Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This HELP


  • This topic is locked This topic is locked
29 replies to this topic

#1 JayDPiii

JayDPiii

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 18 September 2009 - 10:47 AM

P.S.> I posted a similar in Win XP forum, yesterday. Today, looking at this newly registered to Forum more closely, after scrolling down the page some more, I saw there were more Forums beyond Hardware. Sorry, I didn't notice the specific topic, sooner. I should have realized and posted in this correct forum. I then went back to the Win XP forum to delete my post as it was in the wrong place and it is no longer there. Possibly, an administrator removed it. I did not see it, here, either - so, I am reposting here, in the correct forum. Thanks for understanding.

I have also activated Immediate e-mails as suggested in the New Members Read Me's.

I can not connect with either FireFox or IE 8 to certain websites such as Microsoft Update and Safer Networking.
I did a search on Internet, and found a step-by-step. I followed,
doing DEEP Scans with first existing installed programs: my anti-virus AVAST, then SpyBot S&D, then MalWare Bytes. I also have had Spyware Blaster installed some time ago, beofre problem.
Then following some suggestions, I installed SuperAntiSpyware, and ran a deep scan with it, also.
Then installed and ran the Microsoft Malicious Software Removal Tool - a Deep Scan lasting 4 hours, it too found nothing.

All found nothing, except a couple of Adware cookies, removed.
Next step was to run HiJack This, whgich I installed and ran.
Finally, the Tutorail suggested posting here at Bleeping Computer.

Here is the HiJackThis log file:
Thanks for any and all help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:23 PM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Seagate\Sync\SeaSync.exe
C:\WINNT\system32\UTSCSI.EXE
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\vssvc.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WinUtils\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Desksware\Desktop iCal\Calendar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\Program Files\MozyHome\mozystat.exe
C:\HySnapDX\hsdx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\SpoofStick\SpoofStick.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RamBooster] C:\WinUtils\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [Calendar] C:\Program Files\Desksware\Desktop iCal\Calendar.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [iCalendar] C:\Program Files\Desksware\Desktop iCal\Calendar.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HyperSnap-DX.lnk = C:\HySnapDX\hsdx.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CLRSERV - Unknown owner - C:\Program Files\Keriver Image\CLRSERV.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ee16333efad0) (gupdate1c9ee16333efad0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINNT\system32\UTSCSI.EXE
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 16913 bytes

Reading some more (1400 hours, 18Sep09) and saw the ROOTREPEAL.DMP. Ran it. Got an error. Resulting TXT file:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000094
Exception Address: 0x004eca19

Edited by JayDPiii, 18 September 2009 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 05 October 2009 - 07:59 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 06 October 2009 - 06:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


1. Thank You and problem still exists. Went through the Bleeping Computer's forum,and based on symptoms, only suspect MALWARE, according to forum info I read.

2.) Based on symptom, found a step-by-step tutorial in Bleeping Computer Forums suggesting a possible MALWARE. Followed the instructions/links from this forum, resulting in posting the HiJackThis results and asking for help to which your reply is now addressing.

2.) PROBLEM: FireFox 3.5.3 can not access certain sites, like: MicrosoftUpdate and SaferNetworking.org, etc. I can access other sites like Google, my credit cards, my bank, and web surf in general. Internet Explorer 8 can not access any sites. I removed IE8 and reinstalled it. No change - same problem.

3.) I first noticed the problem after the following sequence of events - which might or might not have actually caused the problem - i.e., the problem might have existed unknown to me prior to these events?:
a.) Wanted to try Google Chrome browser, downloaded and installed.
b.) After a few days, decided to uninstall Google Chrome browser.
c.) A few days later I tried to access Microsoft Update site - could not with FireFox.
d.) I could access some sites with IE8, but not others, incl MicrosoftUpdate, etc. Progressively IE8 now can not access
any sites.
e) Google Chrome install/uninstall might only be coincidental - do not know if problem existed prior to its initial install.

HERE are the two DDS scripts:
NOTE: The Pop-Up text in either of the two Notepad files with the HiJack this psuedo results did not include instructions, as your reply indicated it would.


DDS.txt Script Results:



DDS (Ver_09-09-29.01) - NTFSx86
Run by JayDPiii at 7:25:39.28 on Tue 10/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: rsion - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn11\YTSingleInstance.dll
TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\spoofstick\SpoofStick.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {4D053320-23CF-417F-B498-0DCF8EBF49C3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RamBooster] c:\winutils\rambooster 2.0\Rambooster.exe
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
uRun: [Calendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [iCalendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [SBAutoUpdate] "c:\program files\spywareblaster\sbautoupdate.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: MaxRecentDocs = 5 (0x5)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38104.6401388889
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-05 09:14 7,168 a------- c:\winnt\system32\drivers\StarOpen.sys
2009-10-01 10:22 <DIR> -cd-h--- c:\winnt\ie8
2009-09-29 14:19 2,146,304 ac------ c:\winnt\system32\GPhotos.scr
2009-09-18 12:04 <DIR> --d----- C:\My Music
2009-09-17 18:05 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 08:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 08:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 08:28 <DIR> --d----- c:\docume~1\jaydpiii\applic~1\SUPERAntiSpyware.com
2009-09-16 12:00 3,764 a------- C:\cc_20090916_120013.reg
2009-09-15 09:12 11,278 a------- C:\cc_20090915_091217.reg
2009-09-15 08:44 <DIR> --d----- c:\program files\common files\xing shared
2009-09-08 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SystemExplorer
2009-09-08 11:29 <DIR> --d----- c:\program files\System Explorer
2009-09-08 09:48 2,616 a------- C:\cc_20090908_094806.reg
2009-09-08 09:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Canneverbe Limited

==================== Find3M ====================

2009-10-01 10:25 45 a------- c:\winnt\system32\drivers\RemoveAny.log
2009-09-29 20:06 737,280 ac------ c:\winnt\iun6002.exe
2009-09-16 14:49 441,760 a------- c:\winnt\system32\drivers\timntr.sys
2009-09-16 14:49 44,384 a------- c:\winnt\system32\drivers\tifsfilt.sys
2009-09-16 14:49 132,224 a------- c:\winnt\system32\drivers\snapman.sys
2009-09-16 14:49 368,480 a------- c:\winnt\system32\drivers\tdrpman.sys
2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-23 17:00 922,112 -------- c:\winnt\system32\imapi2fs.dll
2009-08-23 17:00 426,496 -------- c:\winnt\system32\imapi2.dll
2009-08-19 03:36 299,008 a------- c:\winnt\system32\TubeFinder.exe
2009-08-08 10:52 2,274 a------- C:\IOBitUpdate03.reg
2009-08-08 10:50 1,822 a------- C:\IOBitUpdate02.reg
2009-08-08 10:50 81,668 a------- C:\IOBitUpdate01.reg
2009-08-08 10:48 178,984,250 a------- C:\pre_remove_IOBitUpdate.reg
2009-08-05 05:01 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\winnt\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\winnt\system32\wmpdxm.dll
2008-06-18 09:58 0 ac------ c:\documents and settings\jaydpiii\JayDPiii_notes.dat
2006-07-27 08:09 630,784 -c------ c:\documents and settings\jaydpiii\chatlnk.exe
2005-10-20 17:10 11 -c------ c:\docume~1\jaydpiii\applic~1\Microsoft.Office.Print.dll
2001-06-19 15:05 271 -c-sh--- c:\program files\DESKTOP.INI
2001-06-19 15:05 21,952 -c--h--- c:\program files\FOLDER.HTT
2008-09-27 20:08 32,768 ac-sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 7:26:31.00 ===============



SECOND DDS ATTACH.txt file:


==== Installed Programs ======================

µTorrent
123 Password Recovery
1300
1300_Help
1300Tour
1300Trb
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65
Acrobat.com
Acronis True Image Home
Active Disk
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe FrameMaker 8
Adobe FrameMaker 8 p273 Patcher
Adobe FrameMaker 8 p276 Patcher
Adobe FrameMaker 8 p277 Patcher
Adobe FrameMaker v7.0
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Advanced System Optimizer 2.10
Advanced SystemCare 3
AiO_Scan
AiOSoftware
Alt-Tab Task Switcher Powertoy for Windows XP
AM-DeadLink
AMD CPUInfo
AnalogX DLLArchive
AndreaMosaic 3.15
AndreaMosaic 3.32.3
Apple Software Update
AptiStock 1.12
Ashampoo Movie Shrink & Burn 3 3.03
Ashampoo Music Studio 3.50
Ashampoo Photo Optimizer 3.03
Ashampoo StartUp Tuner 2.00
Ask Toolbar
Aspell English Dictionary-0.50-2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AtomTime98 v2.2
Auslogics Disk Defrag
Auslogics Duplicate File Finder
avast! Antivirus
AVS Disc Creator version 2.1
Belarc Advisor 7.2
BiblePro
BitTorrent
BufferChm
CA Yahoo! Anti-Spy (remove only)
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera WIA Driver 6.2.5
Canon G.726 WMP-Decoder
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CDBurnerXP
CDBurnerXP Pro 3
cdrLabel 7.1
Centra Client
CentraOne
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
CNET TechTracker
Color@Home
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
Creative Jukebox Driver
Creative Removable Disk Manager
Creative Software Update
Creative System Information
Creative ZEN V Series
Creative ZEN X-Fi User's Guide
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CutePDF Writer 2.1
dBpowerAMP Monkeys Audio Codec
dBpoweramp Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP WMA V9 Codec
Dell OpenManage Client Instrumentation
Desktop iCalendar Lite 1.1.0
Destinations
Digimax Viewer 1.0
Digital Line Detect
DING!
Director
dMC Accurate Rip Database
dMC AccurateRip
DocProc
DocumentViewer
DOSShell 1.4
Double-Deck Pinochle 3.6
Duplicate File Finder
Duplicate File Finder 1.1.0.3
DVD Suite
DzSoft Slide Show 1.2
e-Sword
eFax Messenger 4.1
End It All
ERUNT 1.1j
Euchre From Special K
EULAlyzer 2.0
Exact Audio Copy 0.99pb1
Fast Duplicate File Finder 1.1.0.0
Fax
FL 2001 Registration
foobar2000 v0.9.4
Free and Easy Biorhythm Calculator version 2.80
Free Download Manager 3.0
Free FLV Converter V 6.6.4
Free Icon Studio
Free Registry Defrag
FreeAgent Go Tools
FUJIFILM USB Driver
Garmin City Navigator North America v8
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
GdiplusUpgrade
getPlus®_dll
GIMP 2.4.7
Glary Registry Repair 3.2.0.828
GNU Aspell 0.50-3
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
Hayes V.92 USB Voice Faxmodem
HDValet
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Print Diagnostic Utility
HP PSC & OfficeJet 4.2
HP Software Update
hpmdtab
HPODiscovery
HPSystemDiagnostics
Hugin 0.7.0 (SVN 3465)
HyperSnap-DX
Icon Collector Version 1.3
ieSpell 2.2.0 (build 647)
Image Resizer Powertoy for Windows XP
ImageForge version 3.41
ImgBurn
IMS Web Dwarf V2
InfraRecorder
InstantShare
InstaVerse
Intel Ultra ATA Storage Driver
Intellisync® for Yahoo!
Internet Explorer Q903235
Iomega Automatic Backup
IrfanView (remove only)
ISO Recorder
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
Java™ 6 Update 13
Java™ 6 Update 5
Java™ 6 Update 7
Keriver Image 2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark Printer Software Uninstall
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software 1.10.27.1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribe Template Labeler
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech MouseWare 9.79.1
Macromedia Authorware 7.01
Macromedia Dreamweaver 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft System Configuration Utility 5.1.2600.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser and SDK
MightyFax
MigoSync
Modem Helper
Modem User Guide
Monkey's Audio
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.3)
MP3 Indexer 1.3.0.8
Mp3tag v2.44
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NET Bible First Edition 1.0
NET Bible for e-Sword
NetWaiting
NTREGOPT 1.1j
Overland
PacBoy
Paint Shop Pro 6.01 CD
Paint Shop Pro 6.02 Patch
Paint.NET v3.36
Password Corral v4.0
PhotoGallery
Picasa 3
Pidgin
PowerDVD
PowerProducer
Presto! PageManager 7.15.16
PrimoPDF
PrintMaster 16
PrintScreen
ProductContext
QFolder
Quicken Family Lawyer 2001
QuickProjects
QuickTime
RamBooster
RAW Image Task 1.1
Readme
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
SafeGuard
save2pc Light 3.49
Scan
ScanSoft OmniPage SE 4
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Simple Sudoku 4.1
SkinsHP1
Skype™ 4.0
Spades
Spelling Dictionaries Support For Adobe Reader 8
SpoofStick for Internet Explorer 1.01
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Symantec pcAnywhere
SyncToy
System Explorer 1.5
TaxACT 2008
TaxACT 2008 Massachusetts
The Font Thing
Time Zone Data Update Tool for Microsoft Office Outlook
TomTom HOME
Travelaxe
TrayApp
TreeSize Free V1.77
TurboTax Deluxe 2007
Tweak UI
TweakNow PowerPack 2009
TweakNow WinSecret Professional
TweetDeck
UltraEdit-32 Uninstall
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
User's Guides
VC_MergeModuleToMSI
VDMSound 2.0.4
VLC media player 1.0.1
Wal-Mart Music Downloads Store
WebFldrs XP
WebIQ Client Software
WebReg
WinDates
Windows 2000 Application Compatibility Update
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Safety scanner
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows Support Tools
Windows XP Service Pack 3
WinImage
WinPatrol 2009
WinZip
Xvid 1.2.1 final uninstall
Yahoo! Mail Advisor
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yapta
YouTube Downloader 2.5.1
Zen Micro Media Explorer

==== End Of File ===========================

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 11 October 2009 - 03:15 AM

Hi,

There's P2P filesharing programs installed there. Big part of infections are received from P2P downloads and that's why I strongly suggest that you uninstall such software.

Let's see if we can make other scanner work.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 11 October 2009 - 05:44 PM

Hi,

There's P2P filesharing programs installed there. Big part of infections are received from P2P downloads and that's why I strongly suggest that you uninstall such software.

Let's see if we can make other scanner work.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.



Here are the GMER Results:

(Thanks!)

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-11 18:41:27
Windows 5.1.2600 Service Pack 3
Running: t8eh57un.exe; Driver: C:\DOCUME~1\jaydpiii\LOCALS~1\Temp\fwlyqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF0BFF6B8]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xF0F580D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xF0F5A302]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF0BFF574]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xF0F5802C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xF0F58AAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0xF0F57D12]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xF0F59CB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xF0F58EC0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF0BFFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF0BFF14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF0BFF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF0BFF08C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xF0F589E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF0BFF0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF0BFF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF0BFF72E]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xF0F57BB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xF0F59DE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF0BFF8AE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xF0F58FA0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF0EC30B0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xF0F5A14A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xF0F59FB4]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[1008] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F754A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F754A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F754A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F754A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\system32\services.exe[936] @ C:\WINNT\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINNT\system32\services.exe[936] @ C:\WINNT\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\explorer.exe [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\explorer.exe[2644] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[2976] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@jamphgamilcecdpmlghi 0x6B 0x61 0x6B 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@iampfgccbbgnidljhp 0x69 0x61 0x66 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@ebmphgamilcecdpmlghiljhpnpehdbdemihhooifhc 0x6B 0x61 0x6C 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@mampnhffbnchpmahafkojoijkh 0x6D 0x61 0x6C 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@mampnhffbnchpmahafkojoedog 0x6F 0x61 0x6B 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@cbmpiidkcfpanicnpkpklpogepbbohialjdhbe 0x67 0x61 0x63 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@bbmpiidkcfpanicnpkpkfdafkbgmdghcnnfd 0x66 0x61 0x6D 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@mampiidkcfpanicnpkpkhalipm 0x66 0x61 0x6D 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32@fbmpiidkcfpanicnpkpkkpbgbagjonjgjlobhelnpeia 0x6A 0x62 0x6F 0x6F ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  GMER.txt   24.98KB   1 downloads


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 12 October 2009 - 04:21 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 12 October 2009 - 07:26 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

[*]Click Yes to allow ComboFix to continue scanning for malware.
[/list]When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:


Here are the results of ComboFIX:
P.S.> There was no C:\combofix folder created; However, I simply saved the TXT file in Notepad.

ComboFix 09-10-11.03 - JayDPiii 10/12/2009 7:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1291 [GMT -4:00]
Running from: c:\documents and settings\jaydpiii\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1173043625-135362183-1255108355-1000
c:\recycler\S-1-5-21-1173043625-135362183-1255108355-500
c:\recycler\S-1-5-21-220523388-152049171-854245398-500
c:\winnt\CouponPrinter.ocx
c:\winnt\msvrc20.dll
c:\winnt\msvrc20_old.dll
c:\winnt\system\oeminfo.ini
c:\winnt\system32\_000232_.tmp.dll
c:\winnt\Web\default.htt
I:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-05 13:14 . 2009-09-29 01:57 7168 ----a-w- c:\winnt\system32\drivers\StarOpen.sys
2009-10-01 14:22 . 2009-10-01 14:24 -------- dc-h--w- c:\winnt\ie8
2009-09-29 18:19 . 2009-09-29 18:19 2146304 -c--a-w- c:\winnt\system32\GPhotos.scr
2009-09-18 17:56 . 2009-10-05 12:10 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\vlc
2009-09-18 16:04 . 2009-09-18 16:04 -------- d-----w- C:\My Music
2009-09-17 22:05 . 2009-09-17 22:05 -------- d-----w- c:\program files\Trend Micro
2009-09-17 12:29 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-17 12:28 . 2009-09-18 01:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 12:28 . 2009-09-17 12:28 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\SUPERAntiSpyware.com
2009-09-16 16:00 . 2009-09-16 16:00 3764 ----a-w- C:\cc_20090916_120013.reg
2009-09-15 22:29 . 2009-09-15 22:29 -------- d-----w- C:\ERDNT
2009-09-15 14:59 . 2009-09-15 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-09-15 13:12 . 2009-09-15 13:12 11278 ----a-w- C:\cc_20090915_091217.reg
2009-09-15 12:53 . 2009-09-15 12:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-15 12:44 . 2009-09-15 12:44 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 12:10 . 2008-03-05 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-12 12:06 . 2009-05-22 11:23 45 ----a-w- c:\winnt\system32\drivers\RemoveAny.log
2009-10-12 11:57 . 2004-09-01 00:13 -------- d-----w- c:\program files\SpywareBlaster
2009-10-11 12:10 . 2009-03-13 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-07 11:52 . 2005-01-26 21:22 -------- d-----w- c:\program files\NotesSpad
2009-10-05 13:14 . 2008-09-22 16:14 -------- d-----w- c:\program files\CDBurnerXP
2009-10-01 19:54 . 2009-01-09 22:22 -------- d-----w- c:\program files\TaxACT 2008
2009-10-01 18:42 . 2004-05-25 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 18:30 . 2006-02-22 02:55 -------- d-----w- c:\program files\PCPitstop
2009-10-01 18:22 . 2008-02-20 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-30 11:33 . 2004-11-09 21:06 -------- d-----w- c:\program files\AndreaMosaic
2009-09-30 00:06 . 2004-07-14 23:21 737280 -c--a-w- c:\winnt\iun6002.exe
2009-09-18 16:40 . 2004-10-29 15:03 -------- d-----w- c:\program files\CDBurnerXP Pro 3
2009-09-16 18:49 . 2007-08-24 21:02 44384 ----a-w- c:\winnt\system32\drivers\tifsfilt.sys
2009-09-16 18:49 . 2007-08-24 21:02 441760 ----a-w- c:\winnt\system32\drivers\timntr.sys
2009-09-16 18:49 . 2007-08-24 21:02 132224 ----a-w- c:\winnt\system32\drivers\snapman.sys
2009-09-16 18:49 . 2008-03-26 14:21 368480 ----a-w- c:\winnt\system32\drivers\tdrpman.sys
2009-09-16 17:53 . 2009-08-26 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-16 14:09 . 2008-04-05 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 23:12 . 2008-02-13 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 23:04 . 2006-03-01 21:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-15 12:53 . 2006-07-27 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-15 12:44 . 2004-10-11 19:22 -------- d-----w- c:\program files\RealPlayer
2009-09-15 12:44 . 2004-10-11 19:22 -------- d-----w- c:\program files\Common Files\Real
2009-09-15 12:32 . 2009-07-28 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:54 . 2009-07-28 12:29 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-07-28 12:29 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-08 18:59 . 2007-02-02 13:38 -------- d-----w- c:\program files\Duplicate File Finder
2009-09-08 17:07 . 2007-06-08 11:12 -------- d-----w- c:\program files\Registry Clean Expert
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemExplorer
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\program files\System Explorer
2009-09-08 15:02 . 2008-03-06 12:56 -------- d-----w- c:\program files\Support Tools
2009-09-08 13:56 . 2006-10-12 20:09 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\Mp3tag
2009-09-08 13:56 . 2006-10-12 20:06 -------- d-----w- c:\program files\Mp3tag
2009-09-08 13:49 . 2009-08-21 12:00 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2009-09-08 13:48 . 2009-09-08 13:48 2616 ----a-w- C:\cc_20090908_094806.reg
2009-09-08 13:38 . 2008-08-11 12:51 -------- d-----w- c:\program files\Glary Registry Repair
2009-09-08 13:38 . 2008-08-11 13:10 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\GlarySoft
2009-09-08 13:36 . 2009-09-08 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-09-08 13:34 . 2007-09-24 18:26 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\.purple
2009-09-08 13:33 . 2007-09-24 18:17 -------- d-----w- c:\program files\Pidgin
2009-09-08 13:29 . 2006-09-28 13:39 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\Free Download Manager
2009-09-08 13:23 . 2006-09-28 13:39 -------- d-----w- c:\program files\Free Download Manager
2009-09-08 12:15 . 2006-06-14 19:47 -------- d-----w- c:\program files\Travelaxe
2009-09-08 12:11 . 2008-06-04 11:09 -------- d-----w- c:\program files\EULAlyzer
2009-08-27 16:39 . 2009-03-13 19:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-27 12:16 . 2004-05-08 02:38 67432 -c--a-w- c:\documents and settings\jaydpiii\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:05 . 2009-08-26 19:56 -------- d-----w- c:\program files\Microsoft Works
2009-08-27 11:21 . 2007-02-23 20:30 -------- d-----w- c:\program files\MSECache
2009-08-26 19:54 . 2009-08-26 19:54 -------- d-----w- c:\program files\Microsoft.NET
2009-08-24 20:15 . 2009-08-05 12:50 -------- d-----w- c:\program files\AskBarDis
2009-08-24 19:29 . 2008-07-01 12:23 -------- d-----w- c:\program files\Revo Uninstaller
2009-08-24 19:14 . 2009-08-24 19:14 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\SuperEasy
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\winnt\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\winnt\system32\imapi2.dll
2009-08-21 17:48 . 2009-04-13 18:03 -------- d-----w- c:\program files\TweetDeck
2009-08-21 12:00 . 2009-08-21 12:00 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\TweakNow PowerPack 2009
2009-08-20 19:26 . 2009-08-20 19:26 -------- d-----w- c:\program files\MSBuild
2009-08-20 19:26 . 2009-08-20 19:26 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 12:48 . 2008-11-23 20:49 -------- d-----w- c:\program files\Free FLV Converter
2009-08-19 07:36 . 2008-11-23 20:49 299008 ----a-w- c:\winnt\system32\TubeFinder.exe
2009-08-17 16:10 . 2008-08-28 16:45 1279456 ----a-w- c:\winnt\system32\aswBoot.exe
2009-08-17 16:06 . 2008-08-28 18:54 93392 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-08-28 18:54 94160 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-08-28 18:54 114768 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-28 18:54 20560 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-08-28 18:54 51376 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-08-28 18:54 23152 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-08-28 18:54 26944 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-08-28 18:54 97480 ----a-w- c:\winnt\system32\AvastSS.scr
2009-08-14 16:32 . 2004-04-28 12:11 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\AdobeUM
2009-08-14 12:54 . 2008-03-13 14:18 -------- d-----w- c:\program files\Auslogics
2009-08-08 14:52 . 2009-08-08 14:52 2274 ----a-w- C:\IOBitUpdate03.reg
2009-08-08 14:50 . 2009-08-08 14:50 1822 ----a-w- C:\IOBitUpdate02.reg
2009-08-08 14:50 . 2009-08-08 14:50 81668 ----a-w- C:\IOBitUpdate01.reg
2009-08-08 14:48 . 2009-08-08 14:47 178984250 ----a-w- C:\pre_remove_IOBitUpdate.reg
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\winnt\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\winnt\system32\atl.dll
2001-06-19 19:05 . 2001-06-19 19:05 21952 -c-h--w- c:\program files\FOLDER.HTT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\winutils\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]
"Calendar"="c:\program files\Desksware\Desktop iCal\Calendar.exe" [2008-03-15 2774528]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"iCalendar"="c:\program files\Desksware\Desktop iCal\Calendar.exe" [2008-03-15 2774528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-18 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-14 57344]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-09 320832]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"SBAutoUpdate"="c:\program files\SpywareBlaster\sbautoupdate.exe" [2009-04-09 923176]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-15 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\jaydpiii\Start Menu\Programs\Startup\
HyperSnap-DX.lnk - c:\hysnapdx\hsdx.exe [2004-4-27 581632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MightyFAX Controller.lnk - c:\program files\MightyFax\MFNTCTL.EXE [2005-3-25 491520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"MaxRecentDocs"= 5 (0x5)
"NoFavoritesMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 14:51 24638 ------w- c:\winnt\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=sxgb.dll
"mixer1"=sxgb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\winnt\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=c:\winnt\pss\eFax 4.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\winnt\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\winnt\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=c:\winnt\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\BIRT\\eclipse\\eclipse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\RealPlayer\\realplay.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINNT\\SYSTEM32\\dpvsetup.exe"=
"c:\\WINNT\\SYSTEM32\\dxdiag.exe"=
"c:\\WINNT\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data

R0 fasttrak;fasttrak;c:\winnt\SYSTEM32\DRIVERS\Fasttrak.sys [2/15/2002 2:37 PM 64418]
R0 mraid2k;mraid2k;c:\winnt\SYSTEM32\DRIVERS\mraid2k.sys [2/15/2002 2:37 PM 17258]
R1 aswSP;avast! Self Protection;c:\winnt\SYSTEM32\DRIVERS\aswSP.sys [8/28/2008 2:54 PM 114768]
R1 cloverm;cloverm;c:\winnt\SYSTEM32\DRIVERS\cloverm.sys [9/25/2007 3:44 PM 477440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\winnt\SYSTEM32\DRIVERS\aswFsBlk.sys [8/28/2008 2:54 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\winnt\SYSTEM32\DRIVERS\EAPPkt.sys [6/26/2006 5:26 PM 66048]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 2:20 PM 24120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S1 amdtools;AMD Special Tools Driver;c:\winnt\system32\DRIVERS\amdtools.sys --> c:\winnt\system32\DRIVERS\amdtools.sys [?]
S1 RemoveAny;RemoveAny driver;c:\winnt\SYSTEM32\DRIVERS\RemoveAny.sys [4/24/2009 8:11 AM 11264]
S2 BCAITDI;3Com BCAITDI DMI TDI;c:\winnt\system32\DRIVERS\BCAItdi.sys --> c:\winnt\system32\DRIVERS\BCAItdi.sys [?]
S2 gupdate1c9ee16333efad0;Google Update Service (gupdate1c9ee16333efad0);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 8:05 PM 133104]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\SYSTEM32\DRIVERS\ousbehci.sys [2/18/2005 6:51 PM 30208]
S3 CLRSERV;CLRSERV;c:\program files\Keriver Image\CLRSERV.exe [9/25/2007 3:44 PM 81920]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\winnt\system32\Drivers\biomini.sys --> c:\winnt\system32\Drivers\biomini.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\SYSTEM32\DRIVERS\HSFHWCD2.sys [4/19/2005 6:55 PM 153984]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\SYSTEM32\DRIVERS\ousb2hub.sys [2/18/2005 6:51 PM 43648]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\winnt\system32\DRIVERS\wg111v2.sys --> c:\winnt\system32\DRIVERS\wg111v2.sys [?]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\SYSTEM32\DRIVERS\usbhub20.sys [4/27/2004 7:07 PM 49776]
S4 IntelATA;Intel Ultra ATA Controller;c:\winnt\SYSTEM32\DRIVERS\IntelAta.sys [2/15/2002 2:51 PM 79106]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\winnt\system32\rundll32.exe" "c:\winnt\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\winnt\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-28 19:35]

2009-10-12 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-04 13:59]

2009-10-12 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 00:05]

2009-10-12 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 00:05]

2009-10-12 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-10-11 c:\winnt\Tasks\User_Feed_Synchronization-{9E9AEA2B-6643-41EE-B17D-E57E93D1AD02}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe
IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 08:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32*]
"jamphgamilcecdpmlghi"=hex:6b,61,6b,6b,67,68,6d,6d,67,6e,66,6d,6e,69,65,6b,6d,
63,6a,61,6b,67,00,6c
"iampfgccbbgnidljhp"=hex:69,61,66,6b,6d,6a,62,61,62,63,65,6d,6b,6f,70,6e,69,6e,
00,00
"ebmphgamilcecdpmlghiljhpnpehdbdemihhooifhc"=hex:6b,61,6c,6b,63,69,64,65,61,68,
6f,6d,66,6d,69,70,6e,69,65,6e,62,6a,00,00
"mampnhffbnchpmahafkojoijkh"=hex:6d,61,6c,70,63,6c,6e,63,69,65,6d,62,65,6e,70,
67,61,61,62,69,6b,6e,61,65,62,6b,00,00
"mampnhffbnchpmahafkojoedog"=hex:6f,61,6b,6b,6c,64,6f,65,6f,68,64,65,6d,65,62,
66,6c,6b,62,66,6d,68,6f,6c,66,68,68,65,63,69,00,7c
"cbmpiidkcfpanicnpkpklpogepbbohialjdhbe"=hex:67,61,63,70,65,6a,6f,6c,61,69,6c,
66,6c,67,00,00
"bbmpiidkcfpanicnpkpkfdafkbgmdghcnnfd"=hex:66,61,6d,61,6d,6a,6b,67,62,62,6c,64,
00,00
"mampiidkcfpanicnpkpkhalipm"=hex:66,61,6d,6b,64,67,69,6a,6d,65,61,6a,00,00
"fbmpiidkcfpanicnpkpkkpbgbagjonjgjlobhelnpeia"=hex:6a,62,6f,6f,69,6b,62,66,6d,
65,6c,6f,68,65,6a,65,67,6b,6d,70,6f,65,6c,6e,6b,63,6f,6f,62,6f,68,64,67,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll

- - - - - - - > 'lsass.exe'(956)
c:\winnt\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2576)
c:\progra~1\WINDOW~2\wmpband.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\winnt\SYSTEM32\UTSCSI.EXE
c:\dmi\WIN32\bin\Win32sl.exe
c:\program files\Seagate\Sync\SeaSync.exe
c:\winnt\SYSTEM32\mspmspsv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-10-12 8:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 12:16

Pre-Run: 21,087,517,184 bytes free
Post-Run: 20,892,120,064 bytes free

408 --- E O F --- 2009-09-16 12:53

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 12 October 2009 - 11:24 AM

Post fresh dds.txt log too, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 12 October 2009 - 11:49 AM

Post fresh dds.txt log too, please.



Sorry, had to re-download DDR as instructions said to remove after running.

DDS.Txt posted, below.
Attach.txt attached.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

DDS (Ver_09-10-12.01) - NTFSx86
Run by JayDPiii at 12:45:18.98 on Mon 10/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1233 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINNT\system32\UTSCSI.EXE
C:\dmi\win32\bin\Win32sl.exe
C:\Program Files\Seagate\Sync\SeaSync.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Desksware\Desktop iCal\Calendar.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\WINNT\explorer.exe
C:\HySnapDX\hsdx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\jaydpiii\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: rsion - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn11\YTSingleInstance.dll
TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\spoofstick\SpoofStick.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {4D053320-23CF-417F-B498-0DCF8EBF49C3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll
uRun: [RamBooster] c:\winutils\rambooster 2.0\Rambooster.exe
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
uRun: [Calendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [iCalendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [SBAutoUpdate] "c:\program files\spywareblaster\sbautoupdate.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\jaydpiii\startm~1\programs\startup\hypersnap-dx.lnk - c:\hysnapdx\hsdx.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acrobat assistant.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mightyfax controller.lnk - c:\program files\mightyfax\MFNTCTL.EXE
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: MaxRecentDocs = 5 (0x5)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38104.6401388889
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jaydpiii\applic~1\mozilla\firefox\profiles\default.0em\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\vmwarevmrc@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [2002-2-15 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\drivers\mraid2k.sys [2002-2-15 17258]
R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2008-8-28 114768]
R1 cloverm;cloverm;c:\winnt\system32\drivers\cloverm.sys [2007-9-25 477440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2008-8-28 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\winnt\system32\drivers\EAPPkt.sys [2006-6-26 66048]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 agnfilt;AGN Filter Interface;c:\winnt\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S1 amdtools;AMD Special Tools Driver;c:\winnt\system32\drivers\amdtools.sys --> c:\winnt\system32\drivers\amdtools.sys [?]
S1 RemoveAny;RemoveAny driver;c:\winnt\system32\drivers\RemoveAny.sys [2009-4-24 11264]
S2 BCAITDI;3Com BCAITDI DMI TDI;c:\winnt\system32\drivers\bcaitdi.sys --> c:\winnt\system32\drivers\BCAItdi.sys [?]
S2 gupdate1c9ee16333efad0;Google Update Service (gupdate1c9ee16333efad0);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2005-2-18 30208]
S3 avpnnic;AGN Virtual Network Adapter;c:\winnt\system32\drivers\avpnnic.sys [2003-4-4 13952]
S3 CLRSERV;CLRSERV;c:\program files\keriver image\CLRSERV.exe [2007-9-25 81920]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\winnt\system32\drivers\biomini.sys --> c:\winnt\system32\drivers\biomini.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\system32\drivers\HSFHWCD2.sys [2005-4-19 153984]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2005-2-18 43648]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\winnt\system32\drivers\wg111v2.sys --> c:\winnt\system32\drivers\wg111v2.sys [?]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2004-4-27 49776]
S4 IntelATA;Intel Ultra ATA Controller;c:\winnt\system32\drivers\IntelAta.sys [2002-2-15 79106]

=============== Created Last 30 ================

2009-10-12 07:53 236,544 a------- c:\winnt\PEV.exe
2009-10-12 07:53 161,792 a------- c:\winnt\SWREG.exe
2009-10-12 07:53 98,816 a------- c:\winnt\sed.exe
2009-10-05 09:14 7,168 a------- c:\winnt\system32\drivers\StarOpen.sys
2009-10-01 10:22 <DIR> -cd-h--- c:\winnt\ie8
2009-09-29 14:19 2,146,304 ac------ c:\winnt\system32\GPhotos.scr
2009-09-18 12:04 <DIR> --d----- C:\My Music
2009-09-17 18:05 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 08:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-17 08:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-17 08:28 <DIR> --d----- c:\docume~1\jaydpiii\applic~1\SUPERAntiSpyware.com
2009-09-16 12:00 3,764 a------- C:\cc_20090916_120013.reg
2009-09-15 09:12 11,278 a------- C:\cc_20090915_091217.reg
2009-09-15 08:44 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-10-12 08:06 45 a------- c:\winnt\system32\drivers\RemoveAny.log
2009-09-29 20:06 737,280 ac------ c:\winnt\iun6002.exe
2009-09-16 14:49 441,760 a------- c:\winnt\system32\drivers\timntr.sys
2009-09-16 14:49 44,384 a------- c:\winnt\system32\drivers\tifsfilt.sys
2009-09-16 14:49 132,224 a------- c:\winnt\system32\drivers\snapman.sys
2009-09-16 14:49 368,480 a------- c:\winnt\system32\drivers\tdrpman.sys
2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\winnt\system32\drivers\mbam.sys
2009-09-08 09:48 2,616 a------- C:\cc_20090908_094806.reg
2009-08-23 17:00 922,112 -------- c:\winnt\system32\imapi2fs.dll
2009-08-23 17:00 426,496 -------- c:\winnt\system32\imapi2.dll
2009-08-19 03:36 299,008 a------- c:\winnt\system32\TubeFinder.exe
2009-08-08 10:52 2,274 a------- C:\IOBitUpdate03.reg
2009-08-08 10:50 1,822 a------- C:\IOBitUpdate02.reg
2009-08-08 10:50 81,668 a------- C:\IOBitUpdate01.reg
2009-08-08 10:48 178,984,250 a------- C:\pre_remove_IOBitUpdate.reg
2009-08-05 05:01 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\winnt\system32\atl.dll
2008-06-18 09:58 0 ac------ c:\documents and settings\jaydpiii\JayDPiii_notes.dat
2006-07-27 08:09 630,784 -c------ c:\documents and settings\jaydpiii\chatlnk.exe
2005-10-20 17:10 11 -c------ c:\docume~1\jaydpiii\applic~1\Microsoft.Office.Print.dll
2001-06-19 15:05 271 -c-sh--- c:\program files\DESKTOP.INI
2001-06-19 15:05 21,952 -c--h--- c:\program files\FOLDER.HTT
2008-09-27 20:08 32,768 ac-sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 12:45:47.02 ===============

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 12 October 2009 - 01:51 PM

Hi,


Disable WinPatrol's realtime protection.
  • Right-click the running icon of Winpatrol in the system tray
  • Choose exit. It will automatically restart at next boot.

Disable Avast too.

Open notepad and copy/paste the text in the quotebox below into it:

DDS::
BHO: rsion - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {4D053320-23CF-417F-B498-0DCF8EBF49C3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Do you need Adobe Acrobat? It's badly outdated and should be upgraded to more recent version if you still use it.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 12 October 2009 - 03:57 PM

QUOTE, "Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log."

1.) Posting ComboFIX_Txt.log

ComboFix 09-10-11.03 - JayDPiii 10/12/2009 16:32.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1206 [GMT -4:00]
Running from: c:\documents and settings\jaydpiii\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jaydpiii\Desktop\CFScript
AV: avast! antivirus 4.8.1351 [VPS 091012-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-05 13:14 . 2009-09-29 01:57 7168 ----a-w- c:\winnt\system32\drivers\StarOpen.sys
2009-10-01 14:22 . 2009-10-01 14:24 -------- dc-h--w- c:\winnt\ie8
2009-09-29 18:19 . 2009-09-29 18:19 2146304 -c--a-w- c:\winnt\system32\GPhotos.scr
2009-09-18 17:56 . 2009-10-05 12:10 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\vlc
2009-09-18 16:04 . 2009-09-18 16:04 -------- d-----w- C:\My Music
2009-09-17 22:05 . 2009-09-17 22:05 -------- d-----w- c:\program files\Trend Micro
2009-09-17 12:29 . 2009-09-17 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-17 12:28 . 2009-09-18 01:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 12:28 . 2009-09-17 12:28 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\SUPERAntiSpyware.com
2009-09-16 16:00 . 2009-09-16 16:00 3764 ----a-w- C:\cc_20090916_120013.reg
2009-09-15 22:29 . 2009-09-15 22:29 -------- d-----w- C:\ERDNT
2009-09-15 14:59 . 2009-09-15 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-09-15 13:12 . 2009-09-15 13:12 11278 ----a-w- C:\cc_20090915_091217.reg
2009-09-15 12:53 . 2009-09-15 12:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-15 12:44 . 2009-09-15 12:44 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 13:11 . 2009-03-13 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-12 12:12 . 2008-03-05 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-12 12:12 . 2004-09-01 00:13 -------- d-----w- c:\program files\SpywareBlaster
2009-10-12 12:06 . 2009-05-22 11:23 45 ----a-w- c:\winnt\system32\drivers\RemoveAny.log
2009-10-07 11:52 . 2005-01-26 21:22 -------- d-----w- c:\program files\NotesSpad
2009-10-05 13:14 . 2008-09-22 16:14 -------- d-----w- c:\program files\CDBurnerXP
2009-10-01 19:54 . 2009-01-09 22:22 -------- d-----w- c:\program files\TaxACT 2008
2009-10-01 18:42 . 2004-05-25 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 18:30 . 2006-02-22 02:55 -------- d-----w- c:\program files\PCPitstop
2009-10-01 18:22 . 2008-02-20 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-30 11:33 . 2004-11-09 21:06 -------- d-----w- c:\program files\AndreaMosaic
2009-09-30 00:06 . 2004-07-14 23:21 737280 -c--a-w- c:\winnt\iun6002.exe
2009-09-18 16:40 . 2004-10-29 15:03 -------- d-----w- c:\program files\CDBurnerXP Pro 3
2009-09-16 18:49 . 2007-08-24 21:02 44384 ----a-w- c:\winnt\system32\drivers\tifsfilt.sys
2009-09-16 18:49 . 2007-08-24 21:02 441760 ----a-w- c:\winnt\system32\drivers\timntr.sys
2009-09-16 18:49 . 2007-08-24 21:02 132224 ----a-w- c:\winnt\system32\drivers\snapman.sys
2009-09-16 18:49 . 2008-03-26 14:21 368480 ----a-w- c:\winnt\system32\drivers\tdrpman.sys
2009-09-16 17:53 . 2009-08-26 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-16 14:09 . 2008-04-05 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 23:12 . 2008-02-13 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 23:04 . 2006-03-01 21:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-15 12:53 . 2006-07-27 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-15 12:44 . 2004-10-11 19:22 -------- d-----w- c:\program files\RealPlayer
2009-09-15 12:44 . 2004-10-11 19:22 -------- d-----w- c:\program files\Common Files\Real
2009-09-15 12:32 . 2009-07-28 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:54 . 2009-07-28 12:29 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-07-28 12:29 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-09-08 18:59 . 2007-02-02 13:38 -------- d-----w- c:\program files\Duplicate File Finder
2009-09-08 17:07 . 2007-06-08 11:12 -------- d-----w- c:\program files\Registry Clean Expert
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemExplorer
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\program files\System Explorer
2009-09-08 15:02 . 2008-03-06 12:56 -------- d-----w- c:\program files\Support Tools
2009-09-08 13:56 . 2006-10-12 20:09 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\Mp3tag
2009-09-08 13:56 . 2006-10-12 20:06 -------- d-----w- c:\program files\Mp3tag
2009-09-08 13:49 . 2009-08-21 12:00 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2009-09-08 13:48 . 2009-09-08 13:48 2616 ----a-w- C:\cc_20090908_094806.reg
2009-09-08 13:38 . 2008-08-11 12:51 -------- d-----w- c:\program files\Glary Registry Repair
2009-09-08 13:38 . 2008-08-11 13:10 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\GlarySoft
2009-09-08 13:36 . 2009-09-08 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-09-08 13:34 . 2007-09-24 18:26 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\.purple
2009-09-08 13:33 . 2007-09-24 18:17 -------- d-----w- c:\program files\Pidgin
2009-09-08 13:29 . 2006-09-28 13:39 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\Free Download Manager
2009-09-08 13:23 . 2006-09-28 13:39 -------- d-----w- c:\program files\Free Download Manager
2009-09-08 12:15 . 2006-06-14 19:47 -------- d-----w- c:\program files\Travelaxe
2009-09-08 12:11 . 2008-06-04 11:09 -------- d-----w- c:\program files\EULAlyzer
2009-08-27 16:39 . 2009-03-13 19:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-27 12:16 . 2004-05-08 02:38 67432 -c--a-w- c:\documents and settings\jaydpiii\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:05 . 2009-08-26 19:56 -------- d-----w- c:\program files\Microsoft Works
2009-08-27 11:21 . 2007-02-23 20:30 -------- d-----w- c:\program files\MSECache
2009-08-26 19:54 . 2009-08-26 19:54 -------- d-----w- c:\program files\Microsoft.NET
2009-08-24 20:15 . 2009-08-05 12:50 -------- d-----w- c:\program files\AskBarDis
2009-08-24 19:29 . 2008-07-01 12:23 -------- d-----w- c:\program files\Revo Uninstaller
2009-08-24 19:14 . 2009-08-24 19:14 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\SuperEasy
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\winnt\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\winnt\system32\imapi2.dll
2009-08-21 17:48 . 2009-04-13 18:03 -------- d-----w- c:\program files\TweetDeck
2009-08-21 12:00 . 2009-08-21 12:00 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\TweakNow PowerPack 2009
2009-08-20 19:26 . 2009-08-20 19:26 -------- d-----w- c:\program files\MSBuild
2009-08-20 19:26 . 2009-08-20 19:26 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 12:48 . 2008-11-23 20:49 -------- d-----w- c:\program files\Free FLV Converter
2009-08-19 07:36 . 2008-11-23 20:49 299008 ----a-w- c:\winnt\system32\TubeFinder.exe
2009-08-17 16:10 . 2008-08-28 16:45 1279456 ----a-w- c:\winnt\system32\aswBoot.exe
2009-08-17 16:06 . 2008-08-28 18:54 93392 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-08-28 18:54 94160 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-08-28 18:54 114768 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-28 18:54 20560 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-08-28 18:54 51376 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-08-28 18:54 23152 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-08-28 18:54 26944 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-08-28 18:54 97480 ----a-w- c:\winnt\system32\AvastSS.scr
2009-08-14 16:32 . 2004-04-28 12:11 -------- d-----w- c:\documents and settings\jaydpiii\Application Data\AdobeUM
2009-08-14 12:54 . 2008-03-13 14:18 -------- d-----w- c:\program files\Auslogics
2009-08-08 14:52 . 2009-08-08 14:52 2274 ----a-w- C:\IOBitUpdate03.reg
2009-08-08 14:50 . 2009-08-08 14:50 1822 ----a-w- C:\IOBitUpdate02.reg
2009-08-08 14:50 . 2009-08-08 14:50 81668 ----a-w- C:\IOBitUpdate01.reg
2009-08-08 14:48 . 2009-08-08 14:47 178984250 ----a-w- C:\pre_remove_IOBitUpdate.reg
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\winnt\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\winnt\system32\atl.dll
2001-06-19 19:05 . 2001-06-19 19:05 21952 -c-h--w- c:\program files\FOLDER.HTT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\winutils\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]
"Calendar"="c:\program files\Desksware\Desktop iCal\Calendar.exe" [2008-03-15 2774528]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"iCalendar"="c:\program files\Desksware\Desktop iCal\Calendar.exe" [2008-03-15 2774528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-18 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-08-17 81000]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-14 57344]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-09 320832]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"SBAutoUpdate"="c:\program files\SpywareBlaster\sbautoupdate.exe" [2009-04-09 923176]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-15 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\jaydpiii\Start Menu\Programs\Startup\
HyperSnap-DX.lnk - c:\hysnapdx\hsdx.exe [2004-4-27 581632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MightyFAX Controller.lnk - c:\program files\MightyFax\MFNTCTL.EXE [2005-3-25 491520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"MaxRecentDocs"= 5 (0x5)
"NoFavoritesMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 14:51 24638 ------w- c:\winnt\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=sxgb.dll
"mixer1"=sxgb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\winnt\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=c:\winnt\pss\eFax 4.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\winnt\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\winnt\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
backup=c:\winnt\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\BIRT\\eclipse\\eclipse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\RealPlayer\\realplay.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINNT\\SYSTEM32\\dpvsetup.exe"=
"c:\\WINNT\\SYSTEM32\\dxdiag.exe"=
"c:\\WINNT\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data

R0 fasttrak;fasttrak;c:\winnt\SYSTEM32\DRIVERS\Fasttrak.sys [2/15/2002 2:37 PM 64418]
R0 mraid2k;mraid2k;c:\winnt\SYSTEM32\DRIVERS\mraid2k.sys [2/15/2002 2:37 PM 17258]
R1 aswSP;avast! Self Protection;c:\winnt\SYSTEM32\DRIVERS\aswSP.sys [8/28/2008 2:54 PM 114768]
R1 cloverm;cloverm;c:\winnt\SYSTEM32\DRIVERS\cloverm.sys [9/25/2007 3:44 PM 477440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\winnt\SYSTEM32\DRIVERS\aswFsBlk.sys [8/28/2008 2:54 PM 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\winnt\SYSTEM32\DRIVERS\EAPPkt.sys [6/26/2006 5:26 PM 66048]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [1/18/2007 2:20 PM 24120]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S1 amdtools;AMD Special Tools Driver;c:\winnt\system32\DRIVERS\amdtools.sys --> c:\winnt\system32\DRIVERS\amdtools.sys [?]
S1 RemoveAny;RemoveAny driver;c:\winnt\SYSTEM32\DRIVERS\RemoveAny.sys [4/24/2009 8:11 AM 11264]
S2 BCAITDI;3Com BCAITDI DMI TDI;c:\winnt\system32\DRIVERS\BCAItdi.sys --> c:\winnt\system32\DRIVERS\BCAItdi.sys [?]
S2 gupdate1c9ee16333efad0;Google Update Service (gupdate1c9ee16333efad0);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 8:05 PM 133104]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\SYSTEM32\DRIVERS\ousbehci.sys [2/18/2005 6:51 PM 30208]
S3 CLRSERV;CLRSERV;c:\program files\Keriver Image\CLRSERV.exe [9/25/2007 3:44 PM 81920]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\winnt\system32\Drivers\biomini.sys --> c:\winnt\system32\Drivers\biomini.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\SYSTEM32\DRIVERS\HSFHWCD2.sys [4/19/2005 6:55 PM 153984]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\SYSTEM32\DRIVERS\ousb2hub.sys [2/18/2005 6:51 PM 43648]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\winnt\system32\DRIVERS\wg111v2.sys --> c:\winnt\system32\DRIVERS\wg111v2.sys [?]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\SYSTEM32\DRIVERS\usbhub20.sys [4/27/2004 7:07 PM 49776]
S4 IntelATA;Intel Ultra ATA Controller;c:\winnt\SYSTEM32\DRIVERS\IntelAta.sys [2/15/2002 2:51 PM 79106]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\winnt\system32\rundll32.exe" "c:\winnt\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\winnt\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-28 19:35]

2009-10-12 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-04 13:59]

2009-10-12 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 00:05]

2009-10-12 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 00:05]

2009-10-12 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-10-12 c:\winnt\Tasks\User_Feed_Synchronization-{9E9AEA2B-6643-41EE-B17D-E57E93D1AD02}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe
IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\jaydpiii\Application Data\Mozilla\Firefox\Profiles\default.0em\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C62C6BC4-4C96-DAD3-E813-DC644B07F4F0}\InProcServer32*]
"jamphgamilcecdpmlghi"=hex:6b,61,6b,6b,67,68,6d,6d,67,6e,66,6d,6e,69,65,6b,6d,
63,6a,61,6b,67,00,6c
"iampfgccbbgnidljhp"=hex:69,61,66,6b,6d,6a,62,61,62,63,65,6d,6b,6f,70,6e,69,6e,
00,00
"ebmphgamilcecdpmlghiljhpnpehdbdemihhooifhc"=hex:6b,61,6c,6b,63,69,64,65,61,68,
6f,6d,66,6d,69,70,6e,69,65,6e,62,6a,00,00
"mampnhffbnchpmahafkojoijkh"=hex:6d,61,6c,70,63,6c,6e,63,69,65,6d,62,65,6e,70,
67,61,61,62,69,6b,6e,61,65,62,6b,00,00
"mampnhffbnchpmahafkojoedog"=hex:6f,61,6b,6b,6c,64,6f,65,6f,68,64,65,6d,65,62,
66,6c,6b,62,66,6d,68,6f,6c,66,68,68,65,63,69,00,7c
"cbmpiidkcfpanicnpkpklpogepbbohialjdhbe"=hex:67,61,63,70,65,6a,6f,6c,61,69,6c,
66,6c,67,00,00
"bbmpiidkcfpanicnpkpkfdafkbgmdghcnnfd"=hex:66,61,6d,61,6d,6a,6b,67,62,62,6c,64,
00,00
"mampiidkcfpanicnpkpkhalipm"=hex:66,61,6d,6b,64,67,69,6a,6d,65,61,6a,00,00
"fbmpiidkcfpanicnpkpkkpbgbagjonjgjlobhelnpeia"=hex:6a,62,6f,6f,69,6b,62,66,6d,
65,6c,6f,68,65,6a,65,67,6b,6d,70,6f,65,6c,6e,6b,63,6f,6f,62,6f,68,64,67,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll

- - - - - - - > 'lsass.exe'(956)
c:\winnt\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4028)
c:\progra~1\WINDOW~2\wmpband.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\IEFRAME.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll
.
Completion time: 2009-10-12 16:41
ComboFix-quarantined-files.txt 2009-10-12 20:41
ComboFix2.txt 2009-10-12 12:16

Pre-Run: 20,900,118,528 bytes free
Post-Run: 20,869,830,656 bytes free

364 --- E O F --- 2009-09-16 12:53


2.) Removing Adobe Acrobat.

3.) Working on remaining steps- will post additional reply when completed.

#12 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 13 October 2009 - 06:32 AM

Hi,
Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.


* Go here to run an online scanner from ESET.

  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a fresh dds.txt log and above mentioned ComboFix resultant log.


COMBOFIX LOG posted in previous reply.
Adobe Acrobat removed.
FLASH Player was up-to-date in FireFox and IE.
Old JAVA removed, new JAVA installed.
ATF was already installed, and used reqularly, ran again per instructions,here.

ESET log below:

---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=93f218e7204fdd43bf98f6d92cc6a466
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-13 05:20:29
# local_time=2009-10-13 01:20:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 245822968750
# compatibility_mode=3073 62 60 8 766151425625000
# compatibility_mode=5889 61 66 100 928148739062500
# scanned=178146
# found=10
# cleaned=0
# scan_time=8058
C:\Documents and Settings\jaydpiii\Application Data\Microsoft\Templates\Copy of INFOMAP.DOT probably a variant of WM/Muck.BQ virus 00000000000000000000000000000000 I
C:\Documents and Settings\jaydpiii\My Documents\My DownLoads\apps\Setup_FreeFlvConverter.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\jaydpiii\My Documents\My DownLoads\My_DL_Apps\2bConsidered\PhotoCutterSetup.exe Win32/Adware.RK.AB application 00000000000000000000000000000000 I
C:\Documents and Settings\jaydpiii\My Documents\Work_Offc Archive\Templates\Copy of INFOMAP.DOT probably a variant of WM/Muck.BQ virus 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\C\My Documents\My DownLoads\apps\Setup_FreeFlvConverter.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\C\My Documents\My DownLoads\My_DL_Apps\2bConsidered\PhotoCutterSetup.exe Win32/Adware.RK.AB application 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\C\My Documents\Work_Offc Archive\Templates\Copy of INFOMAP.DOT probably a variant of WM/Muck.BQ virus 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\My Documents\My DownLoads\apps\Setup_FreeFlvConverter.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\My Documents\My DownLoads\My_DL_Apps\2bConsidered\PhotoCutterSetup.exe Win32/Adware.RK.AB application 00000000000000000000000000000000 I
I:\FreeAgent Sync\CLASS007\My Documents\Work_Offc Archive\Templates\Copy of INFOMAP.DOT probably a variant of WM/Muck.BQ virus 00000000000000000000000000000000 I
---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------

DDS.txt


DDS (Ver_09-10-12.01) - NTFSx86
Run by JayDPiii at 7:27:29.59 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1184 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 091012-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Seagate\Sync\SeaSync.exe
C:\WINNT\system32\UTSCSI.EXE
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WinUtils\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Desksware\Desktop iCal\Calendar.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\MightyFax\MFNTCTL.EXE
C:\HySnapDX\hsdx.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\SYSTEM32\notepad.exe
C:\Documents and Settings\jaydpiii\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: rsion - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yapta BHO: {2020dfef-8c87-4229-aa41-549d82210355} - c:\program files\yapta\YaptaOverlay.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn11\YTSingleInstance.dll
TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\spoofstick\SpoofStick.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn11\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {4D053320-23CF-417F-B498-0DCF8EBF49C3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yapta: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - c:\program files\yapta\YaptaSidebar.dll
uRun: [RamBooster] c:\winutils\rambooster 2.0\Rambooster.exe
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
uRun: [Calendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [iCalendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [SBAutoUpdate] "c:\program files\spywareblaster\sbautoupdate.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\jaydpiii\startm~1\programs\startup\hypersnap-dx.lnk - c:\hysnapdx\hsdx.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mightyfax controller.lnk - c:\program files\mightyfax\MFNTCTL.EXE
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: MaxRecentDocs = 5 (0x5)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open Link Target in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewlink.html
IE: View This Page in Firefox - file://c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{5d558c43-550f-4b12-84ab-0d8abda9f975}\firefoxviewpage.html
IE: {0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\yapta\YaptaSettings.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - {c3c07ad6-ace9-43ee-a2af-45bc13f6275f}\inprocserver32 does not exist!
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38104.6401388889
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jaydpiii\applic~1\mozilla\firefox\profiles\default.0em\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\jaydpiii\application data\mozilla\firefox\profiles\default.0em\extensions\vmwarevmrc@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 fasttrak;fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [2002-2-15 64418]
R0 mraid2k;mraid2k;c:\winnt\system32\drivers\mraid2k.sys [2002-2-15 17258]
R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2008-8-28 114768]
R1 cloverm;cloverm;c:\winnt\system32\drivers\cloverm.sys [2007-9-25 477440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [2008-8-28 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\winnt\system32\drivers\EAPPkt.sys [2006-6-26 66048]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 agnfilt;AGN Filter Interface;c:\winnt\system32\drivers\agnfilt.sys [2006-5-19 180864]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]
S1 amdtools;AMD Special Tools Driver;c:\winnt\system32\drivers\amdtools.sys --> c:\winnt\system32\drivers\amdtools.sys [?]
S1 RemoveAny;RemoveAny driver;c:\winnt\system32\drivers\RemoveAny.sys [2009-4-24 11264]
S2 BCAITDI;3Com BCAITDI DMI TDI;c:\winnt\system32\drivers\bcaitdi.sys --> c:\winnt\system32\drivers\BCAItdi.sys [?]
S2 gupdate1c9ee16333efad0;Google Update Service (gupdate1c9ee16333efad0);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2005-2-18 30208]
S3 avpnnic;AGN Virtual Network Adapter;c:\winnt\system32\drivers\avpnnic.sys [2003-4-4 13952]
S3 CLRSERV;CLRSERV;c:\program files\keriver image\CLRSERV.exe [2007-9-25 81920]
S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;c:\winnt\system32\drivers\biomini.sys --> c:\winnt\system32\drivers\biomini.sys [?]
S3 HSFHWCD2;HSFHWCD2;c:\winnt\system32\drivers\HSFHWCD2.sys [2005-4-19 153984]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2005-2-18 43648]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\winnt\system32\drivers\wg111v2.sys --> c:\winnt\system32\drivers\wg111v2.sys [?]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2004-4-27 49776]
S4 IntelATA;Intel Ultra ATA Controller;c:\winnt\system32\drivers\IntelAta.sys [2002-2-15 79106]

=============== Created Last 30 ================


==================== Find3M ====================

2009-10-12 18:50 411,368 ac------ c:\winnt\system32\deploytk.dll
2009-10-12 18:18 45 a------- c:\winnt\system32\drivers\RemoveAny.log
2009-09-29 20:06 737,280 ac------ c:\winnt\iun6002.exe
2009-09-16 14:49 441,760 a------- c:\winnt\system32\drivers\timntr.sys
2009-09-16 14:49 44,384 a------- c:\winnt\system32\drivers\tifsfilt.sys
2009-09-16 14:49 132,224 a------- c:\winnt\system32\drivers\snapman.sys
2009-09-16 14:49 368,480 a------- c:\winnt\system32\drivers\tdrpman.sys
2009-09-10 14:54 38,224 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\winnt\system32\drivers\mbam.sys
2009-09-08 09:48 2,616 a------- C:\cc_20090908_094806.reg
2009-08-23 17:00 922,112 -------- c:\winnt\system32\imapi2fs.dll
2009-08-23 17:00 426,496 -------- c:\winnt\system32\imapi2.dll
2009-08-19 03:36 299,008 a------- c:\winnt\system32\TubeFinder.exe
2009-08-08 10:52 2,274 a------- C:\IOBitUpdate03.reg
2009-08-08 10:50 1,822 a------- C:\IOBitUpdate02.reg
2009-08-08 10:50 81,668 a------- C:\IOBitUpdate01.reg
2009-08-08 10:48 178,984,250 a------- C:\pre_remove_IOBitUpdate.reg
2009-08-05 05:01 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\winnt\system32\atl.dll
2008-06-18 09:58 0 ac------ c:\documents and settings\jaydpiii\JayDPiii_notes.dat
2006-07-27 08:09 630,784 -c------ c:\documents and settings\jaydpiii\chatlnk.exe
2005-10-20 17:10 11 -c------ c:\docume~1\jaydpiii\applic~1\Microsoft.Office.Print.dll
2001-06-19 15:05 271 -c-sh--- c:\program files\DESKTOP.INI
2001-06-19 15:05 21,952 -c--h--- c:\program files\FOLDER.HTT
2008-09-27 20:08 32,768 ac-sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 7:28:17.25 ===============
---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-12.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/29/2006 12:30:28 PM
System Uptime: 10/12/2009 6:18:10 PM (13 hours ago)

Motherboard: MSI | | MS-7191
Processor: AMD Athlon™ 64 Processor 3000+ | CPU 1 | 1794/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 19.681 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 75 GiB total, 18.768 GiB free.
G: is FIXED (NTFS) - 77 GiB total, 23.216 GiB free.
I: is FIXED (NTFS) - 149 GiB total, 50.448 GiB free.
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1864: 10/12/2009 5:40:08 PM - Removed Adobe Acrobat and Reader 6.0.3 Update
RP1865: 10/12/2009 5:40:35 PM - Removed Adobe Acrobat and Reader 6.0.6 Update
RP1866: 10/12/2009 5:41:08 PM - Removed Adobe Acrobat and Reader 6.0.5 Update
RP1867: 10/12/2009 5:41:59 PM - Removed Adobe Acrobat and Reader 6.0.4 Update
RP1868: 10/12/2009 5:43:37 PM - Removed Adobe Acrobat and Reader 6.0.3 Update
RP1869: 10/12/2009 6:02:35 PM - Installed Java™ 6 Update 16
RP1870: 10/12/2009 6:07:04 PM - Removed Java™ 6 Update 7
RP1871: 10/12/2009 6:08:17 PM - Removed Java™ 6 Update 5
RP1872: 10/12/2009 6:12:05 PM - Removed Java™ 6 Update 13
RP1873: 10/12/2009 6:15:54 PM - Removed Java 2 Runtime Environment, SE v1.4.2_06
RP1874: 10/12/2009 6:38:32 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1875: 10/12/2009 6:39:49 PM - Removed J2SE Runtime Environment 5.0 Update 5
RP1876: 10/12/2009 6:43:57 PM - Installed Java™ 6 Update 16
RP1877: 10/12/2009 6:46:30 PM - Installed Java™ 6 Update 16
RP1878: 10/12/2009 6:50:34 PM - Installed Java™ 6 Update 16

==== Installed Programs ======================


µTorrent
123 Password Recovery
1300
1300_Help
1300Tour
1300Trb
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65
Acrobat.com
Acronis True Image Home
Active Disk
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe FrameMaker 8
Adobe FrameMaker 8 p273 Patcher
Adobe FrameMaker 8 p276 Patcher
Adobe FrameMaker 8 p277 Patcher
Adobe FrameMaker v7.0
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Advanced System Optimizer 2.10
Advanced SystemCare 3
AiO_Scan
AiOSoftware
Alt-Tab Task Switcher Powertoy for Windows XP
AM-DeadLink
AMD CPUInfo
AnalogX DLLArchive
AndreaMosaic 3.15
AndreaMosaic 3.32.3
Apple Software Update
AptiStock 1.12
Ashampoo Movie Shrink & Burn 3 3.03
Ashampoo Music Studio 3.50
Ashampoo Photo Optimizer 3.03
Ashampoo StartUp Tuner 2.00
Ask Toolbar
Aspell English Dictionary-0.50-2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AtomTime98 v2.2
Auslogics Disk Defrag
Auslogics Duplicate File Finder
avast! Antivirus
AVS Disc Creator version 2.1
Belarc Advisor 7.2
BiblePro
BitTorrent
BufferChm
CA Yahoo! Anti-Spy (remove only)
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera WIA Driver 6.2.5
Canon G.726 WMP-Decoder
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CDBurnerXP
CDBurnerXP Pro 3
cdrLabel 7.1
Centra Client
CentraOne
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
CNET TechTracker
Color@Home
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
Creative Jukebox Driver
Creative Removable Disk Manager
Creative Software Update
Creative System Information
Creative ZEN V Series
Creative ZEN X-Fi User's Guide
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CutePDF Writer 2.1
dBpowerAMP Monkeys Audio Codec
dBpoweramp Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP WMA V9 Codec
Dell OpenManage Client Instrumentation
Desktop iCalendar Lite 1.1.0
Destinations
Digimax Viewer 1.0
Digital Line Detect
DING!
Director
dMC Accurate Rip Database
dMC AccurateRip
DocProc
DocumentViewer
DOSShell 1.4
Double-Deck Pinochle 3.6
Duplicate File Finder
Duplicate File Finder 1.1.0.3
DVD Suite
DzSoft Slide Show 1.2
e-Sword
eFax Messenger 4.1
End It All
ERUNT 1.1j
ESET Online Scanner v3
Euchre From Special K
EULAlyzer 2.0
Exact Audio Copy 0.99pb1
Fast Duplicate File Finder 1.1.0.0
Fax
FL 2001 Registration
foobar2000 v0.9.4
Free and Easy Biorhythm Calculator version 2.80
Free Download Manager 3.0
Free FLV Converter V 6.6.4
Free Icon Studio
Free Registry Defrag
FreeAgent Go Tools
FUJIFILM USB Driver
Garmin City Navigator North America v8
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
GdiplusUpgrade
getPlus®_dll
GIMP 2.4.7
Glary Registry Repair 3.2.0.828
GNU Aspell 0.50-3
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
Hayes V.92 USB Voice Faxmodem
HDValet
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Print Diagnostic Utility
HP PSC & OfficeJet 4.2
HP Software Update
hpmdtab
HPODiscovery
HPSystemDiagnostics
Hugin 0.7.0 (SVN 3465)
HyperSnap-DX
Icon Collector Version 1.3
ieSpell 2.2.0 (build 647)
Image Resizer Powertoy for Windows XP
ImageForge version 3.41
ImgBurn
IMS Web Dwarf V2
InfraRecorder
InstantShare
InstaVerse
Intel Ultra ATA Storage Driver
Intellisync® for Yahoo!
Internet Explorer Q903235
Iomega Automatic Backup
IrfanView (remove only)
ISO Recorder
Java™ 6 Update 16
Keriver Image 2.0
KODAK EASYSHARE Gallery Upload ActiveX Control
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark Printer Software Uninstall
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe System Software 1.10.27.1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Sports Pack 1
LightScribe Template Designs - Wedding Pack 1
LightScribe Template Labeler
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech MouseWare 9.79.1
Macromedia Authorware 7.01
Macromedia Dreamweaver 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft System Configuration Utility 5.1.2600.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser and SDK
MightyFax
MigoSync
Modem Helper
Modem User Guide
Monkey's Audio
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.3)
MP3 Indexer 1.3.0.8
Mp3tag v2.44
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NET Bible First Edition 1.0
NET Bible for e-Sword
NetWaiting
NTREGOPT 1.1j
overland
PacBoy
Paint Shop Pro 6.01 CD
Paint Shop Pro 6.02 Patch
Paint.NET v3.36
Password Corral v4.0
PhotoGallery
Picasa 3
Pidgin
PowerDVD
PowerProducer
Presto! PageManager 7.15.16
PrimoPDF
PrintMaster 16
PrintScreen
ProductContext
QFolder
Quicken Family Lawyer 2001
QuickProjects
QuickTime
RamBooster
RAW Image Task 1.1
Readme
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
SafeGuard
save2pc Light 3.49
Scan
ScanSoft OmniPage SE 4
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Simple Sudoku 4.1
SkinsHP1
Skype™ 4.0
Spades
Spelling Dictionaries Support For Adobe Reader 8
SpoofStick for Internet Explorer 1.01
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Symantec pcAnywhere
SyncToy
System Explorer 1.5
TaxACT 2008
TaxACT 2008 Massachusetts
The Font Thing
Time Zone Data Update Tool for Microsoft Office Outlook
TomTom HOME
Travelaxe
TrayApp
TreeSize Free V1.77
TurboTax Deluxe 2007
Tweak UI
TweakNow PowerPack 2009
TweakNow WinSecret Professional
TweetDeck
UltraEdit-32 Uninstall
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
User's Guides
VC_MergeModuleToMSI
VDMSound 2.0.4
VLC media player 1.0.1
Wal-Mart Music Downloads Store
WebFldrs XP
WebIQ Client Software
WebReg
WinDates
Windows 2000 Application Compatibility Update
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Safety scanner
Windows Live Sync
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows Support Tools
Windows XP Service Pack 3
WinImage
WinPatrol 2009
WinZip
Xvid 1.2.1 final uninstall
Yahoo! Mail Advisor
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yapta
YouTube Downloader 2.5.1
Zen Micro Media Explorer

==== Event Viewer Messages From Past Week ========

10/12/2009 8:07:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RemoveAny
10/12/2009 8:07:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/12/2009 8:07:39 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/12/2009 8:07:39 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The VMware Virtual Ethernet Adapter Driver service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The NEC PCI to USB Enhanced Host Controller service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The Microsoft TV/Video Connection service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The Linksys Wireless-B USB Network Adapter v2.8 Driver service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The AGN Virtual Network Adapter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The 3Com BCAITDI DMI TDI service failed to start due to the following error: The system cannot find the file specified.
10/12/2009 8:07:39 AM, error: Service Control Manager [7000] - The 3Com 3C90X-BC Family PCI EtherLink Adapter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2009 8:04:47 AM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
10/12/2009 7:54:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/12/2009 7:54:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
10/12/2009 7:54:37 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 7:54:34 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/12/2009 4:32:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect.
10/12/2009 4:32:17 PM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------

P.S.> Display of main Bleeping Computer Forum page was normal; however,this Post is not in HTML, it's in text > therefore, I could not attach the Attach.txt file.

#13 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 13 October 2009 - 12:06 PM

Hi,

Are you familiar with ESET findings? If not, delete them.

Did you run ComboFix with script with WinPatrol disabled first? If not, please disable it as instructed in my previous post and run ComboFix with the script again. If WinPatrol (and Avast) was disabled then re-run the script in safe mode.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#14 JayDPiii

JayDPiii
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashua, NH
  • Local time:04:54 AM

Posted 13 October 2009 - 12:17 PM

Hi,

Are you familiar with ESET findings? If not, delete them.

Did you run ComboFix with script with WinPatrol disabled first? If not, please disable it as instructed in my previous post and run ComboFix with the script again. If WinPatrol (and Avast) was disabled then re-run the script in safe mode.


1.) Are you familiar with ESET findings? If not, delete them.
What do you mean?
I am not failiar with ESET, do you mean delete the results/log text, the findings?

2.) I thought I ran ComboFIX with Avast and WinPatrol OFF.
with CFScript. Will run again.
Do I also need to rerun DDR to get new DDS and Attach scripts?
If so, is DDR run with WinPatrol and Avast off, as well?

#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:54 AM

Posted 13 October 2009 - 12:53 PM

Hi,

1) Just delete those ESET findings you are not familiar with like you normally would: navigate to their locations and delete the files :(
2) No need to run DDS again at this point.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users