Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow running computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 strepo

strepo

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 24 December 2009 - 04:10 PM

This is my moms computer and is running super slow and i want to fix it for her. Don't know if it has exactly been infected by anything in particular but the compter is running slow.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 14:47:02.21 on Thu 12/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.78 [GMT -5:00]

AV: avast! antivirus 4.8.1229 [VPS 080823-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgFat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnn.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.snapfish.com/hp_Spring2006_icondesktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141611916968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\y5zhgf1k.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-15 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-15 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-15 147640]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-15 250040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-15 348344]

=============== Created Last 30 ================

2009-12-24 08:04:11 0 d-----w- c:\windows\ServicePackFiles
2009-12-24 00:28:19 0 d-----w- c:\windows\system32\CatRoot_bak

==================== Find3M ====================

2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\dllcache\rastls.dll
2007-01-11 20:04:04 0 -c--a-w- c:\program files\error.dat

============= FINISH: 14:47:29.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 03 January 2010 - 10:31 PM

can anyone please help? Also, there is a program called spybot that is constantly popping up with notifications to accept or deny an action. Please Help....

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 05 January 2010 - 06:54 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#4 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 06 January 2010 - 10:01 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-01-06 21:59:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 75 GB (85%) free of 88 GB
Total RAM: 446 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:31 PM, on 1/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\21UJQZC9\RSIT[1].exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.snapfish.com/hp_Spring2006_icondesktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141611916968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 7215 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-09 77824]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-14 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2005-05-31 1415824]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e70366-1513-11dc-a803-0015f257ffc1}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-01-06 19:47:30 ----D---- C:\Program Files\trend micro
2010-01-06 19:47:28 ----D---- C:\rsit
2009-12-26 18:56:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Download Manager
2009-12-26 18:43:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
2009-12-26 18:23:53 ----D---- C:\Program Files\Linksys
2009-12-26 18:19:14 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-26 18:18:10 ----D---- C:\Program Files\Pure Networks
2009-12-26 18:17:27 ----D---- C:\Program Files\WebEx
2009-12-26 18:16:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 18:16:10 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-12-26 18:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-12-25 03:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-25 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-24 15:04:57 ----A---- C:\RootRepeal report 12-24-09 (15-04-57).txt
2009-12-24 03:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-24 03:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-24 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-24 03:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-24 03:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-24 03:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-24 03:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-24 03:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-24 03:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-24 03:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-24 03:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-24 03:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-24 03:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-24 03:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-24 03:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-24 03:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-24 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-24 03:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-24 03:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-24 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-24 03:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-24 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-24 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-24 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-24 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-24 03:04:11 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-24 03:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-24 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-24 03:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-24 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-24 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-24 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-24 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-23 19:28:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-23 19:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-23 19:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-23 19:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-23 19:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-23 19:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-12-23 19:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-23 19:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-12-23 18:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-23 18:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-23 18:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-23 18:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-12-23 18:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-23 18:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-23 18:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-23 18:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-23 18:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-12-23 18:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-23 18:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-23 18:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-23 18:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-12-23 18:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-23 18:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-12-23 18:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-23 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-23 18:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-23 18:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-23 18:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-23 18:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-12-23 18:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-23 18:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-23 18:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-23 18:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-12-23 18:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2010-01-06 22:00:14 ----D---- C:\WINDOWS\Temp
2010-01-06 21:58:17 ----D---- C:\WINDOWS\Prefetch
2010-01-06 21:47:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 21:46:44 ----D---- C:\WINDOWS\system32
2010-01-06 21:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 19:47:30 ----D---- C:\Program Files
2010-01-03 22:15:49 ----D---- C:\WINDOWS
2010-01-03 18:41:59 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 18:19:22 ----SHD---- C:\WINDOWS\Installer
2009-12-26 18:19:21 ----HD---- C:\Config.Msi
2009-12-26 18:16:36 ----D---- C:\WINDOWS\system32\drivers
2009-12-26 18:16:35 ----HD---- C:\WINDOWS\inf
2009-12-26 18:16:10 ----D---- C:\Program Files\Common Files
2009-12-25 17:20:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 03:09:50 ----D---- C:\WINDOWS\system32\dllcache
2009-12-25 03:08:24 ----A---- C:\WINDOWS\win.ini
2009-12-25 03:05:16 ----A---- C:\WINDOWS\imsins.BAK
2009-12-24 13:42:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-24 03:33:11 ----D---- C:\Program Files\Internet Explorer
2009-12-24 03:16:23 ----D---- C:\WINDOWS\WinSxS
2009-12-24 03:12:16 ----D---- C:\Program Files\Outlook Express
2009-12-24 03:11:49 ----D---- C:\WINDOWS\system32\en-US
2009-12-24 03:11:36 ----D---- C:\WINDOWS\ie7updates
2009-12-24 03:08:58 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 03:08:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 20:26:04 ----D---- C:\WINDOWS\Downloaded Program Files
2009-12-23 20:11:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 19:28:17 ----D---- C:\WINDOWS\Debug
2009-12-23 19:07:09 ----D---- C:\WINDOWS\Help
2009-12-23 19:01:50 ----D---- C:\WINDOWS\system32\wbem
2009-12-23 19:01:49 ----D---- C:\WINDOWS\AppPatch
2009-12-23 19:00:24 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 06 January 2010 - 10:20 PM

Do you have the other logs aswell?

unite.jpg


#6 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 07 January 2010 - 06:47 PM

thats the only log that pops up when i hit the link and press continue, and for the gmer i've tried running it 3 times and my computer crashes everytime so im sorry, im going to try again now

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 07 January 2010 - 06:52 PM

The other Rsit log info.txt should be in this folder c:\rsit, as for Gmer you can try running it in safe mode.

unite.jpg


#8 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 08 January 2010 - 12:44 AM

here is the first half of gmer

Attached Files

  • Attached File  gmer.log   266.26KB   13 downloads


#9 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 08 January 2010 - 12:46 AM

here is the rist info text, i can't upload the rest of the gmer b/c it says its to large.

Attached Files

  • Attached File  info.txt   30.92KB   9 downloads


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 08 January 2010 - 01:14 AM

Ok don't worry about the rest of the Gmer log for now. You mentioned a program called spybot, this is a legitimate program but if you want to
stop it's popups you need to disable it's active protection TeaTimer by doing the following.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box

    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.

Then please post back here with the following logs:
  • MBAM results
  • mbr.log
  • New Rsit log
Thanks

unite.jpg


#11 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 08 January 2010 - 03:49 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3521
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/8/2010 3:45:09 PM
mbam-log-2010-01-08 (15-45-09).txt

Scan type: Quick Scan
Objects scanned: 131958
Time elapsed: 8 minute(s), 1 second(s)




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-01-08 15:48:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 75 GB (85%) free of 88 GB
Total RAM: 446 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:10 PM, on 1/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\21UJQZC9\RSIT[1].exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.snapfish.com/hp_Spring2006_icondesktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141611916968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 7154 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-09 77824]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-14 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e70366-1513-11dc-a803-0015f257ffc1}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e9d57a-a8bf-11da-a796-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-01-08 15:32:05 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2010-01-08 15:31:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-08 15:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 19:47:30 ----D---- C:\Program Files\trend micro
2010-01-06 19:47:28 ----D---- C:\rsit
2009-12-26 18:56:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Download Manager
2009-12-26 18:43:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
2009-12-26 18:23:53 ----D---- C:\Program Files\Linksys
2009-12-26 18:19:14 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-26 18:18:10 ----D---- C:\Program Files\Pure Networks
2009-12-26 18:17:27 ----D---- C:\Program Files\WebEx
2009-12-26 18:16:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 18:16:10 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-12-26 18:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-12-25 03:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-25 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-24 15:04:57 ----A---- C:\RootRepeal report 12-24-09 (15-04-57).txt
2009-12-24 03:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-24 03:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-24 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-24 03:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-24 03:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-24 03:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-24 03:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-24 03:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-24 03:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-24 03:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-24 03:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-24 03:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-24 03:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-24 03:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-24 03:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-24 03:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-24 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-24 03:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-24 03:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-24 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-24 03:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-24 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-24 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-24 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-24 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-24 03:04:11 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-24 03:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-24 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-24 03:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-24 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-24 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-24 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-24 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-23 19:28:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-23 19:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-23 19:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-23 19:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-23 19:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-23 19:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-12-23 19:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-23 19:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-12-23 18:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-23 18:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-23 18:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-23 18:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-12-23 18:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-23 18:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-23 18:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-23 18:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-23 18:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-12-23 18:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-23 18:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-23 18:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-23 18:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-12-23 18:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-23 18:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-12-23 18:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-23 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-23 18:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-23 18:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-23 18:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-23 18:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-12-23 18:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-23 18:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-23 18:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-23 18:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-12-23 18:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2010-01-08 15:47:36 ----D---- C:\WINDOWS\Temp
2010-01-08 15:46:02 ----D---- C:\WINDOWS\Prefetch
2010-01-08 15:31:58 ----D---- C:\WINDOWS\system32\drivers
2010-01-08 15:31:55 ----D---- C:\Program Files
2010-01-08 12:35:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-08 00:45:11 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 21:47:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 21:46:44 ----D---- C:\WINDOWS\system32
2010-01-03 22:15:49 ----D---- C:\WINDOWS
2009-12-26 18:19:22 ----SHD---- C:\WINDOWS\Installer
2009-12-26 18:19:21 ----HD---- C:\Config.Msi
2009-12-26 18:16:35 ----HD---- C:\WINDOWS\inf
2009-12-26 18:16:10 ----D---- C:\Program Files\Common Files
2009-12-25 17:20:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 03:09:50 ----D---- C:\WINDOWS\system32\dllcache
2009-12-25 03:08:24 ----A---- C:\WINDOWS\win.ini
2009-12-25 03:05:16 ----A---- C:\WINDOWS\imsins.BAK
2009-12-24 13:42:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-24 03:33:11 ----D---- C:\Program Files\Internet Explorer
2009-12-24 03:16:23 ----D---- C:\WINDOWS\WinSxS
2009-12-24 03:12:16 ----D---- C:\Program Files\Outlook Express
2009-12-24 03:11:49 ----D---- C:\WINDOWS\system32\en-US
2009-12-24 03:11:36 ----D---- C:\WINDOWS\ie7updates
2009-12-24 03:08:58 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 03:08:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 20:26:04 ----D---- C:\WINDOWS\Downloaded Program Files
2009-12-23 20:11:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 19:28:17 ----D---- C:\WINDOWS\Debug
2009-12-23 19:07:09 ----D---- C:\WINDOWS\Help
2009-12-23 19:01:50 ----D---- C:\WINDOWS\system32\wbem
2009-12-23 19:01:49 ----D---- C:\WINDOWS\AppPatch
2009-12-23 19:00:24 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 mbr;mbr; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mbr.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


and btw, i will be leaving this weekend for my reserve military weekend. i'll be back on sunday night. Wanted to give you a heads up so your not waiting or checking for a reply. i'll continue following your instructions on sunday night. thank you


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 10 January 2010 - 02:29 AM

Hi,

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    mbr
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "PCDrProfiler"=-
    :Files
    C:\WINDOWS\tasks\Symantec NetDetect.job
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • OTM results
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#13 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 13 January 2010 - 10:36 PM

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named mbr was found to stop!
Unable to stop service mbr!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 109172 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 1089352103 bytes
->Temporary Internet Files folder emptied: 135104285 bytes
->Java cache emptied: 760182 bytes
->FireFox cache emptied: 46256421 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 4670160 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34734 bytes

User: novale
->Temp folder emptied: 10595217 bytes
->Temporary Internet Files folder emptied: 73370 bytes
->FireFox cache emptied: 7682843 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4055712 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 155681029 bytes

Total Files Cleaned = 1,387.00 mb


OTM by OldTimer - Version 3.1.5.0 log created on 01122010_181914

Files moved on Reboot...

Registry entries deleted on Reboot...


Wednesday, January 13, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, January 13, 2010 11:21:25
Records in database: 3305480
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 67526
Threats found 1
Infected objects found 2
Suspicious objects found 0
Scan duration 03:44:07

File name Threat Threats count
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
Selected area has been scanned.

#14 strepo

strepo
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 13 January 2010 - 10:37 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-01-13 22:36:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 74 GB (84%) free of 88 GB
Total RAM: 446 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:06 PM, on 1/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.snapfish.com/hp_Spring2006_icondesktop
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141611916968
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 7904 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-23 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-09 77824]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-14 180269]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-12 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-24 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e70366-1513-11dc-a803-0015f257ffc1}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-01-13 03:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 18:56:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-12 18:56:34 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-12 18:56:34 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-12 18:56:34 ----A---- C:\WINDOWS\system32\java.exe
2010-01-12 18:19:14 ----D---- C:\_OTM
2010-01-12 18:18:20 ----D---- C:\WINDOWS\ERDNT
2010-01-12 18:16:56 ----D---- C:\Program Files\ERUNT
2010-01-12 18:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2010-01-12 18:03:52 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2010-01-12 18:03:26 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2010-01-11 22:38:31 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\HPAppData
2010-01-11 22:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2010-01-11 22:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2010-01-11 22:04:55 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-01-11 22:04:29 ----A---- C:\WINDOWS\system32\hpzids01.dll
2010-01-11 22:04:20 ----A---- C:\WINDOWS\system32\hpovst14.dll
2010-01-11 22:04:20 ----A---- C:\WINDOWS\system32\hpotiop6.dll
2010-01-11 22:04:19 ----A---- C:\WINDOWS\system32\hppldcoi.dll
2010-01-11 22:04:19 ----A---- C:\WINDOWS\system32\hpowiax8.dll
2010-01-11 22:04:19 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-01-08 15:32:05 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2010-01-08 15:31:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-08 15:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 19:47:30 ----D---- C:\Program Files\trend micro
2010-01-06 19:47:28 ----D---- C:\rsit
2009-12-26 18:56:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Download Manager
2009-12-26 18:43:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
2009-12-26 18:23:53 ----D---- C:\Program Files\Linksys
2009-12-26 18:19:14 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-26 18:18:10 ----D---- C:\Program Files\Pure Networks
2009-12-26 18:17:27 ----D---- C:\Program Files\WebEx
2009-12-26 18:16:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 18:16:10 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-12-26 18:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-12-25 03:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-25 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-24 15:04:57 ----A---- C:\RootRepeal report 12-24-09 (15-04-57).txt
2009-12-24 03:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-24 03:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-24 03:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-24 03:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-24 03:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-24 03:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-24 03:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-24 03:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-24 03:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-24 03:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-24 03:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-24 03:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-24 03:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-24 03:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-24 03:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-24 03:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-24 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-24 03:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-24 03:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-24 03:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-24 03:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-24 03:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-24 03:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-24 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-24 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-24 03:04:11 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-24 03:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-24 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-24 03:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-24 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-24 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-24 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-24 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-23 19:28:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-23 19:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-23 19:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-23 19:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-23 19:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-23 19:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-12-23 19:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-23 19:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-12-23 18:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-23 18:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-23 18:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-23 18:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-12-23 18:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-23 18:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-23 18:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-23 18:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-23 18:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-12-23 18:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-23 18:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-23 18:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-23 18:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-12-23 18:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-23 18:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-12-23 18:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-12-23 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-23 18:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-12-23 18:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-23 18:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-23 18:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-12-23 18:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-23 18:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-23 18:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-23 18:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-12-23 18:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2010-01-13 22:37:06 ----D---- C:\WINDOWS\Prefetch
2010-01-13 22:36:51 ----D---- C:\WINDOWS\Temp
2010-01-13 07:13:57 ----D---- C:\Program Files\Mozilla Firefox
2010-01-13 07:02:54 ----D---- C:\WINDOWS
2010-01-13 03:22:35 ----D---- C:\WINDOWS\AppPatch
2010-01-13 03:22:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 03:21:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 03:06:10 ----HD---- C:\WINDOWS\inf
2010-01-13 03:06:02 ----D---- C:\WINDOWS\system32\dllcache
2010-01-13 03:06:00 ----D---- C:\WINDOWS\system32
2010-01-13 03:05:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 03:05:45 ----SHD---- C:\WINDOWS\Installer
2010-01-13 03:05:45 ----HD---- C:\Config.Msi
2010-01-13 03:04:39 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 18:55:04 ----D---- C:\Program Files\Java
2010-01-12 18:42:09 ----D---- C:\WINDOWS\WinSxS
2010-01-12 18:19:16 ----D---- C:\WINDOWS\Tasks
2010-01-12 18:16:56 ----D---- C:\Program Files
2010-01-12 18:04:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\HP
2010-01-12 18:04:24 ----A---- C:\WINDOWS\win.ini
2010-01-12 18:04:12 ----D---- C:\WINDOWS\system32\drivers
2010-01-12 18:03:52 ----D---- C:\WINDOWS\system32\FxsTmp
2010-01-12 18:03:13 ----D---- C:\WINDOWS\twain_32
2010-01-12 01:17:37 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-11 22:04:55 ----D---- C:\Program Files\Common Files
2010-01-04 19:17:46 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-12-25 17:20:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-24 03:33:11 ----D---- C:\Program Files\Internet Explorer
2009-12-24 03:12:16 ----D---- C:\Program Files\Outlook Express
2009-12-24 03:11:49 ----D---- C:\WINDOWS\system32\en-US
2009-12-24 03:11:36 ----D---- C:\WINDOWS\ie7updates
2009-12-24 03:08:58 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 03:08:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 20:26:04 ----D---- C:\WINDOWS\Downloaded Program Files
2009-12-23 19:28:17 ----D---- C:\WINDOWS\Debug
2009-12-23 19:07:09 ----D---- C:\WINDOWS\Help
2009-12-23 19:01:50 ----D---- C:\WINDOWS\system32\wbem
2009-12-23 19:00:24 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-08 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:56 AM

Posted 13 January 2010 - 10:49 PM

Your logs look fine, are you having any problems?

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users