Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit virus and other trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 DarkPoisons

DarkPoisons

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 05 August 2009 - 11:16 PM

here is the link to the topic that shows my on-going problem, and below i shall include the logs for the DDS scan.
http://www.bleepingcomputer.com/forums/t/243464/i-cant-remove-my-pc-infections/


DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 0:09:47.40 on Thu 08/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.122 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090805-1] *On-access scanning disabled* (Updated)

{7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn1\yt.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechCommunicationsManager] "c:\program files\common

files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_05\bin\jusched.exe
mRun: [ALCMTR] ALCMTR.EXE
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq

connections\5577497\program\Compaq Connections.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} -

hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -

hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: rbadzm - rbadzm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-14 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-16 138680]
S1 bfastfao;bfastfao;\??\c:\docume~1\compaq~1\locals~1\temp\bfastfao.sys -->

c:\docume~1\compaq~1\locals~1\temp\bfastfao.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe

[2009-3-9 1029456]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-16

254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-16

352920]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\f.tmp --> c:\windows\system32\F.tmp [?]

=============== Created Last 30 ================

2009-08-04 05:44 8,416 a------- c:\windows\system32\drivers\trz6.tmp
2009-07-31 02:50 --dsh--- c:\documents and settings\compaq_owner\IECompatCache
2009-07-30 21:30 --d----- c:\program files\Sophos
2009-07-27 18:16 --d----- C:\RootRepeal
2009-07-26 08:29 --d----- c:\program files\Eusing Free Registry Cleaner
2009-07-21 22:07 --d----- c:\docume~1\compaq~1\applic~1\GetRightToGo
2009-07-15 22:00 --d----- c:\docume~1\compaq~1\applic~1\VSRevoGroup
2009-07-15 19:29 --d----- c:\program files\VS Revo Group
2009-07-15 11:15 --d----- c:\windows\system32\dllcache\cache
2009-07-15 11:01 50,176 a------- c:\windows\system32\proquota.exe
2009-07-15 11:01 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-07-15 10:34 219,648 a------- c:\windows\PEV.exe
2009-07-15 10:34 161,792 a------- c:\windows\SWREG.exe
2009-07-15 10:34 98,816 a------- c:\windows\sed.exe
2009-07-15 10:33 389,120 a------- c:\windows\system32\CF19254.exe
2009-07-15 10:32 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-15 10:32 --d----- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2009-07-14 17:07 --d----- c:\docume~1\alluse~1\applic~1\11439534
2009-07-14 04:47 --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-07-14 04:45 --d----- c:\program files\common files\iS3
2009-07-14 04:45 --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-14 04:44 91 a------- c:\windows\system32\geyekrdkbxvphk.dat
2009-07-14 01:28 154,662 a------- c:\windows\system32\geyekrqrdlvmpj.dat
2009-07-14 01:28 71,680 a------- c:\windows\system32\drivers\geyekromudebit.sys
2009-07-13 22:16 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-07-13 20:24 2 a------- c:\windows\0535251103110107106.xvb
2009-07-13 19:21 18,798 a------- c:\windows\system32\gisogu.reg
2009-07-13 19:21 17,728 a------- c:\windows\system32\laha.bat
2009-07-13 19:21 15,605 a------- c:\windows\utafuji.lib
2009-07-13 19:21 13,556 a------- c:\windows\system32\obigehagos.bat
2009-07-13 19:21 12,055 a------- c:\windows\system32\epydukete.bat
2009-07-13 19:21 11,273 a------- c:\program files\common files\juda.bin
2009-07-13 19:21 14,986 a------- c:\windows\system32\ilegujuba.sys
2009-07-13 19:21 13,216 a------- c:\docume~1\compaq~1\applic~1\wejog.pif
2009-07-13 18:49 2 a------- c:\windows\0535251103110107106.loi
2009-07-10 09:40 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-10 09:40 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-10 09:37 --d----- c:\program files\iPod
2009-07-10 09:32 --d-----

c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 09:32 --d----- c:\program files\iTunes
2009-07-10 09:26 --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-29 21:55 460 a---h--- C:\aaw7boot.cmd
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-13 19:21 19,365 a------- c:\program files\common files\qyvemap._sy
2009-07-13 19:21 10,565 a------- c:\program files\common files\wunubuhy._dl
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-14 21:29 82,623 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-12 01:11 102,912 a------- c:\windows\system32\dllcache\iecompat.dll
2009-02-20 17:57 480 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 0:11:01.00 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2006 2:10:33 AM
System Uptime: 8/5/2009 11:28:32 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | AGENA
Processor: Intel® Celeron® CPU 3.20GHz | Socket 775 |

3201/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 47.191 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.323 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP457: 7/14/2009 1:29:54 AM - Software Distribution Service 3.0
RP458: 7/14/2009 1:30:01 AM - Advanced SystemCare RestorePoint
RP459: 7/14/2009 1:30:16 AM - System Checkpoint
RP460: 7/14/2009 1:30:21 AM - System Checkpoint
RP461: 7/14/2009 1:30:24 AM - System Checkpoint
RP462: 7/14/2009 1:30:28 AM - Removed Jasc Paint Shop Pro 8
RP463: 7/14/2009 1:30:35 AM - System Checkpoint
RP464: 7/14/2009 1:30:40 AM - System Checkpoint
RP465: 7/14/2009 1:30:44 AM - System Checkpoint
RP466: 7/14/2009 1:30:48 AM - System Checkpoint
RP467: 7/14/2009 1:30:50 AM - System Checkpoint
RP468: 7/14/2009 1:30:53 AM - System Checkpoint
RP469: 7/14/2009 1:30:55 AM - System Checkpoint
RP470: 7/14/2009 1:30:58 AM - System Checkpoint
RP471: 7/14/2009 1:31:07 AM - Removed Dogz 5
RP472: 7/14/2009 1:31:10 AM - System Checkpoint
RP473: 7/14/2009 1:31:13 AM - Software Distribution Service 3.0
RP474: 7/14/2009 1:31:16 AM - Installed Java™ 6 Update 14
RP475: 7/14/2009 1:31:19 AM - Removed AVG Free 8.5
RP476: 7/14/2009 1:31:22 AM - Installed AVG Free 8.5
RP477: 7/14/2009 1:31:24 AM - Software Distribution Service 3.0
RP478: 7/14/2009 1:31:27 AM - System Checkpoint
RP479: 7/14/2009 1:31:29 AM - Removed LiveUpdate (Symantec Corporation)
RP480: 7/14/2009 1:31:32 AM - Installed ESET Smart Security
RP481: 7/14/2009 1:31:34 AM - System Checkpoint
RP482: 7/14/2009 1:31:35 AM - System Checkpoint
RP483: 7/14/2009 1:31:36 AM - System Checkpoint
RP484: 7/14/2009 1:31:37 AM - System Checkpoint
RP485: 7/14/2009 1:31:38 AM - System Checkpoint
RP486: 7/14/2009 1:31:39 AM - System Checkpoint
RP487: 7/14/2009 1:31:41 AM - System Checkpoint
RP488: 7/14/2009 1:31:42 AM - System Checkpoint
RP489: 7/14/2009 1:31:43 AM - System Checkpoint
RP490: 7/14/2009 1:31:44 AM - System Checkpoint
RP491: 7/14/2009 1:31:45 AM - System Checkpoint
RP492: 7/14/2009 1:31:47 AM - System Checkpoint
RP493: 7/14/2009 1:31:49 AM - System Checkpoint
RP494: 7/14/2009 1:31:51 AM - System Checkpoint
RP495: 7/14/2009 1:31:53 AM - System Checkpoint
RP496: 7/14/2009 1:31:55 AM - System Checkpoint
RP497: 7/14/2009 1:31:56 AM - System Checkpoint
RP498: 7/14/2009 1:31:57 AM - System Checkpoint
RP499: 7/14/2009 1:31:58 AM - System Checkpoint
RP500: 7/14/2009 1:31:59 AM - System Checkpoint
RP501: 7/14/2009 1:32:01 AM - System Checkpoint
RP502: 7/14/2009 1:32:02 AM - System Checkpoint
RP503: 7/14/2009 1:32:02 AM - System Checkpoint
RP504: 7/14/2009 1:32:02 AM - System Checkpoint
RP505: 7/14/2009 1:32:03 AM - System Checkpoint
RP506: 7/14/2009 1:32:03 AM - System Checkpoint
RP507: 7/15/2009 8:42:41 PM - Removed STOPzilla. Available with Windows

Installer version 1.2 and later.
RP508: 7/30/2009 12:18:51 PM - System Checkpoint
RP509: 8/1/2009 11:49:49 AM - System Checkpoint
RP510: 8/2/2009 12:00:20 PM - System Checkpoint
RP511: 8/3/2009 12:50:59 PM - System Checkpoint
RP512: 8/5/2009 5:57:53 AM - System Checkpoint

==== Installed Programs ======================

Sansa Media Converter
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
AT&T Internet Security Wizard 1.5.11
ATI Control Panel
ATI Display Driver
ATT-HSI
avast! Antivirus
Bejeweled 2 Deluxe 1.0
Best Buy Rhapsody
Bonjour
BufferChm
CA Yahoo! Anti-Spy (remove only)
Choice Guard
CleanUp!
Compaq Connections (remove only)
Cosmi's Electronic Card Creator
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash 2
Diner Dash 3-in-1
Eusing Free Registry Cleaner
FATE from Compaq (remove only)
FrostWire 4.18.0
FullDPAppQFolder
GTK+ Runtime 2.14.7 rev a (remove only)
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Game Console and games
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Rhapsody
HP Software Update
HP Support Overview
HP Web Helper
HpSdpAppCoreApp
IMVU Avatar Chat Software
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 9
Java™ 6 Update 14
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MVision
Netscape Browser (remove only)
NVIDIA DDS Utilities
OptionalContentQFolder
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
Rhapsody Player Engine
Sansa Media Converter
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Shrek 2 Ogre Bowler from Compaq (remove only)
SkinsHP1
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sophos Anti-Rootkit 1.5.0
Unity Web Player
Unload
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Viewpoint Media Player
Virtual Families
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xbox 360 Controller for Windows
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/5/2009 7:12:36 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Beep bfastfao catchme sptd
8/4/2009 9:44:25 AM, error: Service Control Manager [7009] - Timeout (30000

milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
8/4/2009 9:44:25 AM, error: Service Control Manager [7000] - The IMAPI

CD-Burning COM Service service failed to start due to the following error: The

service did not respond to the start or control request in a timely fashion.
8/4/2009 9:42:49 AM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Ad-Watch Connect Filter Beep

bfastfao catchme sptd
8/4/2009 4:49:18 AM, error: Service Control Manager [7023] - The iPod Service

service terminated with the following error: Security must be initialized before

any interfaces are marshalled or unmarshalled. It cannot be changed once

initialized.
8/4/2009 11:56:45 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Beep bfastfao catchme iaStor

IntelIde sptd ViaIde
8/1/2009 8:14:21 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Ad-Watch Connect Filter Beep

bfastfao catchme EntDrv51
8/1/2009 8:14:21 PM, error: Service Control Manager [7000] - The MCSTRM

service failed to start due to the following error: The system cannot find the file

specified.
8/1/2009 2:25:02 PM, error: W32Time [17] - Time Provider NtpClient: An error

occurred during DNS lookup of the manually configured peer

'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes.

The error was: A socket operation was attempted to an unreachable host.

(0x80072751)
8/1/2009 12:43:41 AM, error: Service Control Manager [7009] - Timeout (30000

milliseconds) waiting for the avast! Web Scanner service to connect.
8/1/2009 12:43:41 AM, error: Service Control Manager [7000] - The avast! Web

Scanner service failed to start due to the following error: The service did not

respond to the start or control request in a timely fashion.
7/31/2009 8:07:16 AM, error: Service Control Manager [7023] - The avast! Web

Scanner service terminated with the following error: Cannot create a file when

that file already exists.
7/31/2009 2:45:43 AM, error: Service Control Manager [7034] - The avast! Web

Scanner service terminated unexpectedly. It has done this 1 time(s).
7/31/2009 2:43:04 AM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Ad-Watch Connect Filter Beep

bfastfao catchme EntDrv51 iaStor IntelIde ViaIde

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 06 August 2009 - 03:00 AM

Hello :thumbup2:

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
Posted Image

#3 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 09 August 2009 - 10:42 AM

ComboFix 09-08-08.04 - Compaq_Owner 08/09/2009 11:05.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.149 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\system32\drivers\geyekromudebit.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\geyekrdkbxvphk.dat
c:\windows\system32\geyekrqrdlvmpj.dat
c:\windows\system32\kwave.sys
D:\Autorun.inf
.
---- Previous Run -------
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\dobe~1\?dobe\ctxad-555.0000
c:\program files\dobe~1\?dobe\ctxad-555.0001
c:\program files\dobe~1\?dobe\ctxad-555.0002
c:\program files\dobe~1\?dobe\ctxad-555.0003
c:\program files\dobe~1\?dobe\ctxad-555.0004
c:\program files\dobe~1\?dobe\ctxad-555.0005
c:\program files\dobe~1\?dobe\ctxad-555.0006
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\0101120101465749.dat
c:\windows\0101120101465752.dat
c:\windows\ld10.exe
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP489\A0334783.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_geyekrbboruwbj
-------\Legacy_RBADZA
-------\Service_geyekrbboruwbj


((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-07-31 06:50 . 2009-07-31 06:50 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2009-07-31 01:30 . 2009-07-31 01:30 -------- d-----w- c:\program files\Sophos
2009-07-30 01:51 . 2009-07-30 01:51 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-30 01:06 . 2009-07-30 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 06:32 . 2009-07-28 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:16 . 2009-07-28 06:48 -------- d-----w- C:\RootRepeal
2009-07-26 12:29 . 2009-07-26 12:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-22 06:29 . 2009-08-04 09:01 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 02:07 . 2009-07-22 02:18 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\GetRightToGo
2009-07-17 12:40 . 2009-07-17 12:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 17:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 17:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 17:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-16 17:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 17:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-16 17:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-16 17:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 17:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 17:08 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 17:08 . 2009-07-16 17:08 -------- d-----w- c:\program files\Alwil Software
2009-07-16 02:00 . 2009-07-16 02:00 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\VSRevoGroup
2009-07-15 23:29 . 2009-07-15 23:29 -------- d-----w- c:\program files\VS Revo Group
2009-07-15 15:28 . 2009-07-15 15:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-15 15:28 . 2009-07-15 15:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-15 15:28 . 2009-07-15 15:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-15 15:28 . 2009-07-15 15:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-15 15:28 . 2009-07-15 15:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-15 15:27 . 2009-07-15 15:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-15 15:27 . 2009-07-15 15:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-15 15:27 . 2009-07-15 15:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-15 15:26 . 2009-07-15 15:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-15 15:26 . 2009-07-15 15:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-15 15:26 . 2009-07-15 15:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-15 15:26 . 2009-07-15 15:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-15 15:26 . 2009-07-15 15:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-15 15:26 . 2009-07-15 15:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-15 15:26 . 2009-07-15 15:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 14:32 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 14:32 . 2009-07-16 00:41 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-15 13:55 . 2009-07-15 13:55 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-14 21:07 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11439534
2009-07-14 08:47 . 2009-07-14 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-14 08:45 . 2009-07-14 08:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-14 08:45 . 2009-07-15 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-14 08:44 . 2009-07-14 08:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 02:16 . 2004-08-04 04:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-07-13 23:21 . 2009-07-13 23:21 18798 ----a-w- c:\windows\system32\gisogu.reg
2009-07-13 23:21 . 2009-07-13 23:21 17728 ----a-w- c:\windows\system32\laha.bat
2009-07-13 23:21 . 2009-07-13 23:21 13556 ----a-w- c:\windows\system32\obigehagos.bat
2009-07-13 23:21 . 2009-07-13 23:21 12055 ----a-w- c:\windows\system32\epydukete.bat
2009-07-13 23:21 . 2009-07-13 23:21 11273 ----a-w- c:\program files\Common Files\juda.bin
2009-07-13 23:21 . 2009-07-13 23:21 14986 ----a-w- c:\windows\system32\ilegujuba.sys
2009-07-13 23:21 . 2009-07-13 23:21 10593 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\garekid.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 18:47 . 2009-05-13 20:23 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\FrostWire
2009-08-06 11:11 . 2009-06-14 23:27 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\mIRC
2009-08-06 07:23 . 2006-06-05 17:27 -------- d-----w- c:\program files\mIRC
2009-08-04 09:02 . 2009-05-16 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-05-16 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-16 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:30 . 2006-06-05 09:43 54 -c--a-w- c:\windows\popcinfo.dat
2009-07-30 01:55 . 2009-05-14 19:26 460 ---ha-w- C:\aaw7boot.cmd
2009-07-25 11:30 . 2009-05-13 16:44 -------- d-----w- c:\program files\Common Files\Motive
2009-07-25 11:30 . 2009-08-04 09:44 8416 ----a-w- c:\windows\system32\drivers\trz6.tmp
2009-07-22 04:25 . 2007-08-05 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-16 00:44 . 2006-02-23 02:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 00:39 . 2007-02-24 09:05 -------- d-----w- c:\program files\CA
2009-07-14 03:52 . 2009-05-16 23:54 -------- d-----w- c:\program files\Diner Dash 2
2009-07-13 23:21 . 2009-07-13 23:21 19365 ----a-w- c:\program files\Common Files\qyvemap._sy
2009-07-13 23:21 . 2009-07-13 23:21 13216 ----a-w- c:\docume~1\COMPAQ~1\APPLIC~1\wejog.pif
2009-07-13 23:21 . 2009-07-13 23:21 10565 ----a-w- c:\program files\Common Files\wunubuhy._dl
2009-07-10 13:43 . 2009-07-10 13:43 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Apple Computer
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\program files\iTunes
2009-07-10 13:37 . 2009-07-10 13:37 -------- d-----w- c:\program files\iPod
2009-07-10 13:37 . 2009-07-10 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 13:32 . 2009-07-10 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 13:26 . 2009-07-10 13:26 -------- d-----w- c:\program files\Bonjour
2009-07-10 12:58 . 2009-07-10 12:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-10 12:50 . 2009-07-10 12:49 -------- d-----w- c:\program files\QuickTime
2009-07-09 22:42 . 2006-06-05 23:00 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\IMVU
2009-07-09 01:52 . 2009-05-16 03:49 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Azureus
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:56 . 2009-05-29 05:36 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\IMVUClient
2009-06-25 18:21 . 2009-06-25 18:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomHost.exe
2009-06-25 18:21 . 2009-06-25 18:21 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomAdapter.dll
2009-06-25 18:21 . 2009-06-25 18:21 2002944 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ParkingDash.exe
2009-06-18 11:46 . 2009-06-18 11:46 -------- d-----w- c:\program files\Unity
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 01:12 . 2009-06-15 01:10 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\X-Chat 2
2009-06-14 03:51 . 2009-06-14 03:51 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\ESET
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-14 03:40 . 2006-02-23 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-14 03:40 . 2006-02-23 02:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 23:50 . 2009-05-30 09:14 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-05-21 18:42 . 2006-06-29 19:33 377704 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 15:33 . 2008-12-23 23:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 01:29 . 2005-12-04 23:49 82623 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 18:47 . 2009-05-14 18:53 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-14 18:47 . 2009-05-14 18:47 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
.

------- Sigcheck -------

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 04:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe


[7] 2004-08-04 04:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-15 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/14/2009 2:53 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/16/2009 1:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2009 1:09 PM 20560]
S1 bfastfao;bfastfao;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F.tmp --> c:\windows\system32\F.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:26]

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-rbadzm - rbadzm.dll


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 11:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4584)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-09 11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 15:38

Pre-Run: 50,441,453,568 bytes free
Post-Run: 50,638,839,808 bytes free

298 --- E O F --- 2009-07-29 07:02

#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 09 August 2009 - 11:14 AM

Hello :thumbup2:

Step #1
Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,
File::
c:\windows\system32\gisogu.reg
c:\windows\system32\laha.bat
C:\windows\system32\obigehagos.bat
c:\windows\system32\epydukete.bat
c:\program files\Common Files\juda.bin
c:\windows\system32\ilegujuba.sys
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\garekid.scr
c:\program files\Common Files\qyvemap._sy
C:\docume~1\COMPAQ~1\APPLIC~1\wejog.pif
c:\program files\Common Files\wunubuhy._dl


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Step #2
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Step #3
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Step #4
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window

c:\windows\explorer.exe

Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following files:

c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\$NtServicePackUninstall$\explorer.exe


If Jotti is too busy please try Virustotal

Step #5
Please post Combofix log, Mbam results and Jotti results back here :)
Posted Image

#5 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 09 August 2009 - 04:20 PM

jotti found nothing for each file i scanned.

ComboFix 09-08-09.03 - Compaq_Owner 08/09/2009 16:27.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.146 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090808-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\kwave.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-07-31 06:50 . 2009-07-31 06:50 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2009-07-31 01:30 . 2009-07-31 01:30 -------- d-----w- c:\program files\Sophos
2009-07-30 01:51 . 2009-07-30 01:51 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-30 01:06 . 2009-07-30 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 06:32 . 2009-07-28 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:16 . 2009-07-28 06:48 -------- d-----w- C:\RootRepeal
2009-07-26 12:29 . 2009-07-26 12:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-22 06:29 . 2009-08-04 09:01 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 02:07 . 2009-07-22 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2009-07-17 12:40 . 2009-07-17 12:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 17:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 17:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 17:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-16 17:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 17:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-16 17:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-16 17:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 17:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 17:08 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 17:08 . 2009-07-16 17:08 -------- d-----w- c:\program files\Alwil Software
2009-07-16 02:00 . 2009-07-16 02:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2009-07-15 23:29 . 2009-07-15 23:29 -------- d-----w- c:\program files\VS Revo Group
2009-07-15 15:28 . 2009-07-15 15:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-15 15:28 . 2009-07-15 15:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-15 15:28 . 2009-07-15 15:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-15 15:28 . 2009-07-15 15:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-15 15:28 . 2009-07-15 15:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-15 15:27 . 2009-07-15 15:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-15 15:27 . 2009-07-15 15:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-15 15:27 . 2009-07-15 15:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-15 15:26 . 2009-07-15 15:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-15 15:26 . 2009-07-15 15:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-15 15:26 . 2009-07-15 15:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-15 15:26 . 2009-07-15 15:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-15 15:26 . 2009-07-15 15:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-15 15:26 . 2009-07-15 15:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-15 15:26 . 2009-07-15 15:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 14:32 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 14:32 . 2009-07-16 00:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-07-15 13:55 . 2009-07-15 13:55 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-14 21:07 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11439534
2009-07-14 08:47 . 2009-07-14 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-14 08:45 . 2009-07-14 08:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-14 08:45 . 2009-07-15 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-14 08:44 . 2009-07-14 08:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 02:16 . 2004-08-04 04:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-07-13 23:21 . 2009-07-13 23:21 18798 ----a-w- c:\windows\system32\gisogu.reg
2009-07-13 23:21 . 2009-07-13 23:21 17728 ----a-w- c:\windows\system32\laha.bat
2009-07-13 23:21 . 2009-07-13 23:21 13556 ----a-w- c:\windows\system32\obigehagos.bat
2009-07-13 23:21 . 2009-07-13 23:21 12055 ----a-w- c:\windows\system32\epydukete.bat
2009-07-13 23:21 . 2009-07-13 23:21 11273 ----a-w- c:\program files\Common Files\juda.bin
2009-07-13 23:21 . 2009-07-13 23:21 14986 ----a-w- c:\windows\system32\ilegujuba.sys
2009-07-13 23:21 . 2009-07-13 23:21 13216 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wejog.pif
2009-07-13 23:21 . 2009-07-13 23:21 10593 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\garekid.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 18:47 . 2009-05-13 20:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire
2009-08-06 11:11 . 2009-06-14 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mIRC
2009-08-06 07:23 . 2006-06-05 17:27 -------- d-----w- c:\program files\mIRC
2009-08-04 09:02 . 2009-05-16 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-05-16 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-16 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:30 . 2006-06-05 09:43 54 -c--a-w- c:\windows\popcinfo.dat
2009-07-30 01:55 . 2009-05-14 19:26 460 ---ha-w- C:\aaw7boot.cmd
2009-07-25 11:30 . 2009-05-13 16:44 -------- d-----w- c:\program files\Common Files\Motive
2009-07-25 11:30 . 2009-08-04 09:44 8416 ----a-w- c:\windows\system32\drivers\trz6.tmp
2009-07-22 04:25 . 2007-08-05 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-16 00:44 . 2006-02-23 02:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 00:39 . 2007-02-24 09:05 -------- d-----w- c:\program files\CA
2009-07-14 03:52 . 2009-05-16 23:54 -------- d-----w- c:\program files\Diner Dash 2
2009-07-13 23:21 . 2009-07-13 23:21 19365 ----a-w- c:\program files\Common Files\qyvemap._sy
2009-07-13 23:21 . 2009-07-13 23:21 10565 ----a-w- c:\program files\Common Files\wunubuhy._dl
2009-07-10 13:43 . 2009-07-10 13:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\program files\iTunes
2009-07-10 13:37 . 2009-07-10 13:37 -------- d-----w- c:\program files\iPod
2009-07-10 13:37 . 2009-07-10 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 13:32 . 2009-07-10 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 13:26 . 2009-07-10 13:26 -------- d-----w- c:\program files\Bonjour
2009-07-10 12:58 . 2009-07-10 12:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-10 12:50 . 2009-07-10 12:49 -------- d-----w- c:\program files\QuickTime
2009-07-09 22:42 . 2006-06-05 23:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVU
2009-07-09 01:52 . 2009-05-16 03:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Azureus
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:57 . 2009-05-29 05:38 80967 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\Uninstall.exe
2009-07-01 15:56 . 2009-05-29 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient
2009-07-01 15:56 . 2009-07-01 15:53 16149640 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\audiere.dll
2009-06-25 18:21 . 2009-06-25 18:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomHost.exe
2009-06-25 18:21 . 2009-06-25 18:21 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomAdapter.dll
2009-06-25 18:21 . 2009-06-25 18:21 2002944 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ParkingDash.exe
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-18 11:46 . 2009-06-18 11:46 -------- d-----w- c:\program files\Unity
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 01:12 . 2009-06-15 01:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\X-Chat 2
2009-06-14 03:51 . 2009-06-14 03:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ESET
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-14 03:40 . 2006-02-23 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-14 03:40 . 2006-02-23 02:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-09 21:30 . 2009-06-09 21:30 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pywintypes25.dll
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 04:38 . 2009-05-29 04:38 2141 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-05-28 21:05 . 2009-05-28 21:05 2145 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-28 20:58 . 2009-05-28 20:58 2099 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-05-26 23:50 . 2009-05-30 09:14 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-05-21 18:42 . 2006-06-29 19:33 377704 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 15:33 . 2008-12-23 23:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 23:44 . 2009-05-16 23:44 0 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-05-15 01:29 . 2005-12-04 23:49 82623 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 18:47 . 2009-05-14 18:53 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-14 18:47 . 2009-05-14 18:47 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 19:45 . 2009-05-13 19:45 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

------- Sigcheck -------

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 04:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe


[7] 2004-08-04 04:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\appmgmts.dll ... is missing !!
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_15.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 20:39 . 2009-08-09 20:39 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat
+ 2009-08-09 20:21 . 2009-08-09 20:21 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
- 2009-08-09 14:12 . 2009-08-09 14:12 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2009-08-09 20:39 . 2009-08-09 20:39 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-15 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/14/2009 2:53 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/16/2009 1:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2009 1:09 PM 20560]
S1 bfastfao;bfastfao;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F.tmp --> c:\windows\system32\F.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:26]

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6024)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-09 16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 20:58
ComboFix2.txt 2009-08-09 15:39

Pre-Run: 50,623,705,088 bytes free
Post-Run: 50,579,009,536 bytes free

311 --- E O F --- 2009-07-29 07:02


--------------
Malwarebytes' Anti-Malware 1.40
Database version: 2587
Windows 5.1.2600 Service Pack 3

8/9/2009 5:17:30 PM
mbam-log-2009-08-09 (17-17-30).txt

Scan type: Quick Scan
Objects scanned: 104011
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> Delete on reboot.

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 10 August 2009 - 02:22 AM

Hello

Did you drag CFScript.txt into ComboFix.exe?
Combofix shows you didn't. Would you please do it again?
Posted Image

#7 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 12 August 2009 - 09:11 PM

i hope i did it right this time
----------------------------------------
ComboFix 09-08-10.06 - Compaq_Owner 08/12/2009 22:31.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.99 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\docume~1\COMPAQ~1\APPLIC~1\wejog.pif"
"c:\documents and settings\Compaq_Owner\Local Settings\Application Data\garekid.scr"
"c:\program files\Common Files\juda.bin"
"c:\program files\Common Files\qyvemap._sy"
"c:\program files\Common Files\wunubuhy._dl"
"c:\windows\system32\epydukete.bat"
"c:\windows\system32\gisogu.reg"
"c:\windows\system32\ilegujuba.sys"
"c:\windows\system32\laha.bat"
"c:\windows\system32\obigehagos.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\APPLIC~1\wejog.pif
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\garekid.scr
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll
c:\program files\Common Files\juda.bin
c:\program files\Common Files\qyvemap._sy
c:\program files\Common Files\wunubuhy._dl
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\epydukete.bat
c:\windows\system32\gisogu.reg
c:\windows\system32\ilegujuba.sys
c:\windows\system32\kwave.sys
c:\windows\system32\laha.bat
c:\windows\system32\obigehagos.bat

----- BITS: Possible infected sites -----

hxxp://j+|Cv+@J:NGD_DQ{zcxLJS@]nkC!#Messenger Update

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 00:11 . 2009-08-12 00:11 -------- d-----w- c:\program files\MSECache
2009-07-31 06:50 . 2009-07-31 06:50 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2009-07-31 01:30 . 2009-07-31 01:30 -------- d-----w- c:\program files\Sophos
2009-07-30 01:51 . 2009-07-30 01:51 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-30 01:06 . 2009-07-30 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 06:32 . 2009-07-28 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:16 . 2009-07-28 06:48 -------- d-----w- C:\RootRepeal
2009-07-26 12:29 . 2009-07-26 12:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-22 06:29 . 2009-08-04 09:01 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 02:07 . 2009-07-22 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2009-07-17 12:40 . 2009-07-17 12:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 17:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 17:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 17:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-16 17:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 17:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-16 17:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-16 17:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 17:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 17:08 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 17:08 . 2009-07-16 17:08 -------- d-----w- c:\program files\Alwil Software
2009-07-16 02:00 . 2009-07-16 02:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2009-07-15 23:29 . 2009-07-15 23:29 -------- d-----w- c:\program files\VS Revo Group
2009-07-15 15:28 . 2009-07-15 15:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-15 15:28 . 2009-07-15 15:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-15 15:28 . 2009-07-15 15:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-15 15:28 . 2009-07-15 15:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-15 15:28 . 2009-07-15 15:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-15 15:27 . 2009-07-15 15:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-15 15:27 . 2009-07-15 15:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-15 15:27 . 2009-07-15 15:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-15 15:26 . 2009-07-15 15:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-15 15:26 . 2009-07-15 15:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-15 15:26 . 2009-07-15 15:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-15 15:26 . 2009-07-15 15:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-15 15:26 . 2009-07-15 15:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-15 15:26 . 2009-07-15 15:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-15 15:26 . 2009-07-15 15:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 14:32 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 14:32 . 2009-07-16 00:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-07-15 13:55 . 2009-07-15 13:55 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-14 21:07 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11439534
2009-07-14 08:47 . 2009-07-14 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-14 08:45 . 2009-07-14 08:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-14 08:45 . 2009-07-15 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-14 08:44 . 2009-07-14 08:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 18:47 . 2009-05-13 20:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire
2009-08-06 11:11 . 2009-06-14 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mIRC
2009-08-06 07:23 . 2006-06-05 17:27 -------- d-----w- c:\program files\mIRC
2009-08-04 09:02 . 2009-05-16 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-05-16 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-16 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:30 . 2006-06-05 09:43 54 -c--a-w- c:\windows\popcinfo.dat
2009-07-30 01:55 . 2009-05-14 19:26 460 ---ha-w- C:\aaw7boot.cmd
2009-07-25 11:30 . 2009-05-13 16:44 -------- d-----w- c:\program files\Common Files\Motive
2009-07-25 11:30 . 2009-08-04 09:44 8416 ----a-w- c:\windows\system32\drivers\trz6.tmp
2009-07-22 04:25 . 2007-08-05 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-16 00:44 . 2006-02-23 02:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 00:39 . 2007-02-24 09:05 -------- d-----w- c:\program files\CA
2009-07-14 03:52 . 2009-05-16 23:54 -------- d-----w- c:\program files\Diner Dash 2
2009-07-10 13:43 . 2009-07-10 13:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\program files\iTunes
2009-07-10 13:37 . 2009-07-10 13:37 -------- d-----w- c:\program files\iPod
2009-07-10 13:37 . 2009-07-10 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 13:32 . 2009-07-10 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 13:26 . 2009-07-10 13:26 -------- d-----w- c:\program files\Bonjour
2009-07-10 12:58 . 2009-07-10 12:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-10 12:50 . 2009-07-10 12:49 -------- d-----w- c:\program files\QuickTime
2009-07-09 22:42 . 2006-06-05 23:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVU
2009-07-09 01:52 . 2009-05-16 03:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Azureus
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:57 . 2009-05-29 05:38 80967 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\Uninstall.exe
2009-07-01 15:56 . 2009-05-29 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient
2009-07-01 15:56 . 2009-07-01 15:53 16149640 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\audiere.dll
2009-06-25 18:21 . 2009-06-25 18:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomHost.exe
2009-06-25 18:21 . 2009-06-25 18:21 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomAdapter.dll
2009-06-25 18:21 . 2009-06-25 18:21 2002944 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ParkingDash.exe
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-18 11:46 . 2009-06-18 11:46 -------- d-----w- c:\program files\Unity
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 01:12 . 2009-06-15 01:10 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\X-Chat 2
2009-06-14 03:51 . 2009-06-14 03:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\ESET
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-14 03:40 . 2006-02-23 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-14 03:40 . 2006-02-23 02:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-09 21:30 . 2009-06-09 21:30 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pywintypes25.dll
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 04:38 . 2009-05-29 04:38 2141 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-05-28 21:05 . 2009-05-28 21:05 2145 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-28 20:58 . 2009-05-28 20:58 2099 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-05-26 23:50 . 2009-05-30 09:14 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-05-21 18:42 . 2006-06-29 19:33 377704 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 15:33 . 2008-12-23 23:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 23:44 . 2009-05-16 23:44 0 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
.

------- Sigcheck -------

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 04:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe


[7] 2004-08-04 04:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\appmgmts.dll ... is missing !!
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_15.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 02:45 . 2009-08-13 02:45 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
+ 2009-08-13 02:45 . 2009-08-13 02:45 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2009-08-12 00:11 . 2009-08-12 00:11 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2005-12-04 23:53 . 2009-08-13 00:05 944120 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-12 00:11 . 2009-08-12 00:11 355328 c:\windows\Installer\30945c6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-15 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/14/2009 2:53 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/16/2009 1:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2009 1:09 PM 20560]
S1 bfastfao;bfastfao;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F.tmp --> c:\windows\system32\F.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:26]

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 22:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-08-13 23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 03:15
ComboFix2.txt 2009-08-09 20:58
ComboFix3.txt 2009-08-09 15:39

Pre-Run: 50,335,662,080 bytes free
Post-Run: 50,284,408,832 bytes free

326 --- E O F --- 2009-07-29 07:02

Edited by DarkPoisons, 12 August 2009 - 10:20 PM.


#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 13 August 2009 - 02:50 AM

Hello

Yes you did it right.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\explorer.exe
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following files
c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\$NtServicePackUninstall$\explorer.exe


If Jotti is too busy please try Virustotal


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post Jotti results and Eset results back here :thumbup2:
Posted Image

#9 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 13 August 2009 - 10:09 AM

Jotti found nothing for each file i listed. i'm going to run the other scan now

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 13 August 2009 - 12:01 PM

Ok. That's good.
Posted Image

#11 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 13 August 2009 - 06:24 PM

results for the ESET online scanner

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ADM trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\trz6.tmp Win32/Spy.Goldun.NFE trojan cleaned by deleting - quarantined
D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP480\A0332630.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP480\A0332631.exe a variant of Win32/Toolbar.MyWebSearch application deleted - quarantined

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 13 August 2009 - 11:28 PM

Hello

Ok. Please remove old version of combofix and download newest and run it.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Post a fresh Combofix log back here.
Posted Image

#13 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 14 August 2009 - 07:31 AM

ComboFix 09-08-10.06 - Compaq_Owner 08/14/2009 4:04.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.97 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll
.


.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-13 23:27 . 2009-08-13 23:27 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 19:10 . 2009-08-13 19:10 -------- d-----w- c:\program files\ESET
2009-08-13 00:20 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:11 . 2009-08-12 00:11 -------- d-----w- c:\program files\MSECache
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 06:50 . 2009-07-31 06:50 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2009-07-31 01:30 . 2009-07-31 01:30 -------- d-----w- c:\program files\Sophos
2009-07-30 01:51 . 2009-07-30 01:51 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-30 01:06 . 2009-07-30 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 06:32 . 2009-07-28 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:16 . 2009-07-28 06:48 -------- d-----w- C:\RootRepeal
2009-07-26 12:29 . 2009-07-26 12:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-22 06:29 . 2009-08-04 09:01 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 02:07 . 2009-07-22 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 12:40 . 2009-07-17 12:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 17:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-16 17:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-16 17:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-16 17:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-16 17:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-16 17:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-16 17:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-16 17:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-16 17:08 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-16 17:08 . 2009-07-16 17:08 -------- d-----w- c:\program files\Alwil Software
2009-07-16 02:00 . 2009-07-16 02:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2009-07-15 23:29 . 2009-07-15 23:29 -------- d-----w- c:\program files\VS Revo Group
2009-07-15 15:28 . 2009-07-15 15:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-15 15:28 . 2009-07-15 15:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-15 15:28 . 2009-07-15 15:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-15 15:28 . 2009-07-15 15:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-15 15:28 . 2009-07-15 15:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-15 15:27 . 2009-07-15 15:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-15 15:27 . 2009-07-15 15:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-15 15:27 . 2009-07-15 15:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-15 15:26 . 2009-07-15 15:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-15 15:26 . 2009-07-15 15:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-15 15:26 . 2009-07-15 15:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-15 15:26 . 2009-07-15 15:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-15 15:26 . 2009-07-15 15:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-15 15:26 . 2009-07-15 15:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-15 15:26 . 2009-07-15 15:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-15 15:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-15 14:32 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 14:32 . 2009-07-16 00:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-07-15 13:55 . 2009-07-15 13:55 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 23:30 . 2006-02-23 01:47 -------- d-----w- c:\program files\Java
2009-08-13 07:07 . 2009-05-13 16:44 -------- d-----w- c:\program files\Common Files\Motive
2009-08-07 18:47 . 2009-05-13 20:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire
2009-08-06 11:11 . 2009-06-14 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mIRC
2009-08-06 07:23 . 2006-06-05 17:27 -------- d-----w- c:\program files\mIRC
2009-08-05 09:01 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 09:02 . 2009-05-16 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-05-16 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-16 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:30 . 2006-06-05 09:43 54 -c--a-w- c:\windows\popcinfo.dat
2009-07-30 01:55 . 2009-05-14 19:26 460 ---ha-w- C:\aaw7boot.cmd
2009-07-25 09:23 . 2008-12-23 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 04:25 . 2007-08-05 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 19:01 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 00:44 . 2006-02-23 02:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 00:39 . 2007-02-24 09:05 -------- d-----w- c:\program files\CA
2009-07-15 15:29 . 2009-07-14 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-14 21:08 . 2009-07-14 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\11439534
2009-07-14 18:40 . 2009-07-14 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-14 08:45 . 2009-07-14 08:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-14 03:52 . 2009-05-16 23:54 -------- d-----w- c:\program files\Diner Dash 2
2009-07-14 03:43 . 2004-08-04 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 13:43 . 2009-07-10 13:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\program files\iTunes
2009-07-10 13:37 . 2009-07-10 13:37 -------- d-----w- c:\program files\iPod
2009-07-10 13:37 . 2009-07-10 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 13:32 . 2009-07-10 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 13:26 . 2009-07-10 13:26 -------- d-----w- c:\program files\Bonjour
2009-07-10 12:58 . 2009-07-10 12:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-10 12:50 . 2009-07-10 12:49 -------- d-----w- c:\program files\QuickTime
2009-07-09 22:42 . 2006-06-05 23:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVU
2009-07-09 01:52 . 2009-05-16 03:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Azureus
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:57 . 2009-05-29 05:38 80967 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\Uninstall.exe
2009-07-01 15:56 . 2009-05-29 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient
2009-07-01 15:56 . 2009-07-01 15:53 16149640 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\audiere.dll
2009-06-25 18:21 . 2009-06-25 18:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomHost.exe
2009-06-25 18:21 . 2009-06-25 18:21 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomAdapter.dll
2009-06-25 18:21 . 2009-06-25 18:21 2002944 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ParkingDash.exe
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-18 11:46 . 2009-06-18 11:46 -------- d-----w- c:\program files\Unity
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 14:13 . 2004-08-04 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 04:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 21:30 . 2009-06-09 21:30 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pywintypes25.dll
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 04:38 . 2009-05-29 04:38 2141 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-05-28 21:05 . 2009-05-28 21:05 2145 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-28 20:58 . 2009-05-28 20:58 2099 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-05-26 23:50 . 2009-05-30 09:14 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-05-21 18:42 . 2006-06-29 19:33 377704 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 23:44 . 2009-05-16 23:44 0 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
.

------- Sigcheck -------

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 04:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe


[7] 2004-08-04 04:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\appmgmts.dll ... is missing !!
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_15.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 02:55 . 2009-08-14 02:55 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2009-08-14 08:20 . 2009-08-14 08:20 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2009-08-14 08:20 . 2009-08-14 08:20 16384 c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-09-21 08:40 . 2009-08-13 07:38 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-12 00:11 . 2009-08-12 00:11 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2005-12-04 23:53 . 2009-08-13 00:05 944120 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 04:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-08-12 00:11 . 2009-08-12 00:11 355328 c:\windows\Installer\30945c6.msi
- 2006-09-21 08:40 . 2009-07-15 07:04 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-21 16:52 . 2009-05-21 16:52 464272 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 11:18 . 2003-07-15 11:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-13 07:37 . 2009-08-13 07:37 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2004-08-04 04:00 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\109db8f.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\109db79.msp
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 17:10 . 2007-03-14 17:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2004-08-04 04:00 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2006-06-09 08:54 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-08-04 04:00 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\109db7a.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-15 520024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/14/2009 2:53 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/16/2009 1:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2009 1:09 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S1 bfastfao;bfastfao;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F.tmp --> c:\windows\system32\F.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:26]

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 04:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6024)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-14 5:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 09:00
ComboFix2.txt 2009-08-13 03:15
ComboFix3.txt 2009-08-09 20:58
ComboFix4.txt 2009-08-09 15:39

Pre-Run: 49,833,140,224 bytes free
Post-Run: 49,960,505,344 bytes free

349 --- E O F --- 2009-08-13 07:38

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:13 AM

Posted 14 August 2009 - 12:19 PM

Hello

Please navigate to:
c:\windows\system32\dllcache -folder and search beep.sys file. RightClick beep.sys and choose Copy.

Then navigate to c:\windows\system32\drivers -folder and rightclick somewhere empty place and choose Paste


Then use Windows Search and try find next file:
appmgmts.dll

If you got it, copy that file to this next folder:
c:\windows\system32


If you didn't get it, you can download the file here:
http://www.dlldump.com/download-dll-files_...0/download.html

After doing those things, please run Combofix again and post the log back here :thumbup2:
How's your computer working now?

Edited by Baabiouz, 14 August 2009 - 12:21 PM.

Posted Image

#15 DarkPoisons

DarkPoisons
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Columbus, OH
  • Local time:04:13 AM

Posted 18 August 2009 - 01:19 AM

it's loading much better


ComboFix 09-08-10.06 - Compaq_Owner 08/18/2009 1:35.8.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.177 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 05:33 . 2009-08-18 05:33 167936 ----a-w- c:\windows\system32\appmgmts.dll
2009-08-18 05:29 . 2004-08-04 04:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-18 05:29 . 2004-08-04 04:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-13 23:27 . 2009-08-13 23:27 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 19:10 . 2009-08-13 19:10 -------- d-----w- c:\program files\ESET
2009-08-13 00:20 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 00:11 . 2009-08-12 00:11 -------- d-----w- c:\program files\MSECache
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 06:50 . 2009-07-31 06:50 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2009-07-31 01:30 . 2009-07-31 01:30 -------- d-----w- c:\program files\Sophos
2009-07-30 01:51 . 2009-07-30 01:51 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-30 01:06 . 2009-07-30 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-28 06:32 . 2009-07-28 06:32 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:16 . 2009-07-28 06:48 -------- d-----w- C:\RootRepeal
2009-07-26 12:29 . 2009-07-26 12:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-22 06:29 . 2009-08-04 09:01 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-22 02:07 . 2009-07-22 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 19:42 . 2006-06-29 19:33 381592 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 23:30 . 2006-02-23 01:47 -------- d-----w- c:\program files\Java
2009-08-13 07:07 . 2009-05-13 16:44 -------- d-----w- c:\program files\Common Files\Motive
2009-08-07 18:47 . 2009-05-13 20:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire
2009-08-06 11:11 . 2009-06-14 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mIRC
2009-08-06 07:23 . 2006-06-05 17:27 -------- d-----w- c:\program files\mIRC
2009-08-05 09:01 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 09:02 . 2009-05-16 03:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 17:36 . 2009-05-16 03:24 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-16 03:24 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:30 . 2006-06-05 09:43 54 -c--a-w- c:\windows\popcinfo.dat
2009-07-30 01:55 . 2009-05-14 19:26 460 ---ha-w- C:\aaw7boot.cmd
2009-07-25 09:23 . 2008-12-23 23:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 04:25 . 2007-08-05 15:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-17 19:01 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:08 . 2009-07-16 17:08 -------- d-----w- c:\program files\Alwil Software
2009-07-16 02:00 . 2009-07-16 02:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\VSRevoGroup
2009-07-16 00:44 . 2006-02-23 02:15 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-16 00:41 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-07-16 00:39 . 2007-02-24 09:05 -------- d-----w- c:\program files\CA
2009-07-15 23:29 . 2009-07-15 23:29 -------- d-----w- c:\program files\VS Revo Group
2009-07-15 15:29 . 2009-07-14 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-15 15:28 . 2009-07-15 15:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-15 15:28 . 2009-07-15 15:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-15 15:28 . 2009-07-15 15:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-15 15:28 . 2009-07-15 15:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-15 15:28 . 2009-07-15 15:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-15 15:27 . 2009-07-15 15:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-15 15:27 . 2009-07-15 15:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-15 15:27 . 2009-07-15 15:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-15 15:26 . 2009-07-15 15:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-15 15:26 . 2009-07-15 15:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-15 15:26 . 2009-07-15 15:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-15 15:26 . 2009-07-15 15:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-15 15:26 . 2009-07-15 15:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-15 15:26 . 2009-07-15 15:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-15 15:26 . 2009-07-15 15:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-15 15:26 . 2009-07-15 15:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-15 14:32 . 2009-07-15 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 13:55 . 2009-07-15 13:55 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-14 18:40 . 2009-07-14 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-14 08:45 . 2009-07-14 08:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-14 03:52 . 2009-05-16 23:54 -------- d-----w- c:\program files\Diner Dash 2
2009-07-14 03:43 . 2004-08-04 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 13:43 . 2009-07-10 13:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-10 13:39 . 2009-07-10 13:32 -------- d-----w- c:\program files\iTunes
2009-07-10 13:37 . 2009-07-10 13:37 -------- d-----w- c:\program files\iPod
2009-07-10 13:37 . 2009-07-10 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 13:32 . 2009-07-10 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-10 13:26 . 2009-07-10 13:26 -------- d-----w- c:\program files\Bonjour
2009-07-10 12:58 . 2009-07-10 12:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-10 12:50 . 2009-07-10 12:49 -------- d-----w- c:\program files\QuickTime
2009-07-09 22:42 . 2006-06-05 23:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVU
2009-07-09 01:52 . 2009-05-16 03:49 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Azureus
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:57 . 2009-05-29 05:38 80967 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\Uninstall.exe
2009-07-01 15:56 . 2009-05-29 05:36 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient
2009-07-01 15:56 . 2009-07-01 15:53 16149640 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-06-29 03:12 . 2009-06-29 03:12 95576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUupdater.exe
2009-06-29 03:12 . 2009-06-29 03:12 49920 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\IMVUClient.exe
2009-06-29 03:12 . 2009-06-29 03:12 18176 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\imvuqualityagent.exe
2009-06-29 03:11 . 2009-06-29 03:11 1245184 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\SceneWindow.dll
2009-06-29 03:11 . 2009-06-29 03:11 14848 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MemoryHook.dll
2009-06-29 03:11 . 2009-06-29 03:11 289792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\cal3d.dll
2009-06-29 03:11 . 2009-06-29 03:11 25600 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\CallStack.dll
2009-06-29 03:11 . 2009-06-29 03:11 187392 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\boost_python.dll
2009-06-29 03:11 . 2009-06-29 03:11 256000 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\audiere.dll
2009-06-25 18:21 . 2009-06-25 18:21 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomHost.exe
2009-06-25 18:21 . 2009-06-25 18:21 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ZylomAdapter.dll
2009-06-25 18:21 . 2009-06-25 18:21 2002944 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\parkingdash\en-US\ParkingDash.exe
2009-06-25 00:15 . 2009-06-25 00:15 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpcshell.exe
2009-06-25 00:15 . 2009-06-25 00:15 161792 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\crashreporter.exe
2009-06-25 00:15 . 2009-06-25 00:15 99328 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner-stub.exe
2009-06-25 00:15 . 2009-06-25 00:15 92672 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xulrunner.exe
2009-06-25 00:15 . 2009-06-25 00:15 7168 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\mangle.exe
2009-06-25 00:15 . 2009-06-25 00:15 49152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\shlibsign.exe
2009-06-25 00:15 . 2009-06-25 00:15 309248 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpidl.exe
2009-06-25 00:15 . 2009-06-25 00:15 239104 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\updater.exe
2009-06-25 00:15 . 2009-06-25 00:15 22016 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_dump.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\xpt_link.exe
2009-06-25 00:15 . 2009-06-25 00:15 18432 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\ssltunnel.exe
2009-06-25 00:15 . 2009-06-25 00:15 12288 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\GeckoBin\regxpcom.exe
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 14:13 . 2004-08-04 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 04:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 21:30 . 2009-06-09 21:30 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\IMVUClient\pywintypes25.dll
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 04:38 . 2009-05-29 04:38 2141 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
.

((((((((((((((((((((((((((((( SnapShot@2009-08-09_15.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 05:49 . 2009-08-18 05:49 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2009-08-18 05:17 . 2009-08-18 05:17 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat
+ 2009-08-18 05:50 . 2009-08-18 05:50 16384 c:\windows\Temp\Perflib_Perfdata_204.dat
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-09-21 08:40 . 2009-08-13 07:38 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-12 00:11 . 2009-08-12 00:11 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2009-08-13 23:30 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2005-12-04 23:53 . 2009-08-13 00:05 944120 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 04:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-08-12 00:11 . 2009-08-12 00:11 355328 c:\windows\Installer\30945c6.msi
+ 2006-09-21 08:40 . 2009-08-13 07:38 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-21 08:40 . 2009-08-13 07:38 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-09-21 08:40 . 2009-07-15 07:04 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-21 16:52 . 2009-05-21 16:52 464272 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 11:18 . 2003-07-15 11:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-13 07:37 . 2009-08-13 07:37 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2004-08-04 04:00 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\109db8f.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\109db79.msp
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 17:10 . 2007-03-14 17:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2004-08-04 04:00 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2006-06-09 08:54 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-08-04 04:00 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\109db7a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-23 180269]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-15 520024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/14/2009 2:53 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/16/2009 1:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/16/2009 1:09 PM 20560]
S1 bfastfao;bfastfao;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\bfastfao.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F.tmp --> c:\windows\system32\F.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:26]

2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 01:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6456)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-08-18 2:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 06:12
ComboFix2.txt 2009-08-14 09:00
ComboFix3.txt 2009-08-13 03:15
ComboFix4.txt 2009-08-09 20:58
ComboFix5.txt 2009-08-18 05:34

Pre-Run: 49,577,627,648 bytes free
Post-Run: 49,821,523,968 bytes free

328 --- E O F --- 2009-08-13 07:38




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users