Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinProfile sndcfg16.exe- is it bad?


  • This topic is locked This topic is locked
19 replies to this topic

#1 simunic

simunic

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 November 2009 - 07:25 PM

Hi. I believe my computer's infected. It seems fine, but at times it slows down massively, and the web browser takes ages to load. Malwarebytes detects and deletes the file but it's there again after a reboot. Also, the Zone Alarm firewall's warning is constantly popping up, warning about someone/something trying to connect to the computer. Appreciate any help. Thanks.


================================================================================


DDS (Ver_09-10-26.01) - NTFSx86
Run by leon at 18:51:55.94 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.303 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Guest.JENNY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hometab.bellsouth.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F4D76F01-7896-458a-890F-E1F05C46069F} - No File
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunServices: [WinProfile] sndcfg16.exe
StartupFolder: c:\docume~1\jenny\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - file://j:\mathplayer\deltacvx.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leon\applic~1\mozilla\firefox\profiles\kelpioy2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\documents and settings\leon\application data\mozilla\firefox\profiles\kelpioy2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-1 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-1 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-13 115312]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-9-30 116736]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2009-1-28 238848]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-9-15 32768]

=============== Created Last 30 ================

2009-11-13 22:24:40 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-13 22:21:36 0 d-----w- c:\windows\ERUNT
2009-11-13 22:20:07 0 d-----w- C:\SDFix
2009-11-13 22:09:29 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-13 22:09:29 0 d-----w- c:\windows\system32\ZoneLabs
2009-11-13 22:09:29 0 d-----w- c:\program files\Zone Labs
2009-11-13 22:09:27 350192 ----a-w- c:\windows\system32\vsconfig.xml
2009-11-13 21:30:45 2782 ----a-w- c:\windows\system32\tmp.reg
2009-11-13 21:11:27 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-11-13 21:11:27 0 d-----w- c:\program files\KeyScrambler
2009-11-12 23:29:33 0 d-s---w- C:\ComboFix
2009-11-12 22:54:17 0 d-----w- C:\cmdcons
2009-11-12 22:11:19 0 d-----w- C:\!KillBox
2009-11-12 20:42:53 0 d-----w- c:\program files\hpHosts
2009-11-12 20:35:43 98816 ----a-w- c:\windows\sed.exe
2009-11-12 20:35:43 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 20:35:43 260608 ----a-w- c:\windows\PEV.exe
2009-11-12 20:35:43 161792 ----a-w- c:\windows\SWREG.exe
2009-11-11 18:22:57 0 d-----w- c:\docume~1\leon\applic~1\4Media Software Studio
2009-11-11 18:22:13 0 d-----w- c:\program files\4Media
2009-11-09 18:35:50 0 d-----w- c:\docume~1\leon\applic~1\FMZilla
2009-11-09 18:22:02 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-09 18:22:01 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-09 18:21:15 0 d-----w- c:\windows\Replay Director
2009-11-09 18:20:46 0 d-----w- c:\windows\Replay Media Catcher
2009-11-09 18:20:46 0 d-----w- c:\program files\Replay Media Catcher
2009-11-09 18:16:17 0 d-sh--w- c:\documents and settings\leon\IETldCache
2009-11-08 18:03:09 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-08 18:02:31 0 d-----w- c:\windows\ie8updates
2009-11-08 18:00:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 18:00:29 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 17:57:42 0 dc-h--w- c:\windows\ie8
2009-11-07 16:04:23 0 d-----w- c:\program files\DVDVideoSoft
2009-11-07 16:04:23 0 d-----w- c:\program files\common files\DVDVideoSoft
2009-11-05 19:13:42 0 d-----w- C:\772b7db62d3438b4f2f7841471a45cdd
2009-11-02 18:19:41 0 d-----w- c:\program files\iColorFolder
2009-11-02 18:16:42 0 d-----w- c:\program files\IconTweaker
2009-11-02 18:16:42 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker
2009-11-02 18:13:05 0 d-----w- c:\program files\HD Tune
2009-11-01 22:15:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 22:14:53 0 d-----w- c:\docume~1\leon\applic~1\Malwarebytes
2009-11-01 22:14:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:14:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:14:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:14:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 22:13:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 16:07:37 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-01 05:14:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-01 05:14:00 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-01 05:13:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-01 05:13:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-01 05:13:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-01 05:13:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-01 05:13:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-01 05:13:59 0 d-----w- C:\a194ba65130f2bb1b043
2009-10-30 17:47:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-29 22:14:40 473600 ----a-w- c:\windows\system32\Harmony.dll
2009-10-29 22:14:40 237568 ----a-w- c:\windows\system32\Unlha32.dll
2009-10-29 22:08:00 87040 ----a-w- c:\windows\UnGins.exe
2009-10-29 22:07:50 0 d-----w- c:\program files\ASCII
2009-10-29 15:16:50 0 d-----w- c:\docume~1\leon\applic~1\Greyfirst
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys2.bmp
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys1.bmp
2009-10-29 00:23:10 720896 ----a-w- c:\windows\iun6002.exe
2009-10-28 23:26:58 0 d-----w- c:\program files\Enterbrain
2009-10-28 23:23:25 0 d-----w- c:\program files\Toolkit3
2009-10-26 00:19:18 4096 ----a-w- c:\windows\d3dx.dat
2009-10-25 17:23:00 0 d-----w- c:\program files\ReflexiveArcade
2009-10-25 17:22:40 0 d-----w- c:\program files\DOSBox-0.72
2009-10-24 17:45:38 0 d-----w- c:\windows\system32\NtmsData
2009-10-21 09:25:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2009-10-21 03:53:47 0 d-----w- c:\program files\Belkin
2009-10-19 18:55:36 0 d-----w- c:\program files\iSofter
2009-10-19 18:55:36 0 d-----w- c:\program files\Antares
2009-10-18 15:18:22 0 d-----w- c:\windows\system32\XPSViewer
2009-10-17 23:16:38 0 d-----w- c:\windows\system32\KB905474
2009-10-17 20:43:40 0 d-----w- c:\program files\AviSynth 2.5
2009-10-17 20:43:10 0 d-----w- c:\program files\eRightSoft
2009-10-17 20:40:50 0 d-----w- c:\docume~1\leon\applic~1\IDM
2009-10-17 20:40:50 0 d-----w- c:\docume~1\leon\applic~1\DMCache
2009-10-17 20:40:38 0 d-----w- c:\program files\Internet Download Manager
2009-10-16 01:27:47 0 d-----w- c:\program files\MSXML 4.0
2009-10-15 22:35:41 0 d--h--w- c:\documents and settings\leon\InstallAnywhere
2009-10-15 20:50:30 0 d-----w- c:\program files\LiteStep
2009-10-15 19:59:09 218624 -c--a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-10-15 19:41:03 24 ----a-w- c:\windows\LogonStudio.ini
2009-10-15 19:32:14 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2009-10-15 19:32:13 0 d-----w- c:\program files\WinCustomize
2009-10-15 19:31:30 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-10-15 19:30:30 0 d-----w- c:\docume~1\leon\applic~1\Styler
2009-10-15 18:58:44 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-15 18:57:28 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-15 18:57:27 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-15 18:57:27 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-15 18:57:27 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-15 18:57:27 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-15 18:57:27 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-15 18:57:26 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-15 18:57:26 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-15 18:56:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-15 18:55:56 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-15 18:55:19 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-15 18:55:11 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-15 18:53:03 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-15 18:53:02 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-15 18:53:02 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-15 18:35:35 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-10-15 18:21:30 0 d-----w- c:\windows\system32\scripting
2009-10-15 18:21:29 0 d-----w- c:\windows\l2schemas
2009-10-15 18:21:27 0 d-----w- c:\windows\system32\en
2009-10-15 18:21:27 0 d-----w- c:\windows\system32\bits
2009-10-15 18:18:36 0 d-----w- c:\windows\ServicePackFiles
2009-10-15 18:05:29 0 d-----w- c:\program files\Styler
2009-10-15 03:27:54 0 d-----w- c:\docume~1\leon\applic~1\TitaniumTaskbar
2009-10-15 03:06:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-15 03:05:10 2359350 ----a-w- c:\windows\Midnight_1024_768.bmp
2009-10-15 03:02:48 0 d-----w- c:\docume~1\leon\applic~1\Stardock
2009-10-15 03:02:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-10-15 03:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Stardock
2009-10-15 03:00:53 218624 ----a-w- c:\windows\system32\uxtheme.backup
2009-10-15 03:00:21 0 d-----w- c:\program files\EULAlyzer
2009-10-15 01:34:26 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-10-15 01:34:26 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf

==================== Find3M ====================

2009-11-13 22:09:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-08 04:18:43 1847296 ----a-w- c:\windows\system32\logonuiX.exe
2009-10-05 20:48:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 12:55:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-15 20:04:58 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
1784-02-06 00:28:16 65536 -c----w- c:\windows\inf\copyinf.exe
1784-02-06 00:28:16 242432 -c----w- c:\windows\inf\rt2500usb.sys

============= FINISH: 18:53:00.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 21 November 2009 - 08:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 21 November 2009 - 07:27 PM

Thanks. Malwarebytes keeps detecting a "backdor.bot". It deletes it, but it's there again after reboot. The computer seems to be fine, nothing happening out of the ordinary. The web browser was loading slow, but it seems fine again. I'd just like to get rid of it and check if there's any other malware. Thanks again.


==================================================================================



DDS (Ver_09-10-26.01) - NTFSx86
Run by leon at 19:15:13.92 on Sat 11/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.393 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\leon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hometab.bellsouth.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F4D76F01-7896-458a-890F-E1F05C46069F} - No File
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunServices: [WinProfile] sndcfg16.exe
StartupFolder: c:\docume~1\jenny\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - file://j:\mathplayer\deltacvx.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leon\applic~1\mozilla\firefox\profiles\kelpioy2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\documents and settings\leon\application data\mozilla\firefox\profiles\kelpioy2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-1 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-1 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-13 115312]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-9-30 116736]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2009-1-28 238848]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-9-15 32768]

=============== Created Last 30 ================

2009-11-21 23:50:13 0 d-----w- c:\program files\Auslogics
2009-11-13 22:24:40 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-13 22:21:36 0 d-----w- c:\windows\ERUNT
2009-11-13 22:20:07 0 d-----w- C:\SDFix
2009-11-13 22:09:29 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-13 22:09:29 0 d-----w- c:\windows\system32\ZoneLabs
2009-11-13 22:09:29 0 d-----w- c:\program files\Zone Labs
2009-11-13 22:09:27 350192 ----a-w- c:\windows\system32\vsconfig.xml
2009-11-13 21:30:45 2942 ----a-w- c:\windows\system32\tmp.reg
2009-11-13 21:11:27 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-11-13 21:11:27 0 d-----w- c:\program files\KeyScrambler
2009-11-12 23:29:33 0 d-s---w- C:\ComboFix
2009-11-12 22:54:17 0 d-----w- C:\cmdcons
2009-11-12 22:11:19 0 d-----w- C:\!KillBox
2009-11-12 20:42:53 0 d-----w- c:\program files\hpHosts
2009-11-12 20:35:43 98816 ----a-w- c:\windows\sed.exe
2009-11-12 20:35:43 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 20:35:43 260608 ----a-w- c:\windows\PEV.exe
2009-11-12 20:35:43 161792 ----a-w- c:\windows\SWREG.exe
2009-11-11 18:22:57 0 d-----w- c:\docume~1\leon\applic~1\4Media Software Studio
2009-11-11 18:22:13 0 d-----w- c:\program files\4Media
2009-11-09 18:22:02 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-09 18:22:01 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-09 18:21:15 0 d-----w- c:\windows\Replay Director
2009-11-09 18:20:46 0 d-----w- c:\windows\Replay Media Catcher
2009-11-09 18:20:46 0 d-----w- c:\program files\Replay Media Catcher
2009-11-09 18:16:17 0 d-sh--w- c:\documents and settings\leon\IETldCache
2009-11-08 18:03:09 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-08 18:02:31 0 d-----w- c:\windows\ie8updates
2009-11-08 18:00:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 18:00:29 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 17:57:42 0 dc-h--w- c:\windows\ie8
2009-11-07 16:04:23 0 d-----w- c:\program files\DVDVideoSoft
2009-11-07 16:04:23 0 d-----w- c:\program files\common files\DVDVideoSoft
2009-11-05 19:13:42 0 d-----w- C:\772b7db62d3438b4f2f7841471a45cdd
2009-11-02 18:19:41 0 d-----w- c:\program files\iColorFolder
2009-11-02 18:16:42 0 d-----w- c:\program files\IconTweaker
2009-11-02 18:16:42 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker
2009-11-02 18:13:05 0 d-----w- c:\program files\HD Tune
2009-11-01 22:15:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 22:14:53 0 d-----w- c:\docume~1\leon\applic~1\Malwarebytes
2009-11-01 22:14:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:14:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:14:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:14:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 22:13:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 16:07:37 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-01 05:14:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-01 05:14:00 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-01 05:13:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-01 05:13:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-01 05:13:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-01 05:13:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-01 05:13:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-01 05:13:59 0 d-----w- C:\a194ba65130f2bb1b043
2009-10-30 17:47:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-29 22:14:40 473600 ----a-w- c:\windows\system32\Harmony.dll
2009-10-29 22:14:40 237568 ----a-w- c:\windows\system32\Unlha32.dll
2009-10-29 22:08:00 87040 ----a-w- c:\windows\UnGins.exe
2009-10-29 22:07:50 0 d-----w- c:\program files\ASCII
2009-10-29 15:16:50 0 d-----w- c:\docume~1\leon\applic~1\Greyfirst
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys2.bmp
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys1.bmp
2009-10-29 00:23:10 720896 ----a-w- c:\windows\iun6002.exe
2009-10-28 23:26:58 0 d-----w- c:\program files\Enterbrain
2009-10-28 23:23:25 0 d-----w- c:\program files\Toolkit3
2009-10-26 00:19:18 4096 ----a-w- c:\windows\d3dx.dat
2009-10-25 17:23:00 0 d-----w- c:\program files\ReflexiveArcade
2009-10-25 17:22:40 0 d-----w- c:\program files\DOSBox-0.72
2009-10-24 17:45:38 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-11-13 22:09:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-08 04:18:43 1847296 ----a-w- c:\windows\system32\logonuiX.exe
2009-11-08 04:17:52 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-11-01 22:15:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 12:55:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
1784-02-06 00:28:16 65536 -c----w- c:\windows\inf\copyinf.exe
1784-02-06 00:28:16 242432 -c----w- c:\windows\inf\rt2500usb.sys

============= FINISH: 19:16:17.37 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 24 November 2009 - 07:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you post the MBAM log showing the detection?

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 24 November 2009 - 10:33 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3221
Windows 5.1.2600 Service Pack 3

11/24/2009 10:31:35 PM
mbam-log-2009-11-24 (22-31-35).txt

Scan type: Quick Scan
Objects scanned: 94863
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinProfile (Backdoor.Bot) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 25 November 2009 - 07:35 AM

Okay, let's attempt to remove that registry entry. If it's a leftover it should go quietly.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinProfile]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please run MBAM again and post the log so we can check that it has been removed :(
Posted Image
m0le is a proud member of UNITE

#7 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 25 November 2009 - 02:13 PM

It didn't ask me to reboot.

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinProfile\ not found.

OTM by OldTimer - Version 3.1.2.0 log created on 11252009_135710


================================================================================


Here's the malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 3231
Windows 5.1.2600 Service Pack 3

11/25/2009 2:13:09 PM
mbam-log-2009-11-25 (14-13-09).txt

Scan type: Quick Scan
Objects scanned: 139873
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\WinProfile (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 25 November 2009 - 04:50 PM

The sndcfg16.exe file is bad and is running on boot.

We have to track down the file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    sndcfg16.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Once we have that file's location we can remove it and other malware found in the DDS log.
Posted Image
m0le is a proud member of UNITE

#9 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 25 November 2009 - 06:15 PM

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:06 on 25/11/2009 by leon (Administrator - Elevation successful)

========== filefind ==========

Searching for "sndcfg16.exe"
No files found.

-=End Of File=-



=======================================================================================


So how bad is this thing, mate?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 25 November 2009 - 08:21 PM

It's a trojan/backdoor. The infection itself isn't really bad but the fact that a backdoor has got into your system means you are now vulnerable. Read this:

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you want to continue with the clean up then let me know.
Posted Image
m0le is a proud member of UNITE

#11 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 25 November 2009 - 09:38 PM

Sure. I'd rather reformat or reinstall but I don't have the Windows CD.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 26 November 2009 - 08:33 AM

Okay let's remove the threat.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "WinProfile"=-
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post a new DDS log too, thanks :(
Posted Image
m0le is a proud member of UNITE

#13 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 26 November 2009 - 05:12 PM

Okay...

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\WinProfile deleted successfully.

OTM by OldTimer - Version 3.1.2.0 log created on 11262009_170803



================================================================================




DDS (Ver_09-10-26.01) - NTFSx86
Run by leon at 17:08:30.18 on Thu 11/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.259 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\leon\Desktop\OTM.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\leon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hometab.bellsouth.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F4D76F01-7896-458a-890F-E1F05C46069F} - No File
TB: {F4D76F09-7896-458a-890F-E1F05C46069F} - No File
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - No File
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [BootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobs
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunServices: [WinProfile] sndcfg16.exe
StartupFolder: c:\docume~1\jenny\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - file://j:\mathplayer\deltacvx.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\leon\applic~1\mozilla\firefox\profiles\kelpioy2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\all users\application data\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\documents and settings\leon\application data\mozilla\firefox\profiles\kelpioy2.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-1 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-1 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-11-13 115312]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-9-30 116736]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2009-1-28 238848]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-9-15 32768]

=============== Created Last 30 ================

2009-11-25 18:57:10 0 d-----w- C:\_OTM
2009-11-22 00:52:07 0 d-----w- c:\docume~1\leon\applic~1\Auslogics
2009-11-21 23:50:13 0 d-----w- c:\program files\Auslogics
2009-11-13 22:24:40 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-13 22:21:36 0 d-----w- c:\windows\ERUNT
2009-11-13 22:20:07 0 d-----w- C:\SDFix
2009-11-13 22:09:29 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-13 22:09:29 0 d-----w- c:\windows\system32\ZoneLabs
2009-11-13 22:09:29 0 d-----w- c:\program files\Zone Labs
2009-11-13 22:09:27 350192 ----a-w- c:\windows\system32\vsconfig.xml
2009-11-13 21:30:45 2942 ----a-w- c:\windows\system32\tmp.reg
2009-11-13 21:11:27 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-11-13 21:11:27 0 d-----w- c:\program files\KeyScrambler
2009-11-12 23:29:33 0 d-s---w- C:\ComboFix
2009-11-12 22:54:17 0 d-----w- C:\cmdcons
2009-11-12 22:11:19 0 d-----w- C:\!KillBox
2009-11-12 20:42:53 0 d-----w- c:\program files\hpHosts
2009-11-12 20:35:43 98816 ----a-w- c:\windows\sed.exe
2009-11-12 20:35:43 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 20:35:43 260608 ----a-w- c:\windows\PEV.exe
2009-11-12 20:35:43 161792 ----a-w- c:\windows\SWREG.exe
2009-11-11 18:22:57 0 d-----w- c:\docume~1\leon\applic~1\4Media Software Studio
2009-11-11 18:22:13 0 d-----w- c:\program files\4Media
2009-11-09 18:22:02 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-09 18:22:01 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-09 18:21:15 0 d-----w- c:\windows\Replay Director
2009-11-09 18:20:46 0 d-----w- c:\windows\Replay Media Catcher
2009-11-09 18:20:46 0 d-----w- c:\program files\Replay Media Catcher
2009-11-09 18:16:17 0 d-sh--w- c:\documents and settings\leon\IETldCache
2009-11-08 18:03:09 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-08 18:02:31 0 d-----w- c:\windows\ie8updates
2009-11-08 18:00:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 18:00:29 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 17:57:42 0 dc-h--w- c:\windows\ie8
2009-11-07 16:04:23 0 d-----w- c:\program files\DVDVideoSoft
2009-11-07 16:04:23 0 d-----w- c:\program files\common files\DVDVideoSoft
2009-11-05 19:13:42 0 d-----w- C:\772b7db62d3438b4f2f7841471a45cdd
2009-11-02 18:19:41 0 d-----w- c:\program files\iColorFolder
2009-11-02 18:16:42 0 d-----w- c:\program files\IconTweaker
2009-11-02 18:16:42 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker
2009-11-02 18:13:05 0 d-----w- c:\program files\HD Tune
2009-11-01 22:15:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 22:14:53 0 d-----w- c:\docume~1\leon\applic~1\Malwarebytes
2009-11-01 22:14:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:14:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:14:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:14:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 22:13:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 16:07:37 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-01 05:14:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-01 05:14:00 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-01 05:13:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-01 05:13:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-01 05:13:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-01 05:13:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-01 05:13:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-01 05:13:59 0 d-----w- C:\a194ba65130f2bb1b043
2009-10-30 17:47:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-29 22:14:40 473600 ----a-w- c:\windows\system32\Harmony.dll
2009-10-29 22:14:40 237568 ----a-w- c:\windows\system32\Unlha32.dll
2009-10-29 22:08:00 87040 ----a-w- c:\windows\UnGins.exe
2009-10-29 22:07:50 0 d-----w- c:\program files\ASCII
2009-10-29 15:16:50 0 d-----w- c:\docume~1\leon\applic~1\Greyfirst
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys2.bmp
2009-10-29 15:08:19 0 ---ha-w- c:\windows\SwSys1.bmp
2009-10-29 00:23:10 720896 ----a-w- c:\windows\iun6002.exe
2009-10-28 23:26:58 0 d-----w- c:\program files\Enterbrain
2009-10-28 23:23:25 0 d-----w- c:\program files\Toolkit3

==================== Find3M ====================

2009-11-13 22:09:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-08 04:18:43 1847296 ----a-w- c:\windows\system32\logonuiX.exe
2009-11-08 04:17:52 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-11-01 22:15:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-26 00:19:18 4096 ----a-w- c:\windows\d3dx.dat
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
1784-02-06 00:28:16 65536 -c----w- c:\windows\inf\copyinf.exe
1784-02-06 00:28:16 242432 -c----w- c:\windows\inf\rt2500usb.sys

============= FINISH: 17:10:11.04 ===============

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:21 AM

Posted 26 November 2009 - 05:15 PM

There's something else there that I am not seeing.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#15 simunic

simunic
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 27 November 2009 - 02:01 PM

ComboFix 09-11-26.02 - leon 11/27/2009 13:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.542 [GMT -5:00]
Running from: c:\documents and settings\leon\Desktop\comfix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-25 18:57 . 2009-11-25 18:57 -------- d-----w- C:\_OTM
2009-11-22 20:58 . 2009-11-22 20:58 -------- d-----w- c:\documents and settings\New\Application Data\Publish Providers
2009-11-22 20:57 . 2009-11-22 20:57 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Sony
2009-11-22 20:57 . 2009-11-22 20:57 -------- d-----w- c:\documents and settings\New\Application Data\Sony
2009-11-22 00:52 . 2009-11-22 00:52 -------- d-----w- c:\documents and settings\leon\Application Data\Auslogics
2009-11-21 23:50 . 2009-11-21 23:50 -------- d-----w- c:\program files\Auslogics
2009-11-19 16:46 . 2009-11-22 22:41 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Adobe
2009-11-19 02:54 . 2009-11-19 02:54 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Apple
2009-11-17 03:47 . 2009-11-17 03:47 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\PACE Anti-Piracy
2009-11-17 03:47 . 2009-11-17 03:47 -------- d-----w- c:\documents and settings\New\Application Data\PACE Anti-Piracy
2009-11-16 21:17 . 2009-11-17 19:15 117760 ----a-w- c:\documents and settings\New\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-16 21:17 . 2009-11-16 21:17 -------- d-----w- c:\documents and settings\New\Application Data\SUPERAntiSpyware.com
2009-11-15 22:49 . 2009-11-15 22:49 -------- d-----w- c:\documents and settings\New\Application Data\DivX
2009-11-15 22:33 . 2009-11-15 22:33 -------- d-----w- c:\documents and settings\New\Application Data\vlc
2009-11-15 22:02 . 2009-11-15 22:02 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\vdownloader
2009-11-15 16:53 . 2009-11-15 16:53 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Greyfirst
2009-11-15 16:53 . 2009-11-15 16:53 -------- d-----w- c:\documents and settings\New\Application Data\Greyfirst
2009-11-15 16:09 . 2009-11-17 22:57 -------- d-----w- c:\documents and settings\New\Application Data\Winamp
2009-11-15 15:51 . 2009-11-15 15:51 -------- d-----w- c:\documents and settings\New\Application Data\Apple Computer
2009-11-15 15:51 . 2009-11-15 15:51 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Apple Computer
2009-11-15 15:51 . 2009-11-27 17:39 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Last.fm
2009-11-14 04:40 . 2009-11-14 04:40 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Mozilla
2009-11-14 04:39 . 2009-11-14 04:39 -------- d-sh--w- c:\documents and settings\New\PrivacIE
2009-11-14 04:36 . 2009-11-14 04:36 -------- d-----w- c:\documents and settings\New\Application Data\Malwarebytes
2009-11-14 04:28 . 2009-11-14 04:28 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Stardock
2009-11-14 04:03 . 2009-11-26 21:47 -------- d-----w- c:\documents and settings\New
2009-11-13 22:24 . 2009-11-13 22:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-13 22:21 . 2009-11-13 22:21 -------- d-----w- c:\windows\ERUNT
2009-11-13 22:20 . 2008-11-06 07:03 -------- d-----w- C:\SDFix
2009-11-13 22:09 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-13 22:09 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-13 22:09 . 2009-11-13 22:09 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-13 22:09 . 2009-11-13 22:09 -------- d-----w- c:\program files\Zone Labs
2009-11-13 22:09 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-13 21:11 . 2009-11-13 21:11 -------- d-----w- c:\program files\KeyScrambler
2009-11-13 21:11 . 2009-10-04 21:33 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-11-12 22:25 . 2009-11-12 22:25 152576 ----a-w- c:\documents and settings\leon\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 22:22 . 2009-11-12 22:22 152576 ----a-w- c:\documents and settings\Guest.JENNY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 22:11 . 2009-11-12 22:11 -------- d-----w- C:\!KillBox
2009-11-12 20:42 . 2009-11-12 20:42 -------- d-----w- c:\program files\hpHosts
2009-11-12 19:35 . 2009-11-12 19:35 -------- d-sh--w- c:\documents and settings\Guest.JENNY\PrivacIE
2009-11-12 18:56 . 2009-11-12 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-12 18:55 . 2009-11-12 18:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-11 18:29 . 2009-11-11 18:29 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\4Media Software Studio
2009-11-11 18:22 . 2009-11-11 18:22 -------- d-----w- c:\documents and settings\leon\Application Data\4Media Software Studio
2009-11-11 18:22 . 2009-11-11 18:22 -------- d-----w- c:\program files\4Media
2009-11-10 16:49 . 2009-11-10 16:49 -------- d-----w- c:\documents and settings\leon\Local Settings\Application Data\vdownloader
2009-11-10 16:32 . 2009-11-10 16:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-10 00:08 . 2009-11-10 03:02 -------- d-----w- c:\documents and settings\Martin\Local Settings\Application Data\FLVService
2009-11-09 18:43 . 2009-11-10 00:02 -------- d-----w- c:\documents and settings\Guest.JENNY\Local Settings\Application Data\FLVService
2009-11-09 18:22 . 2009-11-09 18:22 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-11-09 18:22 . 2009-11-09 18:22 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-11-09 18:21 . 2009-11-09 18:21 -------- d-----w- c:\documents and settings\leon\Local Settings\Application Data\mdnslib
2009-11-09 18:21 . 2009-11-09 18:21 -------- d-----w- c:\windows\Replay Director
2009-11-09 18:20 . 2009-11-09 18:20 -------- d-----w- c:\documents and settings\leon\Local Settings\Application Data\FLVService
2009-11-09 18:20 . 2009-11-09 18:32 -------- d-----w- c:\program files\Replay Media Catcher
2009-11-09 18:20 . 2009-11-09 18:20 -------- d-----w- c:\windows\Replay Media Catcher
2009-11-09 18:16 . 2009-11-09 18:16 -------- d-sh--w- c:\documents and settings\leon\IETldCache
2009-11-09 03:00 . 2009-11-09 03:00 -------- d-sh--w- c:\documents and settings\Martin\IETldCache
2009-11-08 22:15 . 2009-11-08 22:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-08 18:18 . 2009-11-08 18:18 -------- d-sh--w- c:\documents and settings\Guest.JENNY\IETldCache
2009-11-08 18:03 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-08 18:02 . 2009-11-08 18:02 -------- d-----w- c:\windows\ie8updates
2009-11-08 18:00 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 18:00 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 17:57 . 2009-11-08 17:59 -------- dc-h--w- c:\windows\ie8
2009-11-08 16:59 . 2009-11-08 16:59 -------- d-----w- c:\documents and settings\Guest.JENNY\Local Settings\Application Data\VirtualStore
2009-11-08 16:53 . 2009-11-08 16:53 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\FlashgetSetup
2009-11-08 01:25 . 2009-11-08 01:26 -------- d-----w- c:\documents and settings\Martin\.smplayer
2009-11-07 23:12 . 2009-11-07 23:12 -------- d-----w- c:\documents and settings\Guest.JENNY\styles
2009-11-07 23:12 . 2009-11-07 23:12 -------- d-----w- c:\documents and settings\New\fonts
2009-11-07 23:12 . 2009-11-07 23:12 -------- d-----w- c:\documents and settings\Guest.JENNY\docs
2009-11-07 23:12 . 2009-05-20 01:17 165464 ----a-w- c:\documents and settings\Guest.JENNY\bsetroot.exe
2009-11-07 23:12 . 2009-05-20 01:17 14938 ----a-w- c:\documents and settings\Guest.JENNY\bsetshell.exe
2009-11-07 23:12 . 2009-05-20 01:17 12374 ----a-w- c:\documents and settings\Guest.JENNY\bsetbg.exe
2009-11-07 23:12 . 2009-11-07 23:12 -------- d-----w- c:\documents and settings\Guest.JENNY\backgrounds
2009-11-07 23:12 . 2009-05-20 01:17 82516 ----a-w- c:\documents and settings\Guest.JENNY\bbnote.exe
2009-11-07 23:12 . 2009-05-20 01:17 79968 ----a-w- c:\documents and settings\Guest.JENNY\bbstylemaker.exe
2009-11-07 23:12 . 2009-05-20 01:17 136786 ----a-w- c:\documents and settings\Guest.JENNY\blackbox.exe
2009-11-07 16:04 . 2009-11-07 16:04 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-07 16:04 . 2009-11-07 16:04 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-05 19:13 . 2009-11-05 19:22 -------- d-----w- C:\772b7db62d3438b4f2f7841471a45cdd
2009-11-05 03:47 . 2009-11-05 03:47 -------- d-----w- c:\documents and settings\Guest.JENNY\updates
2009-11-05 03:47 . 2009-06-12 16:14 655872 ----a-w- c:\documents and settings\Guest.JENNY\msvcr90.dll
2009-11-05 03:47 . 2009-06-12 16:14 568832 ----a-w- c:\documents and settings\Guest.JENNY\msvcp90.dll
2009-11-05 03:47 . 2009-06-12 16:14 224768 ----a-w- c:\documents and settings\Guest.JENNY\msvcm90.dll
2009-11-02 18:19 . 2009-11-02 18:23 -------- d-----w- c:\program files\iColorFolder
2009-11-02 18:16 . 2009-11-02 18:16 -------- d-----w- c:\program files\IconTweaker
2009-11-02 18:16 . 2009-11-02 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
2009-11-02 18:13 . 2009-11-02 18:13 -------- d-----w- c:\program files\HD Tune
2009-11-02 18:11 . 2009-10-30 19:38 528764 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-02 18:11 . 2009-09-15 21:58 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-11-02 18:11 . 2009-09-03 21:24 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-11-02 18:11 . 2009-10-28 20:11 2064760 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-02 18:11 . 2009-10-28 20:11 364917 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-02 18:11 . 2009-10-22 21:50 422263 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-02 18:11 . 2009-10-03 04:15 479604 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-11-02 18:11 . 2009-10-03 04:15 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-11-02 18:11 . 2009-09-15 21:57 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-02 18:11 . 2009-09-03 21:24 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-11-02 18:11 . 2009-06-17 20:32 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-11-02 18:11 . 2008-10-15 16:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-11-01 23:39 . 2009-11-01 23:39 -------- d-----w- c:\documents and settings\Martin\Application Data\Malwarebytes
2009-11-01 23:28 . 2009-11-01 23:28 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Malwarebytes
2009-11-01 22:15 . 2009-11-01 22:15 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-01 22:15 . 2009-11-01 22:15 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-01 22:15 . 2009-11-01 22:15 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-01 22:15 . 2009-11-22 00:29 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-01 22:15 . 2009-11-01 22:15 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-01 22:15 . 2009-11-01 22:15 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-01 22:15 . 2009-11-01 22:15 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-01 22:15 . 2009-11-01 22:15 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-01 22:14 . 2009-11-01 22:14 -------- d-----w- c:\documents and settings\leon\Application Data\Malwarebytes
2009-11-01 22:14 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:14 . 2009-11-01 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:14 . 2009-11-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-01 22:14 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:13 . 2009-11-01 22:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 22:13 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-01 05:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-01 05:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-01 05:13 . 2009-11-01 05:14 -------- d-----w- C:\a194ba65130f2bb1b043
2009-11-01 05:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-01 05:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 22:14 . 2009-10-01 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-26 22:13 . 2007-04-17 00:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 22:13 . 2009-10-01 16:24 -------- d-----w- c:\program files\SpywareBlaster
2009-11-26 22:06 . 2009-10-01 16:29 117760 ----a-w- c:\documents and settings\leon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-24 00:46 . 2009-10-01 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-23 00:34 . 2009-02-22 02:08 -------- d-----w- c:\documents and settings\Martin\Application Data\Azureus
2009-11-16 20:31 . 2009-10-01 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Mozilla Firefox
2009-11-16 00:28 . 2009-02-25 00:24 664 ----a-w- c:\documents and settings\Martin\Local Settings\Application Data\d3d9caps.dat
2009-11-15 22:50 . 2009-02-07 23:49 90320 ----a-w- c:\documents and settings\Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 16:14 . 2009-02-09 19:27 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-15 16:14 . 2009-10-15 21:04 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2009-11-15 16:14 . 2009-02-09 19:27 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-11-14 04:05 . 2009-11-14 04:05 90320 ----a-w- c:\documents and settings\New\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 04:05 . 2009-11-14 04:05 -------- d-----w- c:\documents and settings\New\Application Data\Rainmeter
2009-11-14 03:54 . 2009-02-09 19:26 -------- d-----w- c:\program files\Last.fm
2009-11-13 22:09 . 2008-03-21 09:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-13 20:26 . 2009-10-01 16:26 -------- d-----w- c:\program files\SpywareGuard
2009-11-13 19:22 . 2006-01-24 16:49 90320 -c--a-w- c:\documents and settings\leon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 13:39 . 2009-05-30 19:22 90320 ----a-w- c:\documents and settings\Guest.JENNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 22:26 . 2006-01-24 17:53 -------- d-----w- c:\program files\Java
2009-11-12 20:40 . 2006-02-16 00:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 17:39 . 2009-10-01 16:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-09 21:09 . 2009-05-30 19:22 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Azureus
2009-11-08 04:18 . 2004-08-04 12:00 1847296 ----a-w- c:\windows\system32\logonuiX.exe
2009-11-08 04:17 . 2009-10-15 19:31 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-11-08 04:13 . 2009-10-22 18:37 -------- d-----w- c:\documents and settings\Martin\Application Data\Winamp
2009-11-06 16:43 . 2009-11-06 16:43 -------- d-----w- c:\windows\Fonts\Serenity 2.0\Fonts
2009-11-06 16:43 . 2009-11-06 16:43 -------- d-----w- c:\windows\Fonts\Serenity 2.0
2009-11-06 16:43 . 2009-11-06 16:43 -------- d-----w- c:\windows\Fonts\Simple Winamp\font
2009-11-06 16:43 . 2009-11-06 16:43 -------- d-----w- c:\windows\Fonts\Simple Winamp
2009-11-02 18:08 . 2009-10-14 15:59 -------- d-----w- c:\documents and settings\leon\Application Data\Rainmeter
2009-11-02 02:33 . 2009-11-02 02:33 -------- d-----w- c:\windows\Fonts\NuttyMonk
2009-11-01 22:15 . 2009-10-05 20:48 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-01 22:15 . 2009-10-01 21:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-01 22:15 . 2009-10-05 20:48 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-01 22:13 . 2009-11-01 22:13 -------- d-----w- c:\windows\Fonts\Exeed
2009-10-30 17:25 . 2008-04-26 04:25 -------- d-----w- c:\documents and settings\leon\Application Data\OpenOffice.org2
2009-10-29 15:01 . 2009-10-25 17:22 -------- d-----w- c:\program files\DOSBox-0.72
2009-10-27 15:26 . 2009-05-30 16:49 1 ----a-w- c:\documents and settings\Guest.JENNY\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-10-27 15:25 . 2009-05-30 16:48 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\OpenOffice.org2
2009-10-26 00:19 . 2009-10-26 00:19 4096 ----a-w- c:\windows\d3dx.dat
2009-10-25 17:23 . 2009-10-25 17:23 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-24 23:32 . 2009-10-24 23:32 -------- d-----w- c:\windows\Fonts\SlanXP2\Fonts
2009-10-24 23:32 . 2009-10-24 23:32 -------- d-----w- c:\windows\Fonts\SlanXP2
2009-10-24 23:31 . 2009-10-24 23:31 -------- d-----w- c:\windows\Fonts\Lakrits\Fonts
2009-10-24 23:31 . 2009-10-24 23:31 -------- d-----w- c:\windows\Fonts\Lakrits
2009-10-24 23:30 . 2009-10-24 23:30 -------- d-----w- c:\windows\Fonts\Decadence\Fonts
2009-10-24 23:30 . 2009-10-24 23:30 -------- d-----w- c:\windows\Fonts\Decadence
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Greyfirst
2009-10-24 16:58 . 2008-03-27 16:04 -------- d-----w- c:\program files\Barkley Shut Up and Jam Gaiden
2009-10-23 17:30 . 2008-08-06 02:58 -------- d-----w- c:\program files\Free FLV Converter
2009-10-23 16:19 . 2009-10-23 16:18 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\GrabPro
2009-10-23 16:14 . 2009-10-14 16:01 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Rainmeter
2009-10-22 15:43 . 2009-08-10 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-22 02:17 . 2009-07-11 01:28 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\PACE Anti-Piracy
2009-10-22 02:03 . 2009-10-22 02:03 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Publish Providers
2009-10-22 02:02 . 2009-10-19 17:09 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Sony
2009-10-21 03:53 . 2009-10-21 03:53 -------- d-----w- c:\program files\Belkin
2009-10-21 03:53 . 2009-10-21 03:53 -------- d-----w- c:\documents and settings\leon\Application Data\InstallShield
2009-10-20 21:27 . 2008-03-27 00:32 -------- d-----w- c:\program files\Knytt Stories
2009-10-19 18:57 . 2009-10-17 20:40 -------- d-----w- c:\documents and settings\leon\Application Data\IDM
2009-10-19 18:57 . 2009-10-17 20:40 -------- d-----w- c:\program files\Internet Download Manager
2009-10-19 18:57 . 2009-10-15 20:05 -------- d-----w- c:\windows\Fonts\kvstyle\Fonts
2009-10-19 18:55 . 2009-10-19 18:55 -------- d-----w- c:\program files\iSofter
2009-10-19 18:55 . 2009-10-19 18:55 -------- d-----w- c:\program files\Antares
2009-10-19 18:49 . 2009-10-17 20:40 -------- d-----w- c:\documents and settings\leon\Application Data\DMCache
2009-10-18 15:18 . 2009-10-18 15:18 -------- d-----w- c:\program files\MSBuild
2009-10-18 15:18 . 2009-10-18 15:18 -------- d-----w- c:\program files\Reference Assemblies
2009-10-17 20:43 . 2009-10-17 20:43 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-17 20:43 . 2009-10-17 20:43 -------- d-----w- c:\program files\eRightSoft
2009-10-16 02:50 . 2008-03-26 00:24 -------- d-----w- c:\program files\Sony
2009-10-16 01:27 . 2009-10-16 01:27 -------- d-----w- c:\program files\MSXML 4.0
2009-10-15 21:04 . 2009-02-09 19:27 275 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-10-15 20:51 . 2009-10-15 20:50 -------- d-----w- c:\program files\LiteStep
2009-10-15 20:48 . 2009-10-15 20:48 -------- d-----w- c:\windows\Fonts\smpldrk\Fonts
2009-10-15 20:48 . 2009-10-15 20:48 -------- d-----w- c:\windows\Fonts\smpldrk
2009-10-15 20:05 . 2009-10-15 20:05 -------- d-----w- c:\windows\Fonts\kvstyle
2009-10-15 19:36 . 2009-10-15 19:36 -------- d-----w- c:\windows\Fonts\8270_logon\font
2009-10-15 19:36 . 2009-10-15 19:36 -------- d-----w- c:\windows\Fonts\8270_logon
2009-10-15 19:32 . 2009-10-15 19:32 -------- d-----w- c:\program files\WinCustomize
2009-10-15 19:31 . 2009-10-14 01:41 -------- d-----w- c:\program files\Common Files\Stardock
2009-10-15 19:31 . 2009-10-14 01:41 -------- d-----w- c:\program files\Stardock
2009-10-15 19:30 . 2009-10-15 18:05 -------- d-----w- c:\program files\Styler
2009-10-15 19:30 . 2009-10-15 19:30 -------- d-----w- c:\documents and settings\leon\Application Data\Styler
2009-10-15 18:45 . 2009-10-15 18:40 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Winamp
2009-10-15 18:36 . 2009-10-15 18:36 -------- d-----w- c:\documents and settings\Guest.JENNY\Application Data\Styler
2009-10-15 18:24 . 2006-01-24 01:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-15 18:05 . 2009-10-15 18:05 15086 ----a-r- c:\documents and settings\leon\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe
2009-10-15 18:05 . 2009-10-15 18:05 15086 ----a-r- c:\documents and settings\leon\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
2009-10-15 18:04 . 2009-10-15 18:00 -------- d-----w- c:\documents and settings\leon\Application Data\Winamp
2009-10-15 18:02 . 2008-03-22 02:03 -------- d-----w- c:\program files\Winamp
2009-10-15 13:11 . 2009-10-15 13:10 -------- d-----w- c:\documents and settings\Martin\Application Data\Rainmeter
2009-10-15 03:17 . 2009-10-15 03:02 -------- d-----w- c:\documents and settings\leon\Application Data\Stardock
2009-10-15 03:15 . 2009-10-15 03:15 -------- d-----w- c:\windows\Fonts\PepperedThree\1 Style + UxTheme Patcher
2009-10-15 03:15 . 2009-10-15 03:15 -------- d-----w- c:\windows\Fonts\PepperedThree
2009-10-15 03:11 . 2009-10-15 03:10 -------- d-----w- c:\windows\Fonts\Ashen II\Fonts
2009-10-15 03:10 . 2009-10-15 03:10 -------- d-----w- c:\windows\Fonts\Ashen II
2009-10-15 03:05 . 2009-10-15 03:05 152576 ----a-w- c:\documents and settings\leon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-15 03:02 . 2009-10-15 03:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-10-15 03:02 . 2009-10-15 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
.

((((((((((((((((((((((((((((( SnapShot@2009-11-12_21.19.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 18:36 . 2009-11-27 18:36 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-11-13 22:09 . 2009-02-16 05:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-11-13 22:09 . 2008-11-17 07:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-11-13 22:09 . 2009-02-16 05:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 35208 c:\windows\system32\vswmi.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 58248 c:\windows\system32\vsregexp.dll
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2009-05-21 23:04 . 2009-10-03 16:28 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-21 23:04 . 2009-11-24 00:53 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-01-24 01:51 . 2009-11-10 16:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-24 01:51 . 2009-11-26 15:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-01-24 01:51 . 2009-11-10 16:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-01-24 01:51 . 2009-11-26 15:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-10 16:32 . 2009-11-10 16:32 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-10 16:32 . 2009-11-26 15:22 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-12 22:43 . 2009-11-26 15:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-01-24 01:51 . 2009-11-10 16:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-13 22:08 . 2009-11-13 22:08 62464 c:\windows\Installer\cf7a58.msi
+ 2009-11-25 18:48 . 2009-11-25 18:48 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-13 22:21 . 2009-11-13 22:21 61440 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-13 22:22 . 2009-11-13 22:22 61440 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-11-13 22:09 . 2009-02-16 05:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 10:23 . 2008-07-29 10:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 10:23 . 2008-07-29 10:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 08:51 . 2008-07-29 08:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-11-13 22:08 . 2009-02-16 05:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-11-13 22:09 . 2007-10-11 21:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-11-13 22:09 . 2008-11-17 07:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-11-13 22:09 . 2008-11-17 07:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-11-13 22:08 . 2009-02-04 23:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-11-13 22:09 . 2008-03-17 21:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 109960 c:\windows\system32\vsxml.dll
+ 2009-11-13 22:08 . 2009-02-16 05:10 482184 c:\windows\system32\vsutil.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-11-13 22:08 . 2009-02-16 05:10 229256 c:\windows\system32\vsinit.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-11-13 22:08 . 2009-02-16 05:10 110472 c:\windows\system32\vsdata.dll
+ 2009-11-12 22:26 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe
- 2009-10-15 03:06 . 2009-10-15 03:06 149280 c:\windows\system32\javaws.exe
- 2009-10-15 03:06 . 2009-10-15 03:06 145184 c:\windows\system32\javaw.exe
+ 2009-11-12 22:26 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
- 2009-10-15 03:06 . 2009-10-15 03:06 145184 c:\windows\system32\java.exe
+ 2009-11-12 22:26 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
- 2009-10-15 03:06 . 2009-10-15 03:06 411368 c:\windows\system32\deploytk.dll
+ 2009-10-15 03:06 . 2009-10-11 09:17 411368 c:\windows\system32\deploytk.dll
+ 2009-11-25 18:48 . 2009-11-25 18:48 429568 c:\windows\Installer\8c8c12.msi
- 2008-12-06 02:50 . 2009-05-30 19:31 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-12-06 02:50 . 2009-11-16 21:46 102400 c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2009-11-13 22:21 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-13 22:22 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-11-13 22:09 . 2008-11-17 07:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-11-13 22:09 . 2009-02-16 05:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-08-21 04:40 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-01-23 20:32 . 2009-11-12 23:06 1555656 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-21 04:40 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-11-13 22:21 . 2009-11-13 22:21 4861952 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-13 22:22 . 2009-11-13 22:22 4861952 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-13 22:09 . 2008-12-15 06:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-11-13 22:09 . 2008-12-15 06:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-24 2001648]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\leon\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-3-25 546816]

c:\documents and settings\New\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-13 3450608]

c:\documents and settings\Guest.JENNY\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-10-13 3450608]

c:\documents and settings\JENNY\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/1/2009 3:40 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/1/2009 11:42 AM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/1/2008 6:08 PM 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/13/2009 4:11 PM 115312]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [9/30/2009 4:15 AM 116736]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [1/28/2009 9:51 PM 238848]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 1:11 PM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:29]

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-27 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 01:27]

2009-11-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-31 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\leon\Application Data\Mozilla\Firefox\Profiles\kelpioy2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\documents and settings\leon\Application Data\Mozilla\Firefox\Profiles\kelpioy2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Stardock Impulse - c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}\shareware.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Tweak UI 2.10 - c:\windows\system32\mshta.exe res://c:\windows\system32\TweakUI.exe/uninstall.hta



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-27 13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-27 18:52
ComboFix2.txt 2009-11-12 21:23

Pre-Run: 29,688,778,752 bytes free
Post-Run: 29,649,362,944 bytes free

- - End Of File - - B0753FC43FD2508F0B6E12DDADFC05D0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users