Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches being redirected


  • This topic is locked This topic is locked
24 replies to this topic

#1 roversgate

roversgate

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 02 August 2009 - 11:07 PM

I was asked to post my HJT log here instead of the Windows XP forum I originally posted it on. I followed the instructions and have posted them here:
DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 23:58:35.60 on Sun 08/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.234 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32igfxtray.exe
C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1COMMON~1AOL124311~1EEAOLHOS~1.EXE
C:PROGRA~1COMMON~1AOL124311~1EEAOLServiceHost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gatewaybiz.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:program filescommon filessymantec sharedadblockingNISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:program filesnorton internet securitynorton antivirusNavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar2.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [Skype] "c:documents and settingsownerdesktopSkype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [RegistryMechanic] c:program filesregistry mechanicRegMech.exe /H
uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [NeroFilterCheck] c:windowssystem32NeroCheck.exe
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [IS CfgWiz] c:program filesnorton internet securitycfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:program filesnorton internet securityUrlLstCk.exe
mRun: [SSC_UserPrompt] c:program filescommon filessymantec sharedsecurity centerUsrPrmpt.exe
mRun: [SynTPLpr] c:program filessynapticssyntpSynTPLpr.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [RemoteControl] "c:program filescyberlinkpowerdvdPDVDServ.exe"
mRun: [HostManager] c:program filescommon filesaol1243110623eeAOLHostManager.exe
mRun: [AOL Spyware Protection] "c:progra~1common~1aolaolspy~1AOLSP Scheduler.exe"
mRun: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [MCAgentExe] c:progra~1mcafee.comagentmcagent.exe
mRun: [MCUpdateExe] c:progra~1mcafee.comagentmcupdate.exe
mRun: [_AntiSpyware] c:progra~1mcafeemcafee~1MssCli.exe
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~1.lnk - c:program filesadobeacrobat 7.0readerreader_sl.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupbigfix.lnk - c:program filesbigfixBigFix.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupinstal~1.lnk - c:program filessifxinstSIFXINST.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeoffice10OSA.EXE
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: cru629.dat
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:docume~1ownerapplic~1mozillafirefoxprofilesx1w4jdet.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - plugin: c:program filesgoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJava11.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJava12.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJava13.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJava14.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJava32.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPJPI150_02.dll
FF - plugin: c:program filesjavajre1.5.0_02binNPOJI610.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-7-29 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-7-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-7-29 108552]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-7-28 72944]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-7-29 298776]
R2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccEvtMgr.exe [2004-8-27 197752]
R2 ccProxy;Symantec Network Proxy;c:program filescommon filessymantec sharedccProxy.exe [2004-8-27 234616]
R2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSetMgr.exe [2004-8-27 164984]
R2 McDetect.exe;McAfee WSC Integration;c:program filesmcafee.comagentMcdetect.exe [2009-7-29 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:progra~1mcafee.comagentmctskshd.exe [2009-7-29 122368]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:program filesnorton internet securitynorton antivirusnavapsvc.exe [2004-8-29 176768]
R2 SAVRTPEL;SAVRTPEL;c:program filesnorton internet securitynorton antivirusSavrtpel.sys [2004-7-22 49808]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120040811.020NAVENG.SYS [2009-5-23 68168]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120040811.020NAVEX15.SYS [2009-5-23 617288]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-7-28 7408]
R3 SAVRT;SAVRT;c:program filesnorton internet securitynorton antivirussavrt.sys [2004-7-22 335504]
S2 gupdate1ca028c5759770;Google Update Service (gupdate1ca028c5759770);c:program filesgoogleupdateGoogleUpdate.exe [2009-7-11 133104]
S2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:progra~1mcafeemcafee~1msssrv.exe --> c:progra~1mcafeemcafee~1MssSrv.exe [?]
S2 SBService;ScriptBlocking Service;c:progra~1common~1symant~1script~1SBServ.exe [2004-8-30 66688]
S3 ccPwdSvc;Symantec Password Validation;c:program filescommon filessymantec sharedccPwdSvc.exe [2004-8-27 78968]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:progra~1mcafee.comagentmcupdmgr.exe [2009-5-23 245760]
S3 SAVScan;SAVScan;c:program filesnorton internet securitynorton antivirusSAVScan.exe [2004-7-22 197864]

=============== Created Last 30 ================

2009-08-02 22:12 <DIR> --d----- c:program filesTrend Micro
2009-08-02 20:45 4 a------- c:windowssystem32bincd32.dat
2009-08-02 20:28 64 a------- c:windowsppp4.dat
2009-08-02 20:28 36 a------- c:windowssystem32sysnet.dat
2009-08-02 20:28 9 a------- c:windowssystem32bennuar.old
2009-08-02 20:28 2 a------- c:windowsppp3.dat
2009-08-02 20:28 65,536 a------- c:windowssystem32desot.exe
2009-08-02 20:28 36 a------- c:windowssystem32sonhelp.htm
2009-08-02 20:27 <DIR> --d----- c:program filesWindows Antivirus Pro
2009-07-31 14:28 <DIR> --d----- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2009-07-31 14:27 <DIR> --d----- c:program filesSUPERAntiSpyware
2009-07-31 14:27 <DIR> --d----- c:docume~1ownerapplic~1SUPERAntiSpyware.com
2009-07-31 14:26 <DIR> --d----- c:program filescommon filesWise Installation Wizard
2009-07-30 16:46 <DIR> --d----- c:docume~1ownerapplic~1Malwarebytes
2009-07-30 16:46 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-07-30 16:46 19,096 a------- c:windowssystem32driversmbam.sys
2009-07-30 16:46 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-07-30 16:46 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-07-30 12:14 54,156 a---h--- c:windowsQTFont.qfn
2009-07-30 12:14 1,409 a------- c:windowsQTFont.for
2009-07-29 10:17 <DIR> --d-h--- C:$AVG8.VAULT$
2009-07-29 01:24 11,952 a------- c:windowssystem32avgrsstx.dll
2009-07-29 01:23 108,552 a------- c:windowssystem32driversavgtdix.sys
2009-07-29 01:23 335,752 a------- c:windowssystem32driversavgldx86.sys
2009-07-29 01:17 <DIR> --d----- c:windowssystem32driversAvg
2009-07-29 01:17 <DIR> --d----- c:docume~1alluse~1applic~1AVG Security Toolbar
2009-07-29 01:16 <DIR> --d----- c:program filesAVG
2009-07-29 01:16 <DIR> --d----- c:docume~1alluse~1applic~1avg8
2009-07-29 00:28 <DIR> --d----- c:docume~1ownerapplic~1AVG8
2009-07-28 20:12 19,293 a------- c:windowssystem32muworozig.exe
2009-07-28 20:12 19,204 a------- c:docume~1alluse~1applic~1abili.reg
2009-07-28 20:12 16,630 a------- c:program filescommon filesmahabyju.bat
2009-07-28 20:12 15,713 a------- c:windowsdevumycuf.bin
2009-07-28 20:12 15,464 a------- c:docume~1alluse~1applic~1qovypo.sys
2009-07-28 20:12 14,596 a------- c:windowsvexi.db
2009-07-28 20:12 14,524 a------- c:docume~1ownerapplic~1lyhahokite.bin
2009-07-28 20:12 14,232 a------- c:windowsequsuryxe.db
2009-07-28 20:12 12,498 a------- c:docume~1alluse~1applic~1yvycomu.bin
2009-07-28 20:12 10,896 a------- c:docume~1alluse~1applic~1nozikin.bat
2009-07-28 20:12 10,179 a------- c:windowssystem32etajuqa.bin
2009-07-28 20:04 19,855 a------- c:docume~1ownerapplic~1zilybodym.dat
2009-07-28 20:04 15,973 a------- c:windowssystem32imapaqoso.reg
2009-07-28 20:04 18,766 a------- c:windowsotoxurihiv.bat
2009-07-28 20:04 18,254 a------- c:windowssystem32ipigufofi.reg
2009-07-28 20:04 15,441 a------- c:docume~1ownerapplic~1ekejoveka.dat
2009-07-28 20:04 15,305 a------- c:docume~1ownerapplic~1ylojutigip.dat
2009-07-28 20:04 14,163 a------- c:windowsnelu.dll
2009-07-28 20:04 13,139 a------- c:windowssystem32noqison.bat
2009-07-28 20:04 12,425 a------- c:program filescommon filesvawixupali.vbs
2009-07-28 20:04 12,163 a------- c:program filescommon filesjatywe.vbs
2009-07-28 20:04 11,919 a------- c:windowsromu.dat
2009-07-28 20:04 10,507 a------- c:windowsorevefybyf.inf
2009-07-28 20:04 18,157 a------- c:windowsedixix.reg
2009-07-28 18:24 <DIR> --d----- c:docume~1ownerapplic~1Logs
2009-07-28 18:21 19,234 a------- c:docume~1alluse~1applic~1zumowyf.bin
2009-07-28 18:21 19,097 a------- c:windowszafoxyloq.inf
2009-07-28 18:21 17,524 a------- c:docume~1ownerapplic~1ehyto.bat
2009-07-28 18:21 17,272 a------- c:windowsylinu._sy
2009-07-28 18:21 17,182 a------- c:docume~1ownerapplic~1akafonawo.pif
2009-07-28 18:21 17,038 a------- c:windowsvatevy.db
2009-07-28 18:21 16,304 a------- c:windowsxyzevehes.dat
2009-07-28 18:21 15,622 a------- c:windowssystem32esobazisiw.bat
2009-07-28 18:21 15,450 a------- c:docume~1alluse~1applic~1enov.exe
2009-07-28 18:21 14,833 a------- c:windowssystem32unirasyx.bin
2009-07-28 18:21 14,324 a------- c:windowsasujyqura.lib
2009-07-28 18:21 14,204 a------- c:windowskabopo.db
2009-07-28 18:21 13,740 a------- c:docume~1ownerapplic~1osuw.dll
2009-07-28 18:21 13,715 a------- c:docume~1ownerapplic~1ezopejycy.vbs
2009-07-28 18:21 12,755 a------- c:windowsecukuge.ban
2009-07-28 18:21 12,342 a------- c:docume~1ownerapplic~1vadiraxih.bin
2009-07-28 18:21 11,382 a------- c:windowsagocujup.scr
2009-07-20 02:27 0 a------- c:windowsPCFriend.INI
2009-07-19 23:53 78,848 a------- c:windowssystem32INLOADER.DLL
2009-07-19 23:53 <DIR> --d----- c:program filesPCFriendly
2009-07-19 23:52 298,496 a------- c:windowsuninst.exe
2009-07-11 20:59 <DIR> --d----- c:program filesDivX
2009-07-11 20:59 <DIR> --d----- c:program filescommon filesDivX Shared

==================== Find3M ====================

2009-07-28 20:12 14,322 a------- c:program filescommon fileswaviq.ban
2009-07-28 20:12 12,914 a------- c:program filescommon filesimowu.lib
2009-07-28 20:04 18,453 a------- c:program filescommon filesehoc.ban
2009-07-28 20:04 17,239 a------- c:program filescommon filesywagehuju._sy
2009-07-28 20:04 14,819 a------- c:program filescommon filesvykumyheki._sy
2009-06-26 12:18 659,456 a------- c:windowssystem32wininet.dll
2009-06-26 12:18 81,920 a------- c:windowssystem32ieencode.dll
2009-06-16 10:55 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 10:55 82,432 a------- c:windowssystem32fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:windowssystem32quartz.dll
2009-05-13 17:56 129,784 -------- c:windowssystem32pxafs.dll
2009-05-13 17:56 120,056 -------- c:windowssystem32pxcpyi64.exe
2009-05-13 17:56 118,520 -------- c:windowssystem32pxinsi64.exe
2009-05-13 17:54 90,112 a------- c:windowssystem32dpl100.dll
2009-05-13 17:54 823,296 a------- c:windowssystem32divx_xx0c.dll
2009-05-13 17:54 823,296 a------- c:windowssystem32divx_xx07.dll
2009-05-13 17:54 815,104 a------- c:windowssystem32divx_xx0a.dll
2009-05-13 17:54 811,008 a------- c:windowssystem32divx_xx16.dll
2009-05-13 17:54 802,816 a------- c:windowssystem32divx_xx11.dll
2009-05-13 17:54 685,056 a------- c:windowssystem32DivX.dll
2009-05-07 11:44 344,064 a------- c:windowssystem32localspl.dll

============= FINISH: 0:00:35.79 ===============

I will now copy and paste my old topic in a reply to give more information about the problem

My post in earlier board explaining problem:
Hi I am roversgate (or rover if you prefer to call me), I noticed this forum when I typed in "searches being redirected" in a google search but reading some of the responses and trying some of the things out have not worked for me and I thought I should make an account here and get some advice on what to do.

My computer is infected with a whole bunch of problems:
1) google searches are being redirected on both firefox and internet explorer (IE is default though firefox is used 99% of the time)
2) Rogue version of Home Antivirus 2010 was continuously annoying me
3) Rogue version of Pro Antivirus was also annoying me

What I have done:
1) Firstly, since my antivirus software seems to have expired I searched for a free one and downloaded AVG (everything is checked on except identity theft). I scanned the computer with this but it isn't working very well. In fact if I hadn't seen so many people recommend it to on these forums, I would have removed it by now.
2) Then, realizing that some of my problems might be due to malware I downloaded malwarebytes having used it successfully on a different computer. I scanned the computer with a full scan and managed to delete the rogue home antivirus 2010 as well as some adware tracking cookies
3) The google redirecting problem still hadn't gone so I checked these forums and downloaded Superanti-spyware and did a deep scan and managed to delete a lot of threats and some more tracking cookies. At this point I thought everything was fixed and stopped bothering with checking the computer.

Then, the Pro Antivirus spyware thing affected me computer and I noticed I was still getting redirected from searches (despite having a temporary solution with SuperAnti-Spyware). I couldn't open anything except IE so I managed to check how to get onto safe mode and ran SuperAnti-Spyware on safe mode and deleted the spyware as well as tracking cookies. I have been going only to legitimate websites (company websites) and websites that I normally frequent so the chance of getting this spyware seems to be the redirecting from google links. I was wondering therefore if anyone could give me a permanent solution to this problem.

I have downloaded the free version of everything I mentioned in my earlier post. The AVG is an Anti-Virus Free 8.5 version. I also have the logs from the three scans I did of malwarebytes:

Malwarebytes' Anti-Malware 1.39
Database version: 2531
Windows 5.1.2600 Service Pack 2

7/30/2009 5:38:06 PM
mbam-log-2009-07-30 (17-38-06).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 135753
Time elapsed: 47 minute(s), 30 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 28

Memory Processes Infected:
C:WINDOWSsystem32braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOTxml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTxml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTTypelib{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREXML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMonopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWARENordBull (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunbraviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl Paneldon't loadscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERControl Paneldon't loadwscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunMonopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterAntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterFirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:program filesHomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:WINDOWSsystem32braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:documents and settingsOwnerlocal settingstemporary internet filesContent.IE5QXAFW5IRInstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:program fileshomeantivirus2010htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP54A0011549.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP54A0012549.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP54A0012550.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012551.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012552.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012553.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012554.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012555.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP57A0012556.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP58A0012557.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP58A0012558.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP58A0013557.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:system volume information_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}RP58A0013558.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:WINDOWSbraviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:WINDOWScru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:WINDOWSmsa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:WINDOWSsystem32cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:WINDOWSsystem32wisdstr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:program fileshomeantivirus2010AVEngn.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
c:program fileshomeantivirus2010HomeAntivirus2010.cfg (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
c:program fileshomeantivirus2010pthreadVC2.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:WINDOWSsystem32driversbeep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:WINDOWSTasks{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:WINDOWSTasks{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

SECOND SCAN:

Malwarebytes' Anti-Malware 1.39
Database version: 2531
Windows 5.1.2600 Service Pack 2

7/31/2009 2:31:13 PM
mbam-log-2009-07-31 (14-31-13).txt

Scan type: Quick Scan
Objects scanned: 87109
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

THIRD SCAN:

Malwarebytes' Anti-Malware 1.39
Database version: 2531
Windows 5.1.2600 Service Pack 2

8/2/2009 10:14:10 PM
mbam-log-2009-08-02 (22-14-10).txt

Scan type: Full Scan (C:|D:|E:|)
Objects scanned: 49529
Time elapsed: 23 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOTexefileshellopencommand(default) (Broken.OpenCommand) -> Bad: (C:WINDOWSsystem32desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

THE AVG SCAN:
I found 113 warnings with that scan on 7/31/2009 at 3:32pm

all the warnings began with "C:Documents and SettingsOwnerApplication DataMozillaFirefoxProfilesx1w4jdet.defaultcookies.sqlite";"Found ";"Potentially dangerous object"

Link to earlier board is here:
http://www.bleepingcomputer.com/forums/ind...p;#entry1367417

let me know if there is any other information required of me.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 03 August 2009 - 01:50 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 03 August 2009 - 06:15 AM

Hello roversgate,

Posted Image

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 05 August 2009 - 10:35 AM

Sorry for the late reply but I did not have access to my computer till today. I did a combofix search and was very disturbed by the results. Here is the log:
ComboFix 09-08-04.03 - Owner 08/05/2009 11:08.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.225 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\beme.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\cabep.lib
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\hawec.db
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\hisir.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\izylyryh.pif
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ozote.ban
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\rekewuqel.sys
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\rymu._dl
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\tefapemu.reg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ubyroz.lib
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ybac.vbs
c:\recycler\S-1-5-21-502405685-2130572299-1496291890-1003
c:\windows\system32\drivers\vsfocekkcbbqqo.sys
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\vsfoceqrsvicmh.dat
c:\windows\system32\vsfocerpewqyrl.dat
c:\windows\system32\vsfocetlpfbuhn.dll
c:\windows\system32\vsfocexnaqkovv.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_vsfocekagnqbwg


((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 14:43 . 2009-08-05 14:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-08-03 02:12 . 2009-08-03 02:12 -------- d-----w- c:\program files\Trend Micro
2009-08-03 01:37 . 2009-08-03 01:37 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\AVG Security Toolbar
2009-08-03 01:22 . 2009-08-03 01:22 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\Mozilla
2009-08-03 01:09 . 2009-08-03 01:10 117760 ----a-w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-03 01:09 . 2009-08-03 01:09 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com
2009-08-03 00:45 . 2009-08-03 01:04 4 ----a-w- c:\windows\system32\bincd32.dat
2009-08-03 00:28 . 2009-08-03 01:05 64 ----a-w- c:\windows\ppp4.dat
2009-08-03 00:28 . 2009-08-03 01:05 2 ----a-w- c:\windows\ppp3.dat
2009-08-03 00:28 . 2009-08-03 00:28 36 ----a-w- c:\windows\system32\sysnet.dat
2009-08-03 00:28 . 2009-08-03 01:05 65536 ----a-w- c:\windows\system32\desot.exe
2009-08-03 00:27 . 2009-08-03 00:29 -------- d-----w- c:\program files\Windows Antivirus Pro
2009-07-31 18:29 . 2009-08-05 15:18 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-31 18:28 . 2009-07-31 18:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-31 18:27 . 2009-07-31 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-31 18:27 . 2009-07-31 18:27 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-07-31 18:26 . 2009-07-31 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 14:17 . 2009-07-31 16:05 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-29 14:05 . 2009-07-29 14:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-29 05:24 . 2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 05:23 . 2009-07-29 05:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-29 05:23 . 2009-07-29 05:23 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 05:23 . 2009-07-29 05:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 05:17 . 2009-08-05 13:51 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-29 05:17 . 2009-07-29 05:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-29 05:16 . 2009-07-29 05:16 -------- d-----w- c:\program files\AVG
2009-07-29 05:16 . 2009-08-05 14:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-29 04:28 . 2009-07-29 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-29 04:17 . 2009-07-29 13:44 -------- d-----w- c:\program files\Windows Defender
2009-07-29 00:12 . 2009-07-29 00:12 19293 ----a-w- c:\windows\system32\muworozig.exe
2009-07-29 00:12 . 2009-07-29 00:12 16630 ----a-w- c:\program files\Common Files\mahabyju.bat
2009-07-29 00:12 . 2009-07-29 00:12 15713 ----a-w- c:\windows\devumycuf.bin
2009-07-29 00:12 . 2009-07-29 00:12 10670 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\basinohity.scr
2009-07-29 00:12 . 2009-07-29 00:12 10179 ----a-w- c:\windows\system32\etajuqa.bin
2009-07-29 00:04 . 2009-07-29 00:04 19139 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\myxo.reg
2009-07-29 00:04 . 2009-07-29 00:04 15973 ----a-w- c:\windows\system32\imapaqoso.reg
2009-07-29 00:04 . 2009-07-29 00:04 14509 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\sosubuzuqo.sys
2009-07-29 00:04 . 2009-07-29 00:04 18766 ----a-w- c:\windows\otoxurihiv.bat
2009-07-29 00:04 . 2009-07-29 00:04 18254 ----a-w- c:\windows\system32\ipigufofi.reg
2009-07-29 00:04 . 2009-07-29 00:04 14163 ----a-w- c:\windows\nelu.dll
2009-07-29 00:04 . 2009-07-29 00:04 13139 ----a-w- c:\windows\system32\noqison.bat
2009-07-29 00:04 . 2009-07-29 00:04 12425 ----a-w- c:\program files\Common Files\vawixupali.vbs
2009-07-29 00:04 . 2009-07-29 00:04 12163 ----a-w- c:\program files\Common Files\jatywe.vbs
2009-07-29 00:04 . 2009-07-29 00:04 11919 ----a-w- c:\windows\romu.dat
2009-07-29 00:04 . 2009-07-29 00:04 18157 ----a-w- c:\windows\edixix.reg
2009-07-28 22:24 . 2009-07-28 22:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Logs
2009-07-28 22:21 . 2009-07-28 22:21 17524 ----a-w- c:\documents and settings\Owner\Application Data\ehyto.bat
2009-07-28 22:21 . 2009-07-28 22:21 17182 ----a-w- c:\documents and settings\Owner\Application Data\akafonawo.pif
2009-07-28 22:21 . 2009-07-28 22:21 16304 ----a-w- c:\windows\xyzevehes.dat
2009-07-28 22:21 . 2009-07-28 22:21 15622 ----a-w- c:\windows\system32\esobazisiw.bat
2009-07-28 22:21 . 2009-07-28 22:21 14833 ----a-w- c:\windows\system32\unirasyx.bin
2009-07-28 22:21 . 2009-07-28 22:21 13740 ----a-w- c:\documents and settings\Owner\Application Data\osuw.dll
2009-07-28 22:21 . 2009-07-28 22:21 11382 ----a-w- c:\windows\agocujup.scr
2009-07-28 22:21 . 2009-07-28 22:21 11154 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\inihesulid.bin
2009-07-20 03:53 . 1996-10-15 18:40 78848 ----a-w- c:\windows\system32\INLOADER.DLL
2009-07-20 03:53 . 2009-07-20 03:54 -------- d-----w- c:\program files\PCFriendly
2009-07-20 03:52 . 1996-10-15 22:01 298496 ----a-w- c:\windows\uninst.exe
2009-07-19 21:51 . 2009-08-05 15:18 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-19 05:38 . 2009-07-19 05:38 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-07-17 20:17 . 2009-08-02 20:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-13 14:13 . 2009-07-13 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 01:00 -------- d-----w- c:\program files\DivX
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 15:20 . 2009-05-24 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-07-29 22:56 . 2009-05-23 20:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee.com
2009-07-29 18:44 . 2009-05-23 20:43 -------- d-----w- c:\program files\McAfee
2009-07-29 18:43 . 2009-05-23 20:43 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-29 18:43 . 2009-05-23 20:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-29 13:44 . 2009-05-23 20:17 -------- d-----w- c:\program files\Google
2009-07-29 00:12 . 2009-07-29 00:12 19204 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\abili.reg
2009-07-29 00:12 . 2009-07-29 00:12 15464 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\qovypo.sys
2009-07-29 00:12 . 2009-07-29 00:12 14524 ----a-w- c:\documents and settings\Owner\Application Data\lyhahokite.bin
2009-07-29 00:12 . 2009-07-29 00:12 14322 ----a-w- c:\program files\Common Files\waviq.ban
2009-07-29 00:12 . 2009-07-29 00:12 12914 ----a-w- c:\program files\Common Files\imowu.lib
2009-07-29 00:12 . 2009-07-29 00:12 12498 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\yvycomu.bin
2009-07-29 00:12 . 2009-07-29 00:12 10896 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\nozikin.bat
2009-07-29 00:04 . 2009-07-29 00:04 19855 ----a-w- c:\documents and settings\Owner\Application Data\zilybodym.dat
2009-07-29 00:04 . 2009-07-29 00:04 18453 ----a-w- c:\program files\Common Files\ehoc.ban
2009-07-29 00:04 . 2009-07-29 00:04 17239 ----a-w- c:\program files\Common Files\ywagehuju._sy
2009-07-29 00:04 . 2009-07-29 00:04 15441 ----a-w- c:\documents and settings\Owner\Application Data\ekejoveka.dat
2009-07-29 00:04 . 2009-07-29 00:04 15305 ----a-w- c:\documents and settings\Owner\Application Data\ylojutigip.dat
2009-07-29 00:04 . 2009-07-29 00:04 14819 ----a-w- c:\program files\Common Files\vykumyheki._sy
2009-07-28 22:21 . 2009-07-28 22:21 19234 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\zumowyf.bin
2009-07-28 22:21 . 2009-07-28 22:21 15450 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\enov.exe
2009-07-28 22:21 . 2009-07-28 22:21 13715 ----a-w- c:\documents and settings\Owner\Application Data\ezopejycy.vbs
2009-07-28 22:21 . 2009-07-28 22:21 12342 ----a-w- c:\documents and settings\Owner\Application Data\vadiraxih.bin
2009-06-26 16:18 . 2009-05-23 19:48 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2009-05-23 19:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 14:03 . 2009-06-23 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee
2009-06-16 14:55 . 2009-05-23 19:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2009-05-23 19:44 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 23:47 . 2009-06-14 23:39 -------- d-----w- c:\program files\SPSSEVAL
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-03 19:27 . 2009-05-23 19:47 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:55 . 2009-05-26 23:55 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-23 20:35 . 2009-08-03 01:07 10134 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-08-03 01:07 49152 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-05-23 20:35 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 20:35 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:31 . 2009-05-23 20:31 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-23 20:30 . 2009-05-23 20:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-23 20:28 . 2009-05-23 20:28 4 ----a-w- c:\windows\Pix11.dat
2009-05-13 21:56 . 2009-07-12 01:00 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2004-11-11 00:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2004-11-11 00:27 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 01:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 01:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 01:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:44 . 2009-05-23 19:46 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Skype"="c:\documents and settings\Owner\Desktop\Skype.exe" [2006-06-12 20002856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 33936]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"HostManager"="c:\program files\Common Files\AOL\1243110623\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-23 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 1948440]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2009-5-23 1742384]
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-5-23 729088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1243110623\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2009 1:23 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2009 1:23 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/29/2009 1:16 AM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S2 gupdate1ca028c5759770;Google Update Service (gupdate1ca028c5759770);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 8:59 PM 133104]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-_AntiSpyware - c:\progra~1\mcafee\MCAFEE~1\MssCli.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\x1w4jdet.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 11:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\COMMON~1\AOL\124311~1\EE\AOLServiceHost.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2009-08-05 11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 15:25

Pre-Run: 7,768,076,288 bytes free
Post-Run: 8,022,224,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

327 --- E O F --- 2009-07-31 19:55

NOTE:
- It says that AVG Anti-Virus was on despite me disabling the anti-virus using the information I found on another board on this forum
- It also says that Norton Internet Security was on but when I clicked on it, it was asking for a subscription and I have never used this security before so I don't think I have activated it.
- I also did a search on rootkits and was very disturbed by what it does and I am hoping to not only delete all activity but find out how it ended up on my computer in the first place
- The program also told me to note down some file names:
C:\WINDOWS\system32\drivers\vsfocekkcbbqqo.sys
C:\WINDOWS\system32\vsfocexnaqkovv.dll
C:\WINDOWS\system32\vsfocerpewqyrl.dat
C:\WINDOWS\system32\vsfocetlpfbuhn.dll
C:\WINDOWS\system32\vsfoceqrsvicmh.dat

I have not touched the above files and I am waiting for your reply to take any more action.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 05 August 2009 - 01:51 PM

Hello,

You don't have to do anything. :) ComboFix already deleted those rootkit files for you. :thumbup2: The more bothersome thing is that there are still a whole lot of bad files on your system. I see you have Malwarebytes already. Please make sure it is fully updated and have a scan with it for me. Post the report in your reply and we'll go from there. :)

If you have no intention of using the Norton, then please do get rid of it all together :

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008/2009 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 05 August 2009 - 02:40 PM

Wow thanks for the quick replies:
Ok I deleted Norton and it has successfully uninstalled all Norton products on my computer. I am presently running a full scan using Malwarebytes and will post the log in my next post. Though I have a couple of questions:
1) Do you know how I managed to get rootkit on my computer? I have been visiting only official company websites and it just seems weird
2) I have a lot of softwares that I downloaded in the process of removing this malware and would like your opinion on what to keep and what to delete:
McAfee Security Center, AVG Free 8.5, Malwarebytes Anti-Malware, SuperAntiSpyware (which seems to be my favorite), HijackThis, dds, ComboFix and Registry Mechanic (don't know what this is)
3) Lastly, considering that Rootkit seems to compromize my computer is there anything else I should do? I have not accessed any banks or any other passwords (except email) since the infection has happened and there is no saved passwords for these sites so I think I am relatively safe where that is concerned.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 05 August 2009 - 03:18 PM

Hi there,

You're welcome. :cool:

I have a lot of softwares that I downloaded in the process of removing this malware and would like your opinion on what to keep and what to delete:
McAfee Security Center, AVG Free 8.5, Malwarebytes Anti-Malware, SuperAntiSpyware (which seems to be my favorite), HijackThis, dds, ComboFix and Registry Mechanic (don't know what this is)


McAfee Security Center <----NO...off with it's head! If you have it installed :

Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 and newer versions of McAfee consumer products.
  • McAfee Security Center
  • McAfee VirusScan
  • McAfee Personal Firewall Plus
  • McAfee Privacy Service
  • McAfee SpamKiller
  • McAfee Wireless Network Security
  • McAfee SiteAdvisor
  • McAfee Data Backup
  • McAfee Network Manager
  • McAfee Easy Network
  • McAfee AntiSpyware
Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe
  • Click Save and save the file to any folder on the computer.
  • Navigate to the folder where the file is saved.
  • Double-click MCPR.exe.
  • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
    Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
    After the second window appears, the program will begin the cleanup.
  • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
    The machine must reboot to complete the un-installation. Reboot now? [y.n]
  • Press Y on the keyboard.
  • Wait for the computer to restart.
All McAfee products are now removed from your computer.
These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302

Keep AVG. :thumbup2:
Malwarebytes Anti-Malware, SuperAntiSpyware <-----either one. If you want to keep both, then make sure the other one is disabled and only one is running any real time protection. Use the other for on demand scans like the one you're running now.
HijackThis <----- yes, keep it. If you get in a jam in the future and cannot download anything, then you'll at least have a starting point to get help. :)
dds <------Up to you really. This is diagnostic only.
ComboFix <-----no. It is updated frequently and will not work properly once it becomes outdated. There is a lot more to it than meets the eye and you really could kill your computer with it. We'll take care of it properly when we're done with it here. No need to do anything right now. :)
Registry Mechanic <-----NO....delete it. Registry cleaners are dangerous and you could kill your system just by letting it auto delete what it finds.

If you're on a network it could have come from another computer. If not, then even legit websites can be injected and infected. Malware writers are mean and nasty and will do anything to anyone to make a buck. :) You could have clicked on an innocent looking link in an e-mail......so this could have come from many places.

Post when you're ready. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 05 August 2009 - 03:58 PM

I will take your advice and delete McAfee as well as SuperAntiSpyware and the Registery Mechanic after I come back. Those programs are disabled anyways right now and I can work towards removing them tonight. I have the Malawarebytes log:
Malwarebytes' Anti-Malware 1.39
Database version: 2531
Windows 5.1.2600 Service Pack 2

8/5/2009 4:56:03 PM
mbam-log-2009-08-05 (16-56-02).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 152888
Time elapsed: 1 hour(s), 21 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\windows antivirus pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\vsfocetlpfbuhn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP61\A0013560.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\desot.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

I thought I had got rid of antivirus pro but I guess not. What should I do next?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 05 August 2009 - 04:07 PM

Hello,

Excellent, thanks. :thumbup2: Since MBAM got rid of so much, I'll ask that you have another general run with ComboFix and post the report. Then I'll fix you a special script to get rid of the rest of all those bad files with ComboFix.

How is it running?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 August 2009 - 09:45 AM

Ok I managed to delete all McAfee files which is a good thing because they were getting to be really annoying. The only annoying thing left now is the Windows Security Alerts/Center. I also managed to uninstall Registry Mechanic but it gave me a file name and asked me if I want to delete that file:
C:\WINDOWS\system32\STKIT432.DLL. It recommended I don't in case it halts or affects other programs running on my computer so I was waiting on your opinion before I deleted it. I have removed SuperAnti-Spyware as it appears to slow down my computer more than Malwarebytes while doing a scan and both seem equally effective. Here is the ComboFix log you asked for:
ComboFix 09-08-04.03 - Owner 08/06/2009 10:28.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.183 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 19:29 . 2009-08-05 19:29 35152 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 02:12 . 2009-08-03 02:12 -------- d-----w- c:\program files\Trend Micro
2009-08-03 01:37 . 2009-08-03 01:37 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\AVG Security Toolbar
2009-08-03 01:22 . 2009-08-03 01:22 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\Mozilla
2009-08-03 01:09 . 2009-08-03 01:10 117760 ----a-w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-03 01:09 . 2009-08-03 01:09 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com
2009-08-03 00:45 . 2009-08-03 01:04 4 ----a-w- c:\windows\system32\bincd32.dat
2009-07-31 18:28 . 2009-07-31 18:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-31 18:27 . 2009-08-06 14:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-31 18:27 . 2009-08-06 14:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 14:17 . 2009-08-05 20:42 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-29 14:05 . 2009-07-29 14:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-29 05:24 . 2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 05:23 . 2009-07-29 05:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-29 05:23 . 2009-07-29 05:23 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 05:23 . 2009-07-29 05:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 05:17 . 2009-08-06 14:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-29 05:17 . 2009-07-29 05:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-29 05:16 . 2009-07-29 05:16 -------- d-----w- c:\program files\AVG
2009-07-29 05:16 . 2009-08-05 14:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-29 04:28 . 2009-07-29 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-29 04:17 . 2009-07-29 13:44 -------- d-----w- c:\program files\Windows Defender
2009-07-29 00:12 . 2009-07-29 00:12 19293 ----a-w- c:\windows\system32\muworozig.exe
2009-07-29 00:12 . 2009-07-29 00:12 16630 ----a-w- c:\program files\Common Files\mahabyju.bat
2009-07-29 00:12 . 2009-07-29 00:12 15713 ----a-w- c:\windows\devumycuf.bin
2009-07-29 00:12 . 2009-07-29 00:12 10670 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\basinohity.scr
2009-07-29 00:12 . 2009-07-29 00:12 10179 ----a-w- c:\windows\system32\etajuqa.bin
2009-07-29 00:04 . 2009-07-29 00:04 19139 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\myxo.reg
2009-07-29 00:04 . 2009-07-29 00:04 15973 ----a-w- c:\windows\system32\imapaqoso.reg
2009-07-29 00:04 . 2009-07-29 00:04 14509 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\sosubuzuqo.sys
2009-07-29 00:04 . 2009-07-29 00:04 18766 ----a-w- c:\windows\otoxurihiv.bat
2009-07-29 00:04 . 2009-07-29 00:04 18254 ----a-w- c:\windows\system32\ipigufofi.reg
2009-07-29 00:04 . 2009-07-29 00:04 14163 ----a-w- c:\windows\nelu.dll
2009-07-29 00:04 . 2009-07-29 00:04 13139 ----a-w- c:\windows\system32\noqison.bat
2009-07-29 00:04 . 2009-07-29 00:04 12425 ----a-w- c:\program files\Common Files\vawixupali.vbs
2009-07-29 00:04 . 2009-07-29 00:04 12163 ----a-w- c:\program files\Common Files\jatywe.vbs
2009-07-29 00:04 . 2009-07-29 00:04 11919 ----a-w- c:\windows\romu.dat
2009-07-29 00:04 . 2009-07-29 00:04 18157 ----a-w- c:\windows\edixix.reg
2009-07-28 22:24 . 2009-07-28 22:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Logs
2009-07-28 22:21 . 2009-07-28 22:21 17524 ----a-w- c:\documents and settings\Owner\Application Data\ehyto.bat
2009-07-28 22:21 . 2009-07-28 22:21 17182 ----a-w- c:\documents and settings\Owner\Application Data\akafonawo.pif
2009-07-28 22:21 . 2009-07-28 22:21 16304 ----a-w- c:\windows\xyzevehes.dat
2009-07-28 22:21 . 2009-07-28 22:21 15622 ----a-w- c:\windows\system32\esobazisiw.bat
2009-07-28 22:21 . 2009-07-28 22:21 14833 ----a-w- c:\windows\system32\unirasyx.bin
2009-07-28 22:21 . 2009-07-28 22:21 13740 ----a-w- c:\documents and settings\Owner\Application Data\osuw.dll
2009-07-28 22:21 . 2009-07-28 22:21 11382 ----a-w- c:\windows\agocujup.scr
2009-07-28 22:21 . 2009-07-28 22:21 11154 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\inihesulid.bin
2009-07-20 03:53 . 1996-10-15 18:40 78848 ----a-w- c:\windows\system32\INLOADER.DLL
2009-07-20 03:53 . 2009-07-20 03:54 -------- d-----w- c:\program files\PCFriendly
2009-07-20 03:52 . 1996-10-15 22:01 298496 ----a-w- c:\windows\uninst.exe
2009-07-19 21:51 . 2009-08-06 14:06 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-19 05:38 . 2009-07-19 05:38 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-07-17 20:17 . 2009-08-02 20:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-13 14:13 . 2009-07-13 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 01:00 -------- d-----w- c:\program files\DivX
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 14:18 . 2009-05-24 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-07-29 13:44 . 2009-05-23 20:17 -------- d-----w- c:\program files\Google
2009-07-29 00:12 . 2009-07-29 00:12 19204 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\abili.reg
2009-07-29 00:12 . 2009-07-29 00:12 15464 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\qovypo.sys
2009-07-29 00:12 . 2009-07-29 00:12 14524 ----a-w- c:\documents and settings\Owner\Application Data\lyhahokite.bin
2009-07-29 00:12 . 2009-07-29 00:12 14322 ----a-w- c:\program files\Common Files\waviq.ban
2009-07-29 00:12 . 2009-07-29 00:12 12914 ----a-w- c:\program files\Common Files\imowu.lib
2009-07-29 00:12 . 2009-07-29 00:12 12498 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\yvycomu.bin
2009-07-29 00:12 . 2009-07-29 00:12 10896 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\nozikin.bat
2009-07-29 00:04 . 2009-07-29 00:04 19855 ----a-w- c:\documents and settings\Owner\Application Data\zilybodym.dat
2009-07-29 00:04 . 2009-07-29 00:04 18453 ----a-w- c:\program files\Common Files\ehoc.ban
2009-07-29 00:04 . 2009-07-29 00:04 17239 ----a-w- c:\program files\Common Files\ywagehuju._sy
2009-07-29 00:04 . 2009-07-29 00:04 15441 ----a-w- c:\documents and settings\Owner\Application Data\ekejoveka.dat
2009-07-29 00:04 . 2009-07-29 00:04 15305 ----a-w- c:\documents and settings\Owner\Application Data\ylojutigip.dat
2009-07-29 00:04 . 2009-07-29 00:04 14819 ----a-w- c:\program files\Common Files\vykumyheki._sy
2009-07-28 22:21 . 2009-07-28 22:21 19234 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\zumowyf.bin
2009-07-28 22:21 . 2009-07-28 22:21 15450 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\enov.exe
2009-07-28 22:21 . 2009-07-28 22:21 13715 ----a-w- c:\documents and settings\Owner\Application Data\ezopejycy.vbs
2009-07-28 22:21 . 2009-07-28 22:21 12342 ----a-w- c:\documents and settings\Owner\Application Data\vadiraxih.bin
2009-06-26 16:18 . 2009-05-23 19:48 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2009-05-23 19:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2009-05-23 19:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2009-05-23 19:44 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 23:47 . 2009-06-14 23:39 -------- d-----w- c:\program files\SPSSEVAL
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-03 19:27 . 2009-05-23 19:47 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:55 . 2009-05-26 23:55 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-23 20:35 . 2009-08-03 01:07 10134 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-08-03 01:07 49152 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-05-23 20:35 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 20:35 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:31 . 2009-05-23 20:31 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-23 20:30 . 2009-05-23 20:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-23 20:28 . 2009-05-23 20:28 4 ----a-w- c:\windows\Pix11.dat
2009-05-13 21:56 . 2009-07-12 01:00 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2004-11-11 00:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2004-11-11 00:27 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 01:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 01:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 01:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Skype"="c:\documents and settings\Owner\Desktop\Skype.exe" [2006-06-12 20002856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"HostManager"="c:\program files\Common Files\AOL\1243110623\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-23 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 1948440]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2009-5-23 1742384]
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-5-23 729088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1243110623\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2009 1:23 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2009 1:23 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/29/2009 1:16 AM 298776]
S2 gupdate1ca028c5759770;Google Update Service (gupdate1ca028c5759770);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 8:59 PM 133104]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\x1w4jdet.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 10:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2108)
c:\windows\system32\msi.dll
.
Completion time: 2009-08-06 10:36
ComboFix-quarantined-files.txt 2009-08-06 14:36
ComboFix2.txt 2009-08-05 15:25

Pre-Run: 8,122,966,016 bytes free
Post-Run: 8,101,191,680 bytes free

242 --- E O F --- 2009-07-31 19:55

Regarding your question, my computer is running considerably faster and firefox is opening and reaching the home page within seconds as opposed to the minute plus it used to take in the last few days. :thumbup2:

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 06 August 2009 - 12:05 PM

Hello,

That file is all right to leave. :)

Glad it's running better. :thumbup2:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
c:\documents and settings\Owner\Local Settings\Application Data\inihesulid.bin
c:\windows\system32\muworozig.exe
c:\program files\Common Files\mahabyju.bat
c:\windows\devumycuf.bin
c:\documents and settings\Owner\Local Settings\Application Data\basinohity.scr
c:\windows\system32\etajuqa.bin
c:\documents and settings\Owner\Local Settings\Application Data\myxo.reg
c:\windows\system32\imapaqoso.reg
c:\documents and settings\Owner\Local Settings\Application Data\sosubuzuqo.sys
c:\windows\otoxurihiv.bat
c:\windows\system32\ipigufofi.reg
c:\windows\nelu.dll
c:\windows\system32\noqison.bat
c:\program files\Common Files\vawixupali.vbs
c:\program files\Common Files\jatywe.vbs
c:\windows\romu.dat
c:\windows\edixix.reg
c:\documents and settings\Owner\Application Data\ehyto.bat
c:\documents and settings\Owner\Application Data\akafonawo.pif
c:\windows\xyzevehes.dat
c:\windows\system32\esobazisiw.bat
c:\windows\system32\unirasyx.bin
c:\documents and settings\Owner\Application Data\osuw.dll
c:\windows\agocujup.scr
c:\docume~1\ALLUSE~1\APPLIC~1\abili.reg
c:\docume~1\ALLUSE~1\APPLIC~1\qovypo.sys
c:\documents and settings\Owner\Application Data\lyhahokite.bin
c:\program files\Common Files\waviq.ban
c:\program files\Common Files\imowu.lib
c:\docume~1\ALLUSE~1\APPLIC~1\yvycomu.bin
c:\docume~1\ALLUSE~1\APPLIC~1\nozikin.bat
c:\documents and settings\Owner\Application Data\zilybodym.dat
c:\program files\Common Files\ehoc.ban
c:\program files\Common Files\ywagehuju._sy
c:\documents and settings\Owner\Application Data\ekejoveka.dat
c:\documents and settings\Owner\Application Data\ylojutigip.dat
c:\program files\Common Files\vykumyheki._sy
c:\docume~1\ALLUSE~1\APPLIC~1\zumowyf.bin
c:\docume~1\ALLUSE~1\APPLIC~1\enov.exe
c:\documents and settings\Owner\Application Data\ezopejycy.vbs
c:\documents and settings\Owner\Application Data\vadiraxih.bin


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 August 2009 - 12:52 PM

I did as you asked:
Combofix log (did not ask to reboot):
ComboFix 09-08-04.03 - Owner 08/06/2009 13:40.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.201 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\docume~1\ALLUSE~1\APPLIC~1\abili.reg"
"c:\docume~1\ALLUSE~1\APPLIC~1\enov.exe"
"c:\docume~1\ALLUSE~1\APPLIC~1\nozikin.bat"
"c:\docume~1\ALLUSE~1\APPLIC~1\qovypo.sys"
"c:\docume~1\ALLUSE~1\APPLIC~1\yvycomu.bin"
"c:\docume~1\ALLUSE~1\APPLIC~1\zumowyf.bin"
"c:\documents and settings\Owner\Application Data\akafonawo.pif"
"c:\documents and settings\Owner\Application Data\ehyto.bat"
"c:\documents and settings\Owner\Application Data\ekejoveka.dat"
"c:\documents and settings\Owner\Application Data\ezopejycy.vbs"
"c:\documents and settings\Owner\Application Data\lyhahokite.bin"
"c:\documents and settings\Owner\Application Data\osuw.dll"
"c:\documents and settings\Owner\Application Data\vadiraxih.bin"
"c:\documents and settings\Owner\Application Data\ylojutigip.dat"
"c:\documents and settings\Owner\Application Data\zilybodym.dat"
"c:\documents and settings\Owner\Local Settings\Application Data\basinohity.scr"
"c:\documents and settings\Owner\Local Settings\Application Data\inihesulid.bin"
"c:\documents and settings\Owner\Local Settings\Application Data\myxo.reg"
"c:\documents and settings\Owner\Local Settings\Application Data\sosubuzuqo.sys"
"c:\program files\Common Files\ehoc.ban"
"c:\program files\Common Files\imowu.lib"
"c:\program files\Common Files\jatywe.vbs"
"c:\program files\Common Files\mahabyju.bat"
"c:\program files\Common Files\vawixupali.vbs"
"c:\program files\Common Files\vykumyheki._sy"
"c:\program files\Common Files\waviq.ban"
"c:\program files\Common Files\ywagehuju._sy"
"c:\windows\agocujup.scr"
"c:\windows\devumycuf.bin"
"c:\windows\edixix.reg"
"c:\windows\nelu.dll"
"c:\windows\otoxurihiv.bat"
"c:\windows\romu.dat"
"c:\windows\system32\esobazisiw.bat"
"c:\windows\system32\etajuqa.bin"
"c:\windows\system32\imapaqoso.reg"
"c:\windows\system32\ipigufofi.reg"
"c:\windows\system32\muworozig.exe"
"c:\windows\system32\noqison.bat"
"c:\windows\system32\unirasyx.bin"
"c:\windows\xyzevehes.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\abili.reg
c:\docume~1\ALLUSE~1\APPLIC~1\enov.exe
c:\docume~1\ALLUSE~1\APPLIC~1\nozikin.bat
c:\docume~1\ALLUSE~1\APPLIC~1\qovypo.sys
c:\docume~1\ALLUSE~1\APPLIC~1\yvycomu.bin
c:\docume~1\ALLUSE~1\APPLIC~1\zumowyf.bin
c:\documents and settings\Owner\Application Data\akafonawo.pif
c:\documents and settings\Owner\Application Data\ehyto.bat
c:\documents and settings\Owner\Application Data\ekejoveka.dat
c:\documents and settings\Owner\Application Data\ezopejycy.vbs
c:\documents and settings\Owner\Application Data\lyhahokite.bin
c:\documents and settings\Owner\Application Data\osuw.dll
c:\documents and settings\Owner\Application Data\vadiraxih.bin
c:\documents and settings\Owner\Application Data\ylojutigip.dat
c:\documents and settings\Owner\Application Data\zilybodym.dat
c:\documents and settings\Owner\Local Settings\Application Data\basinohity.scr
c:\documents and settings\Owner\Local Settings\Application Data\inihesulid.bin
c:\documents and settings\Owner\Local Settings\Application Data\myxo.reg
c:\documents and settings\Owner\Local Settings\Application Data\sosubuzuqo.sys
c:\program files\Common Files\ehoc.ban
c:\program files\Common Files\imowu.lib
c:\program files\Common Files\jatywe.vbs
c:\program files\Common Files\mahabyju.bat
c:\program files\Common Files\vawixupali.vbs
c:\program files\Common Files\vykumyheki._sy
c:\program files\Common Files\waviq.ban
c:\program files\Common Files\ywagehuju._sy
c:\windows\agocujup.scr
c:\windows\devumycuf.bin
c:\windows\edixix.reg
c:\windows\nelu.dll
c:\windows\otoxurihiv.bat
c:\windows\romu.dat
c:\windows\system32\esobazisiw.bat
c:\windows\system32\etajuqa.bin
c:\windows\system32\imapaqoso.reg
c:\windows\system32\ipigufofi.reg
c:\windows\system32\muworozig.exe
c:\windows\system32\noqison.bat
c:\windows\system32\sfcfiles.dll
c:\windows\system32\unirasyx.bin
c:\windows\xyzevehes.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 19:29 . 2009-08-05 19:29 35152 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 02:12 . 2009-08-03 02:12 -------- d-----w- c:\program files\Trend Micro
2009-08-03 01:37 . 2009-08-03 01:37 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\AVG Security Toolbar
2009-08-03 01:22 . 2009-08-03 01:22 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Local Settings\Application Data\Mozilla
2009-08-03 01:09 . 2009-08-03 01:10 117760 ----a-w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-03 01:09 . 2009-08-03 01:09 -------- d-----w- c:\documents and settings\Administrator.ANUPREET\Application Data\SUPERAntiSpyware.com
2009-08-03 00:45 . 2009-08-03 01:04 4 ----a-w- c:\windows\system32\bincd32.dat
2009-07-31 18:28 . 2009-07-31 18:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-31 18:27 . 2009-08-06 14:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-31 18:27 . 2009-08-06 14:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 20:46 . 2009-07-30 20:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-30 20:46 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 14:17 . 2009-08-05 20:42 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-29 14:05 . 2009-07-29 14:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-07-29 05:24 . 2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-29 05:23 . 2009-07-29 05:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-29 05:23 . 2009-07-29 05:23 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 05:23 . 2009-07-29 05:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 05:17 . 2009-08-06 14:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-29 05:17 . 2009-07-29 05:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-29 05:16 . 2009-07-29 05:16 -------- d-----w- c:\program files\AVG
2009-07-29 05:16 . 2009-08-05 14:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-29 04:28 . 2009-07-29 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-07-29 04:17 . 2009-07-29 13:44 -------- d-----w- c:\program files\Windows Defender
2009-07-28 22:24 . 2009-07-28 22:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Logs
2009-07-20 03:53 . 1996-10-15 18:40 78848 ----a-w- c:\windows\system32\INLOADER.DLL
2009-07-20 03:53 . 2009-07-20 03:54 -------- d-----w- c:\program files\PCFriendly
2009-07-20 03:52 . 1996-10-15 22:01 298496 ----a-w- c:\windows\uninst.exe
2009-07-19 05:38 . 2009-07-19 05:38 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-07-17 20:17 . 2009-08-02 20:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-13 14:13 . 2009-07-13 14:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-12 00:59 . 2009-07-12 01:00 -------- d-----w- c:\program files\DivX
2009-07-12 00:59 . 2009-07-12 00:59 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 17:17 . 2009-05-24 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-07-29 13:44 . 2009-05-23 20:17 -------- d-----w- c:\program files\Google
2009-06-26 16:18 . 2009-05-23 19:48 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2009-05-23 19:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2009-05-23 19:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2009-05-23 19:44 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 23:47 . 2009-06-14 23:39 -------- d-----w- c:\program files\SPSSEVAL
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-14 23:43 . 2009-06-14 23:43 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-03 19:27 . 2009-05-23 19:47 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:55 . 2009-05-26 23:55 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-23 20:35 . 2009-08-03 01:07 10134 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-08-03 01:07 49152 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-08-03 01:07 45056 ----a-r- c:\documents and settings\Administrator.ANUPREET\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 21:06 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 21:06 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:35 . 2009-05-23 20:35 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-05-23 20:35 . 2009-05-23 20:35 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-05-23 20:35 . 2009-05-23 20:35 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-05-23 20:31 . 2009-05-23 20:31 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-23 20:30 . 2009-05-23 20:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-23 20:28 . 2009-05-23 20:28 4 ----a-w- c:\windows\Pix11.dat
2009-05-13 21:56 . 2009-07-12 01:00 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-13 21:56 . 2004-11-11 00:30 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2004-11-11 00:27 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-07-12 01:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:56 . 2009-07-12 01:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-12 01:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\dllcache\cache\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[-] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[-] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-06-26 15:59 668160 CF0B7B2738BEF0EB87673393CB7EA06E c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
[-] 2009-06-26 16:50 666624 70FFEA4793D7139A447B169CB0E500BC c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 16:42 668160 8553E6D4EC1563277323E6B2D6FBB954 c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2009-02-20 08:30 659456 F1DBF177AA0DB2150E626595D0EFF604 c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[-] 2009-06-26 16:18 659456 ED97493090DA8871F4EB76E1FF3F6A78 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp2gdr\wininet.dll
[-] 2009-06-26 15:59 668160 CF0B7B2738BEF0EB87673393CB7EA06E c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp2qfe\wininet.dll
[-] 2009-06-26 16:50 666624 70FFEA4793D7139A447B169CB0E500BC c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp3gdr\wininet.dll
[-] 2009-06-26 16:42 668160 8553E6D4EC1563277323E6B2D6FBB954 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp3qfe\wininet.dll
[-] 2009-06-26 16:18 659456 ED97493090DA8871F4EB76E1FF3F6A78 c:\windows\system32\wininet.dll
[-] 2009-06-26 16:18 659456 ED97493090DA8871F4EB76E1FF3F6A78 c:\windows\system32\dllcache\wininet.dll
[-] 2009-06-26 16:18 659456 ED97493090DA8871F4EB76E1FF3F6A78 c:\windows\system32\dllcache\cache\wininet.dll

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\cache\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-01 23:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\cache\ntkrnlpa.exe
[-] 2004-08-03 22:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\cache\ntoskrnl.exe
[-] 2004-08-04 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\ntoskrnl.exe

[-] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\cache\explorer.exe

[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 19:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\cache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2004-08-04 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\spoolsv.exe
[-] 2004-08-04 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\dllcache\spoolsv.exe
[-] 2004-08-04 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\cache\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-04 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\cache\imm32.dll


[-] 2004-09-29 18:27 3004928 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll
[-] 2005-01-27 16:08 3008000 91C5ADE25BC4E3322577854FA2E7B58B c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 06:43 3011072 255C2CE965543ABDC3E0A25A5DA1874A c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2009-02-20 21:44 3067904 03D98EB3F7BBD1FA14C650597F1989BC c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll
[-] 2009-02-20 08:11 3068416 2F70F2F74C40397D031016FA162981C2 c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
[-] 2009-02-20 07:50 3068416 1618A4A2C5DD8164B8295190C8EA6544 c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2009-04-29 04:31 3068928 7BB862F4CBB8361551C34674291BA5EC c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll
[-] 2009-04-29 04:46 3068928 ABD8093E43E53AEA5898D2214B92E9BA c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 04:21 3069440 06CF679E3D24C3DF270556456A0F1EDA c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-07-18 16:00 3069440 9A878C4D12BE5598B598B27BFEA1B3C2 c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll
[-] 2009-07-18 16:05 3069440 7467941BE64DFC5F8E9F3DC1DE920806 c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 15:31 3069952 F3EE47F296295D08A97CB50EF57244D9 c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2005-05-02 20:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2009-02-20 08:30 3059712 B20FEE1734EF152AAA8D6C5A938DA902 c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-04-29 04:52 3060736 04AB92BFDDF275D50E3D42CDB4BF110E c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2008-04-14 00:11 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[-] 2009-07-18 16:20 3062272 108F212B0E1B4439B014497EEC407981 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp2gdr\mshtml.dll
[-] 2009-07-18 16:00 3069440 9A878C4D12BE5598B598B27BFEA1B3C2 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp2qfe\mshtml.dll
[-] 2009-07-18 16:05 3069440 7467941BE64DFC5F8E9F3DC1DE920806 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp3gdr\mshtml.dll
[-] 2009-07-18 15:31 3069952 F3EE47F296295D08A97CB50EF57244D9 c:\windows\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\sp3qfe\mshtml.dll
[-] 2009-07-18 16:20 3062272 108F212B0E1B4439B014497EEC407981 c:\windows\system32\mshtml.dll
[-] 2009-07-18 16:20 3062272 108F212B0E1B4439B014497EEC407981 c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-18 16:20 3062272 108F212B0E1B4439B014497EEC407981 c:\windows\system32\dllcache\cache\mshtml.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
[-] 2004-08-04 19:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\kbdclass.sys
[-] 2004-08-04 19:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2004-08-04 19:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
[-] 2004-08-04 19:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-04 19:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll
[-] 2004-08-04 19:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\cache\comres.dll

[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
[-] 2004-08-04 19:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-04 19:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-04 19:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\cache\lpk.dll


[-] 2004-08-04 19:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 19:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2004-08-04 19:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\dllcache\cache\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
[-] 2004-08-04 19:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\system32\mfc40u.dll
[-] 2004-08-04 19:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\system32\dllcache\mfc40u.dll
[-] 2004-08-04 19:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2009-02-09 10:01 401408 24B5D53B9ACCC1E2EDCF0A878D6659D4 c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
[-] 2004-08-04 19:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-04 19:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll
[-] 2004-08-04 19:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2004-08-04 19:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-04 19:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\system32\comctl32.dll
[-] 2004-08-04 19:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 19:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\system32\dllcache\cache\comctl32.dll
[-] 2004-08-04 19:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 19:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2004-08-04 19:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2004-08-04 19:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
[-] 2004-08-04 19:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-04 19:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll
[-] 2004-08-04 19:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\cache\sfc.dll

[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[-] 2004-08-04 19:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-04 19:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\netlogon.dll
[-] 2004-08-04 19:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\cache\netlogon.dll

[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2004-08-04 19:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-04 19:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\qmgr.dll
[-] 2004-08-04 19:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\cache\qmgr.dll

[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
[-] 2004-08-04 19:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-04 19:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\cache\asyncmac.sys
[-] 2004-08-04 19:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 19:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\I386\NTFS.SYS
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntfs.sys
[-] 2004-08-04 19:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-04 19:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\dllcache\cache\ntfs.sys
[-] 2004-08-04 19:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Skype"="c:\documents and settings\Owner\Desktop\Skype.exe" [2006-06-12 20002856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"HostManager"="c:\program files\Common Files\AOL\1243110623\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-13 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-23 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 1948440]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2009-5-23 1742384]
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-5-23 729088]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-29 05:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= c:\program files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= c:\program files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= c:\program files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"c:\\Program Files\\America Online 9.0\\waol.exe"= c:\program files\America Online 9.0\waol.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"c:\\Program Files\\Common Files\\AOL\\1243110623\\EE\\AOLServiceHost.exe"= c:\program files\Common Files\AOL\1243110623\EE\AOLServiceHost.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= c:\program files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= c:\program files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= c:\program files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= c:\program files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"c:\\Documents and Settings\\Owner\\Desktop\\Skype.exe"= c:\documents and settings\Owner\Desktop\Skype.exe:*:Enabled:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/29/2009 1:23 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/29/2009 1:23 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/29/2009 1:16 AM 298776]
S2 gupdate1ca028c5759770;Google Update Service (gupdate1ca028c5759770);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 8:59 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunch TermService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
HidServ
LanmanWorkstation
Messenger
Netman
TrkWks
W32Time
WZCSVC
wscsvc
xmlprov
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\x1w4jdet.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 13:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-06 13:48
ComboFix-quarantined-files.txt 2009-08-06 17:48
ComboFix2.txt 2009-08-06 14:36
ComboFix3.txt 2009-08-05 15:25

Pre-Run: 8,073,142,272 bytes free
Post-Run: 8,059,535,360 bytes free

626 --- E O F --- 2009-07-31 19:55

HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:17 PM, on 8/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\124311~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\124311~1\EE\AOLServiceHost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Owner\Desktop\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1243110623\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Owner\Desktop\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1ca028c5759770) (gupdate1ca028c5759770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5396 bytes

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 06 August 2009 - 01:31 PM

How is it running now please? Any problems remaining? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 August 2009 - 01:36 PM

The computer seems to be running fine and firefox starts as fast as ever. I am not being redirected anymore on google either but i have to test this out more and see when I get back to working so basically:

:thumbup2:

Thanks so much for your help! If there are any more problems in the next couple of days (since I work from home, I will know about them quickly), I will just post here and let you know. :)

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:43 AM

Posted 06 August 2009 - 01:52 PM

Excellent to know. :thumbup2:

The following will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

Please do let me know, good or bad. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 roversgate

roversgate
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 06 August 2009 - 02:05 PM

Wow that was the fastest uninstalling of a program. ComboFix managed to uninstall but the system restore points don't seem to have been restored. Regardless I created a new restore point today so that I can get to this point with my computer free of malware.

Thank you for your help again and will definitely let you know good or bad as to how my computer is functioning for the next few days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users