windows\system32\battyrun.dll
c:\windows\system32\drivers\vsfocemlnvbbnx.sys
c:\windows\system32\stera.log
c:\windows\system32\uninsticn.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-08 15:24 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 15:24 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 15:24 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-08 15:23 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 15:23 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-08 15:23 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-08 15:23 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 15:23 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 15:23 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 15:23 . 2009-08-08 15:23 -------- d-----w- c:\program files\Alwil Software
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- c:\program files\trend micro
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- C:\rsit
2009-08-07 19:56 . 2009-08-09 03:44 -------- d-----w- c:\program files\Warcraft III
2009-08-05 17:01 . 2009-08-05 17:01 3942048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 03:04 . 2009-08-04 03:04 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-08-04 03:04 . 2009-08-04 03:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape
2009-08-04 03:04 . 2009-06-22 13:37 397824 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-libOctoshapeClient.dll
2009-08-04 03:04 . 2009-06-22 13:37 124184 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-apoctoshape.dll
2009-08-04 03:04 . 2009-06-22 13:37 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-npoctoshape.dll
2009-08-04 03:04 . 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
2009-07-27 19:15 . 2009-07-27 19:47 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\DoctorWeb
2009-07-27 00:46 . 2009-07-27 00:46 -------- d-----w- c:\program files\ESET
2009-07-26 04:29 . 2009-08-05 23:44 117760 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com
2009-07-26 04:27 . 2009-07-26 04:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-25 03:42 . 2009-07-25 03:42 -------- d-----w- c:\program files\Sophos
2009-07-25 02:04 . 2009-07-25 02:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Malwarebytes
2009-07-24 22:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 22:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 22:35 . 2009-07-24 22:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:21 . 2006-01-22 18:48 -------- d-----w- c:\program files\Canon
2009-08-09 17:19 . 2003-03-06 21:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 15:18 . 2008-12-24 00:21 -------- d-----w- c:\program files\BitTorrent
2009-08-07 20:32 . 2008-08-25 19:58 154258 ----a-w- c:\windows\War3Unin.dat
2009-08-07 20:05 . 2008-08-25 19:58 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-07 20:05 . 2008-08-25 19:58 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-04 03:54 . 2006-07-28 23:48 -------- d-----w- c:\program files\Starcraft
2009-07-27 01:02 . 2007-10-26 19:55 -------- d-----w- c:\documents and settings\SophiaLee\Application Data\Move Networks
2009-07-25 03:30 . 2009-07-06 01:14 -------- d-----w- c:\program files\EA Games
2009-07-24 22:45 . 2009-04-22 00:36 110592 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\cleanup.exe
2009-07-24 22:45 . 2009-04-22 00:11 3096576 ---ha-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\Launchpad Removal.exe
2009-07-24 22:45 . 2009-06-18 19:52 385024 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-24 22:45 . 2009-07-04 00:35 1286144 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-08 22:14 . 2009-07-24 22:47 474792 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-07-08 22:02 . 2009-07-04 01:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-05 00:50 . 2008-08-27 02:49 31960 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 03:05 . 2008-12-01 20:52 31960 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 02:55 . 2009-07-04 02:55 -------- d-----w- c:\program files\MSBuild
2009-07-04 02:54 . 2009-07-04 02:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-04 02:47 . 2009-07-04 02:47 -------- d-----w- c:\program files\MSXML 6.0
2009-07-04 01:29 . 2009-07-04 01:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-26 16:18 . 2004-01-08 19:23 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 20:36 . 2009-07-04 00:35 729088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-21 19:54 . 2008-08-19 19:10 3096576 ---ha-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\Launchpad Removal.exe
2009-06-21 19:54 . 2008-08-19 18:35 110592 ----a-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\cleanup.exe
2009-06-21 19:54 . 2008-04-22 02:16 45056 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\setup.exe
2009-06-21 19:54 . 2008-04-22 02:16 49152 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\schedule.exe
2009-06-21 19:54 . 2008-04-22 02:17 13283328 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\RealPlayer11GOLD.exe
2009-06-21 19:53 . 2008-04-22 02:17 1138688 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-06-21 19:53 . 2008-04-22 02:17 85504 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
2009-06-21 19:52 . 2008-01-23 21:59 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\MoveMediaPlayer_07076007.exe
2009-06-21 19:52 . 2007-10-26 19:55 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-21 19:52 . 2008-01-12 05:11 94208 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 14:55 . 2002-06-25 19:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-06-25 19:06 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 02:42 . 2009-06-14 02:42 0 ----a-w- c:\windows\VDM25.tmp
2009-06-13 01:03 . 2008-11-30 03:29 -------- d-----w- c:\program files\AIM6
2009-06-13 01:02 . 2006-04-11 02:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-06-13 01:01 . 2006-04-11 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-06-03 19:27 . 2002-06-25 19:22 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 05:36 . 2009-06-13 01:01 28 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 01:01 25 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 01:01 111920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 05:35 . 2009-06-13 01:01 11568 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\tbinst.dll
2009-05-19 05:35 . 2009-06-13 01:01 74536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\instSup.dll
2009-05-19 05:35 . 2009-06-13 01:01 15144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ocpchk.dll
2009-05-19 05:35 . 2009-06-13 01:01 10544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\imappver.dll
2009-05-19 05:35 . 2009-06-13 01:01 95792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLFirewallMgr.dll
2009-05-19 05:35 . 2009-06-13 01:01 1025328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\gui.dll
2009-05-19 05:35 . 2009-06-13 01:01 83752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ProgUpd.dll
2009-05-01 21:19 . 2009-05-01 21:16 15939266 ----a-w- c:\program files\mov-converter-standard.exe
2009-03-13 23:06 . 2009-03-13 23:06 1734304 ----a-w- c:\program files\BitTorrent-6.1.2.exe
2009-02-26 00:17 . 2009-02-26 00:06 75935232 ----a-w- c:\program files\NP2k9WinDemo.exe
2009-01-29 02:18 . 2009-01-29 02:18 1234120 ----a-w- c:\program files\wrar380.exe
2008-10-30 00:15 . 2008-10-30 00:15 303270 ----a-w- c:\program files\KeyBored2.0.zip
.

------- Sigcheck -------

[-] 2002-06-25 19:27 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2002-06-25 19:35 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2002-06-25 19:33 429056 C605FFF733AAD029D6B533E609C8A6E6 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2002-06-25 19:17 161536 3EFD4F59BA0A340DE0A3AB984001DBF7 c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2002-06-25 19:12 11776 8A590EA109B5E0C7629E022F8A6B17C5 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2002-06-25 19:03 13312 85B1054DB58D13AA42D7DCA778C30F57 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2002-06-25 19:30 21504 585398603F570F9705774D65D292E5D1 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2002-06-25 19:28 197632 344784BB9B02891E813260C192F271DE c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2002-06-25 19:21 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2002-06-25 19:08 96768 E046037FD5BCDF92CE1A122B749B9B09 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2002-06-25 18:59 155648 14F36167D270C83C7F90956B1F0BBBB6 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2002-06-25 19:09 23424 9C30CD464D87102497FD7C32910E6253 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2002-06-25 19:02 792064 1F51839ECCF908FD86558198909262E4 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2002-06-25 19:12 18944 55990CA08692E2739A8DDCE0B04352AC c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll

[-] 2002-06-25 18:59 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2002-06-25 18:59 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2002-06-25 19:19 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2002-06-25 19:19 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2002-06-25 19:15 34304 A81487520F11F65BF270D50EE29887B2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2002-06-25 18:58 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2002-06-25 19:24 4096 52BB2A508CB3EB8AAA5F6F142F5B73D6 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2002-06-25 19:18 397824 F41C1602DC79AB72035F2388FCA0255F c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 07:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 07:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[7] 2004-07-01 22:08 361984 696AC82FB290A03F205901442E0E9589 c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-06-25 19:22 179200 3E6ACF2CD2E8C19B16E4B42D08CA3838 c:\windows\$NtUninstallKB842773$\qmgr.dll
[-] 2004-08-04 07:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 07:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[7] 2004-07-01 22:08 361984 696AC82FB290A03F205901442E0E9589 c:\windows\system32\bits\qmgr.dll

[-] 2002-06-25 18:59 13568 03F403B07A884FC2AA54A0916C410931 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2002-06-25 19:27 155136 DF1C1B1BBF96DA0DB73A59E75AD44835 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 07:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 07:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2004-08-04 07:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 07:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2002-06-25 19:19 392192 C63415DEFA08D7BD244E636C97B32F3D c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 07:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 07:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2002-06-25 19:22 82944 442ED09256E1D55D128219CF1AB27554 c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2004-08-04 07:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasauto.dll
[-] 2004-08-04 07:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2002-06-25 19:24 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"Octoshape Streaming Services"="c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-09-03 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2008-11-11 262144]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aim6.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/8/2009 11:23 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/8/2009 11:23 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 8:53 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/30/2006 2:38 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/30/2006 2:37 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/30/2006 2:38 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/30/2006 2:38 PM 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
Notify-= - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {AB5D38A6-FC19-40DF-AB9C-5299DB261483} = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Word Racer - hxxp://origin.games.yahoo.net/games/clients/y/wt1_x.cab
DPF: {08BF311F-789B-4413-B7B9-05355A612410} - hxxp://www.stop-sign.com/downloads/online_scanner.cab
FF - ProfilePath - c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 13:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}\TypeLib]
@DACL=(02 0000)
@="{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}"
"Version"="2.1"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}\TypeLib]
@DACL=(02 0000)
@="{D13DECBB-52F8-4BF4-BA6C-B0CC603963C9}"
"Version"="2.1"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib]
@DACL=(02 0000)
@="{569304BA-83ED-4CFF-AC26-BE3E482F7208}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\VAXObject.Chl\CLSID]
@DACL=(02 0000)
@="{6BF52A52-394A-11D3-B153-00C04F79FAA6}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3160)
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-08-09 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 17:58

Pre-Run: 16,160,067,584 bytes free
Post-Run: 17,695,465,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

455 --- E O F --- 2009-08-08 05:57

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 10 August 2009 - 12:53 PM

Hi zorboman,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\VDM25.tmp
Folder::
C:\AHEDW
C:\WINDOWS\sv3978
C:\WINDOWS\sv3977
C:\WINDOWS\sv3976
C:\WINDOWS\sv3975
C:\WINDOWS\U29waGlh
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Reglockdel::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{597AA130-F00B-40B8-ADAF-529D4DA9BE52}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7682C1A6-C500-4C78-93B9-5A76A91520F8}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B]
[HKEY_LOCAL_MACHINE\software\Classes\VAXObject.Chl]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#9 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 August 2009 - 01:54 PM

ComboFix 09-08-10.01 - Andrew 08/10/2009 14:39.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.233 [GMT -4:00]
Running from: c:\documents and settings\Andrew.SOPHIALEE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew.SOPHIALEE\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\VDM25.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
C:\AHEDW
c:\windows\sv3975
c:\windows\sv3976
c:\windows\sv3977
c:\windows\sv3978
c:\windows\U29waGlh

.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-08 15:24 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 15:24 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 15:24 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-08 15:23 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 15:23 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-08 15:23 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-08 15:23 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 15:23 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 15:23 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 15:23 . 2009-08-08 15:23 -------- d-----w- c:\program files\Alwil Software
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- c:\program files\trend micro
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- C:\rsit
2009-08-07 19:56 . 2009-08-10 02:53 -------- d-----w- c:\program files\Warcraft III
2009-08-05 17:01 . 2009-08-05 17:01 3942048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 03:04 . 2009-08-04 03:04 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-08-04 03:04 . 2009-08-04 03:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape
2009-08-04 03:04 . 2009-06-22 13:37 397824 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-libOctoshapeClient.dll
2009-08-04 03:04 . 2009-06-22 13:37 124184 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-apoctoshape.dll
2009-08-04 03:04 . 2009-06-22 13:37 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-npoctoshape.dll
2009-08-04 03:04 . 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
2009-07-27 19:15 . 2009-07-27 19:47 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\DoctorWeb
2009-07-27 00:46 . 2009-07-27 00:46 -------- d-----w- c:\program files\ESET
2009-07-26 04:29 . 2009-08-05 23:44 117760 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com
2009-07-26 04:27 . 2009-07-26 04:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-25 03:42 . 2009-07-25 03:42 -------- d-----w- c:\program files\Sophos
2009-07-25 02:04 . 2009-07-25 02:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Malwarebytes
2009-07-24 22:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 22:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 22:35 . 2009-07-24 22:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:21 . 2006-01-22 18:48 -------- d-----w- c:\program files\Canon
2009-08-09 17:19 . 2003-03-06 21:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 15:18 . 2008-12-24 00:21 -------- d-----w- c:\program files\BitTorrent
2009-08-07 20:32 . 2008-08-25 19:58 154258 ----a-w- c:\windows\War3Unin.dat
2009-08-07 20:05 . 2008-08-25 19:58 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-07 20:05 . 2008-08-25 19:58 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-04 03:54 . 2006-07-28 23:48 -------- d-----w- c:\program files\Starcraft
2009-07-27 01:02 . 2007-10-26 19:55 -------- d-----w- c:\documents and settings\SophiaLee\Application Data\Move Networks
2009-07-25 03:30 . 2009-07-06 01:14 -------- d-----w- c:\program files\EA Games
2009-07-24 22:45 . 2009-04-22 00:36 110592 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\cleanup.exe
2009-07-24 22:45 . 2009-04-22 00:11 3096576 ---ha-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\Launchpad Removal.exe
2009-07-24 22:45 . 2009-06-18 19:52 385024 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-24 22:45 . 2009-07-04 00:35 1286144 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-08 22:14 . 2009-07-24 22:47 474792 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-07-08 22:02 . 2009-07-04 01:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-05 00:50 . 2008-08-27 02:49 31960 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 03:05 . 2008-12-01 20:52 31960 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 02:55 . 2009-07-04 02:55 -------- d-----w- c:\program files\MSBuild
2009-07-04 02:54 . 2009-07-04 02:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-04 02:47 . 2009-07-04 02:47 -------- d-----w- c:\program files\MSXML 6.0
2009-07-04 01:29 . 2009-07-04 01:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-26 16:18 . 2004-01-08 19:23 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 20:36 . 2009-07-04 00:35 729088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-21 19:54 . 2008-08-19 19:10 3096576 ---ha-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\Launchpad Removal.exe
2009-06-21 19:54 . 2008-08-19 18:35 110592 ----a-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\cleanup.exe
2009-06-21 19:54 . 2008-04-22 02:16 45056 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\setup.exe
2009-06-21 19:54 . 2008-04-22 02:16 49152 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\schedule.exe
2009-06-21 19:54 . 2008-04-22 02:17 13283328 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\RealPlayer11GOLD.exe
2009-06-21 19:53 . 2008-04-22 02:17 1138688 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-06-21 19:53 . 2008-04-22 02:17 85504 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
2009-06-21 19:52 . 2008-01-23 21:59 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\MoveMediaPlayer_07076007.exe
2009-06-21 19:52 . 2007-10-26 19:55 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-21 19:52 . 2008-01-12 05:11 94208 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 14:55 . 2002-06-25 19:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-06-25 19:06 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 02:42 . 2009-06-14 02:42 0 ----a-w- c:\windows\VDM25.tmp
2009-06-13 01:03 . 2008-11-30 03:29 -------- d-----w- c:\program files\AIM6
2009-06-13 01:02 . 2006-04-11 02:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-06-13 01:01 . 2006-04-11 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-06-03 19:27 . 2002-06-25 19:22 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 05:36 . 2009-06-13 01:01 28 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 01:01 25 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 01:01 111920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 05:35 . 2009-06-13 01:01 11568 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\tbinst.dll
2009-05-19 05:35 . 2009-06-13 01:01 74536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\instSup.dll
2009-05-19 05:35 . 2009-06-13 01:01 15144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ocpchk.dll
2009-05-19 05:35 . 2009-06-13 01:01 10544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\imappver.dll
2009-05-19 05:35 . 2009-06-13 01:01 95792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLFirewallMgr.dll
2009-05-19 05:35 . 2009-06-13 01:01 1025328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\gui.dll
2009-05-19 05:35 . 2009-06-13 01:01 83752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ProgUpd.dll
2009-05-01 21:19 . 2009-05-01 21:16 15939266 ----a-w- c:\program files\mov-converter-standard.exe
2009-03-13 23:06 . 2009-03-13 23:06 1734304 ----a-w- c:\program files\BitTorrent-6.1.2.exe
2009-02-26 00:17 . 2009-02-26 00:06 75935232 ----a-w- c:\program files\NP2k9WinDemo.exe
2009-01-29 02:18 . 2009-01-29 02:18 1234120 ----a-w- c:\program files\wrar380.exe
2008-10-30 00:15 . 2008-10-30 00:15 303270 ----a-w- c:\program files\KeyBored2.0.zip
.

((((((((((((((((((((((((((((( SnapShot@2009-08-09_17.51.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 18:30 . 2009-08-10 18:30 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"Octoshape Streaming Services"="c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-09-03 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2008-11-11 262144]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aim6.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/8/2009 11:23 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/8/2009 11:23 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 8:53 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/30/2006 2:38 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/30/2006 2:37 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/30/2006 2:38 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/30/2006 2:38 PM 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {AB5D38A6-FC19-40DF-AB9C-5299DB261483} = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Word Racer - hxxp://origin.games.yahoo.net/games/clients/y/wt1_x.cab
DPF: {08BF311F-789B-4413-B7B9-05355A612410} - hxxp://www.stop-sign.com/downloads/online_scanner.cab
FF - ProfilePath - c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 14:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib]
@DACL=(02 0000)
@="{569304BA-83ED-4CFF-AC26-BE3E482F7208}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-10 14:51
ComboFix-quarantined-files.txt 2009-08-10 18:51
ComboFix2.txt 2009-08-09 17:59

Pre-Run: 17,719,836,672 bytes free
Post-Run: 17,725,751,296 bytes free

252 --- E O F --- 2009-08-08 05:57

Edited by zorboman, 10 August 2009 - 01:55 PM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 10 August 2009 - 02:11 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\VDM25.tmp
Reglockdel::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then please post back here with the following:
  • Combofix.txt
  • Eset report
Thanks

unite.jpg


#11 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 August 2009 - 06:42 PM

The ESET scan came out clean, so there was no log.

Here's the combo fix log:

ComboFix 09-08-10.01 - Andrew 08/10/2009 16:55.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.246 [GMT -4:00]
Running from: c:\documents and settings\Andrew.SOPHIALEE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew.SOPHIALEE\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
"c:\windows\VDM25.tmp"
.

((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-08 15:24 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 15:24 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 15:24 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-08 15:23 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 15:23 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-08 15:23 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-08 15:23 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 15:23 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 15:23 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 15:23 . 2009-08-08 15:23 -------- d-----w- c:\program files\Alwil Software
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- c:\program files\trend micro
2009-08-08 03:03 . 2009-08-08 03:48 -------- d-----w- C:\rsit
2009-08-07 19:56 . 2009-08-10 02:53 -------- d-----w- c:\program files\Warcraft III
2009-08-05 17:01 . 2009-08-05 17:01 3942048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 03:04 . 2009-08-04 03:04 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-08-04 03:04 . 2009-08-04 03:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape
2009-08-04 03:04 . 2009-06-22 13:37 397824 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-libOctoshapeClient.dll
2009-08-04 03:04 . 2009-06-22 13:37 124184 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-apoctoshape.dll
2009-08-04 03:04 . 2009-06-22 13:37 120088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\sua-0906220-0-npoctoshape.dll
2009-08-04 03:04 . 2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
2009-07-27 19:15 . 2009-07-27 19:47 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\DoctorWeb
2009-07-27 00:46 . 2009-07-27 00:46 -------- d-----w- c:\program files\ESET
2009-07-26 04:29 . 2009-08-05 23:44 117760 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-26 04:28 . 2009-07-26 04:28 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\SUPERAntiSpyware.com
2009-07-26 04:27 . 2009-07-26 04:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-25 03:42 . 2009-07-25 03:42 -------- d-----w- c:\program files\Sophos
2009-07-25 02:04 . 2009-07-25 02:04 -------- d-----w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Malwarebytes
2009-07-24 22:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 22:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 22:35 . 2009-07-24 22:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:21 . 2006-01-22 18:48 -------- d-----w- c:\program files\Canon
2009-08-09 17:19 . 2003-03-06 21:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 15:18 . 2008-12-24 00:21 -------- d-----w- c:\program files\BitTorrent
2009-08-07 20:32 . 2008-08-25 19:58 154258 ----a-w- c:\windows\War3Unin.dat
2009-08-07 20:05 . 2008-08-25 19:58 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-07 20:05 . 2008-08-25 19:58 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-04 03:54 . 2006-07-28 23:48 -------- d-----w- c:\program files\Starcraft
2009-07-27 01:02 . 2007-10-26 19:55 -------- d-----w- c:\documents and settings\SophiaLee\Application Data\Move Networks
2009-07-25 03:30 . 2009-07-06 01:14 -------- d-----w- c:\program files\EA Games
2009-07-24 22:45 . 2009-04-22 00:36 110592 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\cleanup.exe
2009-07-24 22:45 . 2009-04-22 00:11 3096576 ---ha-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\U3\temp\Launchpad Removal.exe
2009-07-24 22:45 . 2009-06-18 19:52 385024 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-24 22:45 . 2009-07-04 00:35 1286144 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-08 22:14 . 2009-07-24 22:47 474792 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-07-08 22:02 . 2009-07-04 01:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 139152 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\PnkBstrK.sys
2009-07-08 22:02 . 2009-07-04 01:29 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-05 00:50 . 2008-08-27 02:49 31960 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 03:05 . 2008-12-01 20:52 31960 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 02:55 . 2009-07-04 02:55 -------- d-----w- c:\program files\MSBuild
2009-07-04 02:54 . 2009-07-04 02:54 -------- d-----w- c:\program files\Reference Assemblies
2009-07-04 02:47 . 2009-07-04 02:47 -------- d-----w- c:\program files\MSXML 6.0
2009-07-04 01:29 . 2009-07-04 01:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-26 16:18 . 2004-01-08 19:23 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 20:36 . 2009-07-04 00:35 729088 ----a-w- c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-21 19:54 . 2008-08-19 19:10 3096576 ---ha-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\Launchpad Removal.exe
2009-06-21 19:54 . 2008-08-19 18:35 110592 ----a-w- c:\documents and settings\SophiaLee\Application Data\U3\temp\cleanup.exe
2009-06-21 19:54 . 2008-04-22 02:16 45056 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\setup.exe
2009-06-21 19:54 . 2008-04-22 02:16 49152 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\schedule.exe
2009-06-21 19:54 . 2008-04-22 02:17 13283328 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\RealPlayer11GOLD.exe
2009-06-21 19:53 . 2008-04-22 02:17 1138688 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-06-21 19:53 . 2008-04-22 02:17 85504 ----a-w- c:\documents and settings\SophiaLee\Application Data\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
2009-06-21 19:52 . 2008-01-23 21:59 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\MoveMediaPlayer_07076007.exe
2009-06-21 19:52 . 2007-10-26 19:55 33280 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-21 19:52 . 2008-01-12 05:11 94208 ----a-w- c:\documents and settings\SophiaLee\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 14:55 . 2002-06-25 19:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2002-06-25 19:06 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 02:42 . 2009-06-14 02:42 0 ----a-w- c:\windows\VDM25.tmp
2009-06-13 01:03 . 2008-11-30 03:29 -------- d-----w- c:\program files\AIM6
2009-06-13 01:02 . 2006-04-11 02:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-06-13 01:01 . 2006-04-11 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-06-03 19:27 . 2002-06-25 19:22 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 05:36 . 2009-06-13 01:01 28 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 01:01 25 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 01:01 111920 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 05:35 . 2009-06-13 01:01 11568 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\tbinst.dll
2009-05-19 05:35 . 2009-06-13 01:01 74536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\instSup.dll
2009-05-19 05:35 . 2009-06-13 01:01 15144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ocpchk.dll
2009-05-19 05:35 . 2009-06-13 01:01 10544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\imappver.dll
2009-05-19 05:35 . 2009-06-13 01:01 95792 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\AOLFirewallMgr.dll
2009-05-19 05:35 . 2009-06-13 01:01 1025328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\gui.dll
2009-05-19 05:35 . 2009-06-13 01:01 83752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads\SUD4426\ProgUpd.dll
2009-05-01 21:19 . 2009-05-01 21:16 15939266 ----a-w- c:\program files\mov-converter-standard.exe
2009-03-13 23:06 . 2009-03-13 23:06 1734304 ----a-w- c:\program files\BitTorrent-6.1.2.exe
2009-02-26 00:17 . 2009-02-26 00:06 75935232 ----a-w- c:\program files\NP2k9WinDemo.exe
2009-01-29 02:18 . 2009-01-29 02:18 1234120 ----a-w- c:\program files\wrar380.exe
2008-10-30 00:15 . 2008-10-30 00:15 303270 ----a-w- c:\program files\KeyBored2.0.zip
.

------- Sigcheck -------

[-] 2002-06-25 19:27 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2002-06-25 19:35 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2002-06-25 19:33 429056 C605FFF733AAD029D6B533E609C8A6E6 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2002-06-25 19:17 161536 3EFD4F59BA0A340DE0A3AB984001DBF7 c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2002-06-25 19:12 11776 8A590EA109B5E0C7629E022F8A6B17C5 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2002-06-25 19:03 13312 85B1054DB58D13AA42D7DCA778C30F57 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2002-06-25 19:30 21504 585398603F570F9705774D65D292E5D1 c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2002-06-25 19:28 197632 344784BB9B02891E813260C192F271DE c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2002-06-25 19:21 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2002-06-25 19:08 96768 E046037FD5BCDF92CE1A122B749B9B09 c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2002-06-25 18:59 155648 14F36167D270C83C7F90956B1F0BBBB6 c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2002-06-25 19:09 23424 9C30CD464D87102497FD7C32910E6253 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2002-06-25 19:02 792064 1F51839ECCF908FD86558198909262E4 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll
[-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2002-06-25 19:12 18944 55990CA08692E2739A8DDCE0B04352AC c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll

[-] 2002-06-25 18:59 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2002-06-25 18:59 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2002-06-25 19:19 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2002-06-25 19:19 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2002-06-25 19:15 34304 A81487520F11F65BF270D50EE29887B2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2002-06-25 18:58 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2002-06-25 19:24 4096 52BB2A508CB3EB8AAA5F6F142F5B73D6 c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2002-06-25 19:18 397824 F41C1602DC79AB72035F2388FCA0255F c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 07:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 07:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[7] 2004-07-01 22:08 361984 696AC82FB290A03F205901442E0E9589 c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-06-25 19:22 179200 3E6ACF2CD2E8C19B16E4B42D08CA3838 c:\windows\$NtUninstallKB842773$\qmgr.dll
[-] 2004-08-04 07:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 07:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[7] 2004-07-01 22:08 361984 696AC82FB290A03F205901442E0E9589 c:\windows\system32\bits\qmgr.dll

[-] 2002-06-25 19:24 174080 73968C834C316ADC7A2F07DC4B5F3665 c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 07:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 07:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll

[-] 2002-06-25 18:59 13568 03F403B07A884FC2AA54A0916C410931 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 06:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2002-06-25 19:27 155136 DF1C1B1BBF96DA0DB73A59E75AD44835 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 07:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 07:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2004-08-04 07:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 07:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2002-06-25 19:19 392192 C63415DEFA08D7BD244E636C97B32F3D c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 07:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 07:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2002-06-25 19:22 82944 442ED09256E1D55D128219CF1AB27554 c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2004-08-04 07:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rasauto.dll
[-] 2004-08-04 07:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2002-06-25 19:24 1562112 9E415EFDF50F26BCBC97C80F4E6C30CC c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_17.51.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 18:30 . 2009-08-10 18:30 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"Octoshape Streaming Services"="c:\documents and settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-14 282624]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-09-03 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2008-11-11 262144]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144721718\\ee\\aim6.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/8/2009 11:23 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/8/2009 11:23 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 8:53 AM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/30/2006 2:38 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/30/2006 2:37 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/30/2006 2:38 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/30/2006 2:38 PM 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {AB5D38A6-FC19-40DF-AB9C-5299DB261483} = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Word Racer - hxxp://origin.games.yahoo.net/games/clients/y/wt1_x.cab
DPF: {08BF311F-789B-4413-B7B9-05355A612410} - hxxp://www.stop-sign.com/downloads/online_scanner.cab
FF - ProfilePath - c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\Firefox\Profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Andrew.SOPHIALEE\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\ANDREW~1.SOP\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-10 17:05
ComboFix-quarantined-files.txt 2009-08-10 21:05
ComboFix2.txt 2009-08-10 18:51
ComboFix3.txt 2009-08-09 17:59

Pre-Run: 17,738,989,568 bytes free
Post-Run: 17,724,018,688 bytes free

344 --- E O F --- 2009-08-08 05:57

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 10 August 2009 - 06:59 PM

zorboman,

Let me no in your next reply how your computer is running and if their are any more problems.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\VDM25.tmp
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Then please post back here with the following:
  • OTM results
  • New DDS log
Thanks

unite.jpg


#13 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 August 2009 - 07:57 PM

My computer is running perfectly fine, without any problems at all.

OTM results:

All processes killed
========== FILES ==========
c:\windows\VDM25.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: All Users.WINDOWS

User: andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Andrew.SOPHIALEE
->Temp folder emptied: 152222 bytes
->Temporary Internet Files folder emptied: 147657 bytes
->Java cache emptied: 13425511 bytes
->FireFox cache emptied: 97428833 bytes

User: dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 3617424 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 60190821 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: mom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 2072 bytes
File delete failed. C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Sophia
File delete failed. C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\K5OTYBSX\CHLOE[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\F2KVJ58H\CHLOE[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\E8I5YGZ9\CHLOE[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\E10F6HU5\CHLOE[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\ALEH85M5\fullsize[1]. scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 25486249 bytes

User: SophiaLee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 4845066 bytes
->FireFox cache emptied: 73433652 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1304898 bytes
%systemroot%\System32 .tmp files removed: 6675721 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 23361 bytes
RecycleBin emptied: 1289 bytes

Total Files Cleaned = 273.51 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08102009_203007

Files moved on Reboot...
File C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\K5OTYBSX\CHLOE[1]. not found!
File C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\F2KVJ58H\CHLOE[1]. not found!
File C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\E8I5YGZ9\CHLOE[1]. not found!
File C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\E10F6HU5\CHLOE[1]. not found!
File C:\Documents and Settings\Sophia\Local Settings\Temporary Internet Files\Content.IE5\ALEH85M5\fullsize[1]. not found!
C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat moved successfully.

Registry entries deleted on Reboot...
_______________________________________________________________________________________________________

DDS results:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Andrew at 20:52:54.29 on Mon 08/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.245 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Andrew.SOPHIALEE\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Andrew.SOPHIALEE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = https://my.screenname.aol.com/_cqr/login/lo...n&locale=US
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [Octoshape Streaming Services] "c:\documents and settings\andrew.sophialee\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Word Racer - hxxp://origin.games.yahoo.net/games/clients/y/wt1_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {08BF311F-789B-4413-B7B9-05355A612410} - hxxp://www.stop-sign.com/downloads/online_scanner.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144597757153
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144598957357
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {AB5D38A6-FC19-40DF-AB9C-5299DB261483} = 192.168.2.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew~1.sop\applic~1\mozilla\firefox\profiles\nxjb58vo.default\
FF - plugin: c:\documents and settings\andrew.sophialee\application data\mozilla\firefox\profiles\nxjb58vo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\andrew.sophialee\application data\mozilla\firefox\profiles\nxjb58vo.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\andrew.sophialee\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-8 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-8 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-8 138680]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-8 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-8 352920]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-4-30 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-4-30 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-4-30 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-4-30 10368]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-10 66056]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-08-10 20:30 <DIR> --d----- C:\_OTM
2009-08-10 17:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-10 17:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-10 16:02 <DIR> --ds---- C:\ComboFix
2009-08-09 13:57 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-09 13:32 <DIR> a-dshr-- C:\cmdcons
2009-08-09 13:30 216,064 a------- c:\windows\PEV.exe
2009-08-09 13:30 161,792 a------- c:\windows\SWREG.exe
2009-08-09 13:30 98,816 a------- c:\windows\sed.exe
2009-08-07 23:03 <DIR> --d----- c:\program files\trend micro
2009-08-03 23:04 <DIR> --d----- c:\docume~1\andrew~1.sop\applic~1\Octoshape
2009-07-27 15:15 <DIR> --d----- c:\documents and settings\andrew.sophialee\DoctorWeb
2009-07-26 20:46 <DIR> --d----- c:\program files\ESET
2009-07-26 00:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-26 00:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-26 00:28 <DIR> --d----- c:\docume~1\andrew~1.sop\applic~1\SUPERAntiSpyware.com
2009-07-26 00:27 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-24 23:42 <DIR> --d----- c:\program files\Sophos
2009-07-24 22:04 <DIR> --d----- c:\docume~1\andrew~1.sop\applic~1\Malwarebytes
2009-07-24 18:35 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 18:35 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-24 18:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2009-08-07 16:32 154,258 a------- c:\windows\War3Unin.dat
2009-08-07 16:05 139,264 a------- c:\windows\War3Unin.exe
2009-08-07 16:05 2,829 a------- c:\windows\War3Unin.pif
2009-07-08 18:14 474,792 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-07-08 18:02 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-08 18:02 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 18:02 139,152 a------- c:\docume~1\andrew~1.sop\applic~1\PnkBstrK.sys
2009-07-08 18:02 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-07-03 21:29 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 12:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 12:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-01 17:19 15,939,266 a------- c:\program files\mov-converter-standard.exe
2009-03-13 19:06 1,734,304 a------- c:\program files\BitTorrent-6.1.2.exe
2009-02-25 20:17 75,935,232 a------- c:\program files\NP2k9WinDemo.exe
2009-01-28 22:18 1,234,120 a------- c:\program files\wrar380.exe
2008-10-29 20:15 303,270 a------- c:\program files\KeyBored2.0.zip

============= FINISH: 20:53:37.48 ===============

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:04 AM

Posted 10 August 2009 - 08:20 PM

zorboman,

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Nex

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image

Then post back with a new DDS log.

Thanks

unite.jpg


#15 zorboman

zorboman
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 10 August 2009 - 08:43 PM

The site won't let me download. when I press express is just says "The website has encountered a problem and cannot display the page you are trying to view."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users