Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot update Avira, Spybot S&D, or SuperAntiSpyware


  • This topic is locked This topic is locked
39 replies to this topic

#1 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 29 January 2010 - 04:45 PM

This pc was infected with mywebsearch, some other file definition that ended with "silly_im," and a rootkit. I used Norton AV (on aonther pc), SuperAntiSpyware and Avira personal addition to remove them. One file that was singled out by Norton did not want to be deleted, sysmgmt.exe so I booted it on another pc and manually removed it. After removal, I still cannot download updates to the programs. Even uninstalling and reinstalling did not help with the update problem. Here are the logs.

Thanks for your reply.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 13:30:11.76 on Fri 01/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.72 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Utility\Dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - blank
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [<NO NAME>]
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Service Manager.norun
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0C02B371-5723-416F-B297-D4B44E181871} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/07prepinstall.cab
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c2/v16.594/qboax9.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230051846750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230051824218
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c2/v16.634/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.inquiero.com/inquiero/mod/setup/ntractivex118_24.cab
DPF: {F1AB1375-2446-4EE8-95A4-10F9DD3B2744} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/06prepinstall.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ownerm~1.000\applic~1\mozilla\firefox\profiles\o9wj7b6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\owner.marty.000\application data\mozilla\firefox\profiles\o9wj7b6t.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-29 11608]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 56816]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S4 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]

=============== Created Last 30 ================

2010-01-29 21:23:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 21:23:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-29 20:15:58 0 d-----w- c:\program files\Avira
2010-01-29 20:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-29 18:31:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-29 18:31:21 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 18:31:21 0 d-----w- c:\docume~1\ownerm~1.000\applic~1\SUPERAntiSpyware.com
2010-01-28 22:06:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 22:03:07 0 d-----w- C:\Avira
2010-01-15 22:51:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-15 22:22:24 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-15 22:22:24 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-15 22:22:24 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-15 22:22:23 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-15 22:22:23 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-01-15 22:21:04 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-01-15 22:21:04 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-15 22:21:04 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-15 22:21:04 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-15 22:19:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-15 22:19:47 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-15 22:16:34 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-15 22:16:34 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-15 22:16:22 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-15 22:16:22 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-15 22:16:17 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
2010-01-15 22:16:17 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-01-15 22:16:17 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-01-15 22:16:17 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-15 22:15:58 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-15 22:15:58 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-15 22:15:34 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-15 22:15:34 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-15 22:15:28 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-15 22:15:28 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-15 22:15:22 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-15 22:15:22 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-15 22:01:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-15 21:52:08 0 d-----w- c:\program files\tbh
2010-01-15 21:50:30 0 d-----r- c:\program files\Skype
2010-01-07 22:44:34 4194304 ----a-w- c:\windows\system32\cdintf400.dll

==================== Find3M ====================

2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-01-29 21:17:02 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-01-29 21:17:02 257458 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

============= FINISH: 13:30:44.18 ===============



Attached Files


Edited by polskamachina, 29 January 2010 - 04:56 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 07 February 2010 - 05:43 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 08 February 2010 - 07:44 PM

Thank you for your reply. I have since noticed that Windows Update is not working either. In summary, SuperAntiSpyware, Malwarebytes, Avira personal edition, and Windows Update will not download any of their updates. I have no trouble browsing with Firefox and IE. I have posted and attached the logs you requested.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:06:43.95 on Mon 02/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.186 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\csifcsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Utility\Dds\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - blank
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min /ns
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Service Manager.norun
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0C02B371-5723-416F-B297-D4B44E181871} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/07prepinstall.cab
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c2/v16.594/qboax9.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265401671984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265401663796
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c2/v16.634/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://na.inquiero.com/inquiero/mod/setup/ntractivex118_24.cab
DPF: {F1AB1375-2446-4EE8-95A4-10F9DD3B2744} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/06prepinstall.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ownerm~1.000\applic~1\mozilla\firefox\profiles\o9wj7b6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\owner.marty.000\application data\mozilla\firefox\profiles\o9wj7b6t.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-29 11608]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-29 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 56816]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S4 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]

=============== Created Last 30 ================

2010-02-06 19:07:24 0 d-----w- c:\windows\setup.pss
2010-02-06 18:34:11 98816 ----a-w- c:\windows\sed.exe
2010-02-06 18:34:11 77312 ----a-w- c:\windows\MBR.exe
2010-02-06 18:34:11 261632 ----a-w- c:\windows\PEV.exe
2010-02-06 18:34:11 161792 ----a-w- c:\windows\SWREG.exe
2010-02-05 20:29:12 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-02-02 18:34:24 0 d-----w- c:\program files\trend micro
2010-02-01 21:23:23 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 21:23:20 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 21:23:16 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 21:23:12 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 21:23:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 21:23:02 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 21:21:59 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-02-01 21:20:58 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-01 21:19:59 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-01 21:18:58 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-01 21:17:59 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-02-01 21:16:57 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-01 21:15:58 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-02-01 21:14:57 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-01 21:13:58 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-02-01 21:12:57 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2010-02-01 21:11:59 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-01 21:10:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-02-01 21:09:59 61056 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-02-01 21:08:58 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-02-01 21:07:50 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-01 21:06:59 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-02-01 21:05:56 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-01 21:04:53 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-02-01 21:03:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-02-01 21:02:59 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-01 21:01:58 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-02-01 21:00:58 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-02-01 20:59:58 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-02-01 20:58:59 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-01 20:57:57 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-01 20:56:59 37568 -c--a-w- c:\windows\system32\dllcache\avmwan.sys
2010-02-01 20:55:58 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2010-01-30 00:08:36 0 d-----w- c:\docume~1\ownerm~1.000\applic~1\Malwarebytes
2010-01-30 00:08:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:08:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:08:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-30 00:08:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 21:23:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 21:23:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-29 20:15:58 0 d-----w- c:\program files\Avira
2010-01-29 20:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-29 18:31:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-29 18:31:21 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 18:31:21 0 d-----w- c:\docume~1\ownerm~1.000\applic~1\SUPERAntiSpyware.com
2010-01-28 22:06:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 22:03:07 0 d-----w- C:\Avira
2010-01-15 22:51:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-15 22:22:24 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-15 22:22:24 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-15 22:22:24 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-15 22:22:23 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-15 22:22:23 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-01-15 22:21:04 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-01-15 22:21:04 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-15 22:21:04 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-15 22:21:04 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-15 22:19:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-15 22:19:47 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-15 22:16:34 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-15 22:16:34 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-15 22:16:22 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-15 22:16:22 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-15 22:16:17 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
2010-01-15 22:16:17 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-01-15 22:16:17 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-01-15 22:16:17 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-15 22:15:58 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-15 22:15:58 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-15 22:15:34 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-15 22:15:34 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-15 22:15:28 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-15 22:15:28 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-15 22:15:22 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-15 22:15:22 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-15 22:01:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-15 21:52:08 0 d-----w- c:\program files\tbh
2010-01-15 21:50:30 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-08 20:47:32 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-08 20:47:32 257458 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

============= FINISH: 15:06:56.09 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 16:39:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\OWNERM~1.000\LOCALS~1\Temp\fgldypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xEFAE46EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xEFED5FD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xEFAE540B]
SSDT F8D417CC ZwCreateThread
SSDT F8D417DB ZwDeleteKey
SSDT F8D417E5 ZwDeleteValueKey
SSDT F8D417EA ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xEFAE575C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xEFAE464E]
SSDT F8D417B8 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xEFAE5130]
SSDT F8D417BD ZwOpenThread
SSDT F8D417F4 ZwReplaceKey
SSDT F8D417EF ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xEFED5662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xEFAE5538]
SSDT F8D417E0 ZwSetValueKey
SSDT F8D417C7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \FileSystem\Fastfat \Fat EE68CC8A

AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 09 February 2010 - 05:02 AM

Hello polskamachina,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 09 February 2010 - 03:28 PM

When ComboFix asked me to download the recovery console, it said I was not connected to the internet even though I was. So this is just the same problem of not being able to update any programs. ComboFix ran anyway and this is the report:

ComboFix 10-02-05.04 - Owner 02/09/2010 12:07:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.209 [GMT -8:00]
Running from: c:\utility\Combifix\pie.com
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 19:17 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-09 19:17 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-09 19:17 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-09 19:17 . 2010-02-09 19:17 -------- d-----w- c:\program files\Avira
2010-02-09 19:17 . 2010-02-09 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- C:\rsit
2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- c:\program files\trend micro
2010-02-01 21:23 . 2004-08-04 08:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 21:23 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 21:23 . 2001-08-18 06:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 21:23 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 21:23 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 21:23 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 21:21 . 2004-08-04 06:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-02-01 21:20 . 2001-08-17 21:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-01 21:19 . 2001-08-18 06:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-01 21:18 . 2001-08-17 20:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-01 21:17 . 2001-08-17 21:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-02-01 21:16 . 2001-08-17 20:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-01 21:15 . 2004-08-04 06:41 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-02-01 21:14 . 2001-08-17 20:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-01 21:13 . 2001-08-17 22:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-02-01 21:12 . 2004-08-04 06:41 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2010-02-01 21:11 . 2004-08-04 08:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-01 21:10 . 2001-08-17 20:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-02-01 21:09 . 2004-08-04 07:10 61056 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-02-01 21:08 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-02-01 21:07 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-01 21:06 . 2001-08-18 06:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-02-01 21:05 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-01 21:04 . 2004-08-04 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-02-01 21:03 . 2004-08-04 06:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-02-01 21:02 . 2001-08-18 06:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-01 21:01 . 2001-08-17 20:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-02-01 21:00 . 2001-08-18 06:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-02-01 20:59 . 2001-08-17 20:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-02-01 20:58 . 2001-08-17 20:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-01 20:57 . 2004-08-04 07:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-01 20:56 . 2001-08-17 20:19 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2010-02-01 20:55 . 2004-08-04 08:56 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 21:23 . 2010-01-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-29 21:23 . 2010-01-29 21:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 18:31 . 2010-01-29 18:31 52224 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 18:31 . 2010-01-29 18:32 117760 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com
2010-01-29 18:15 . 2010-01-29 18:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-28 22:06 . 2009-11-25 19:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 22:03 . 2010-02-09 19:05 -------- d-----w- C:\Avira
2010-01-15 22:57 . 2010-01-15 22:57 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\LogiShrd
2010-01-15 22:23 . 2010-01-15 22:23 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Leadertech
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-15 22:22 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-15 22:22 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-15 22:21 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-15 22:21 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-15 22:21 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-15 22:19 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-15 22:15 . 2004-08-04 07:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-15 22:15 . 2004-08-04 07:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-15 22:14 . 2004-08-04 08:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 07:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-15 22:14 . 2004-08-04 07:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-01-15 22:01 . 2010-01-15 22:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-15 22:01 . 2010-01-27 17:14 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\skypePM
2010-01-15 21:53 . 2010-01-28 19:20 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Skype
2010-01-15 21:52 . 2010-01-15 21:52 -------- d-----w- c:\program files\tbh
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\program files\Common Files\Skype
2010-01-15 21:50 . 2010-01-15 21:51 -------- d-----r- c:\program files\Skype
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-09 20:14 . 2007-12-11 20:12 257458 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-02-05 20:18 . 2008-11-10 22:46 15132 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-02-03 19:29 . 2008-11-11 18:05 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-02-03 19:29 . 2008-11-11 18:05 1337608 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-02-02 18:36 . 2008-12-30 05:13 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Apple Computer
2010-01-29 18:10 . 2007-02-16 21:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 22:01 . 2007-12-11 18:06 -------- d-----w- c:\program files\CA
2010-01-28 18:00 . 2010-01-15 22:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-28 18:00 . 2010-01-15 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-22 19:50 . 2006-12-07 21:16 32760 ----a-w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:14 . 2006-12-08 18:57 -------- d-----w- c:\program files\06WebSetup
2010-01-16 21:09 . 2006-12-08 18:51 -------- d-----w- c:\program files\Common Files\Lacerte Shared
2010-01-15 22:24 . 2007-12-06 19:51 -------- d-----w- c:\program files\Logitech
2010-01-15 22:22 . 2007-12-06 19:51 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-15 22:17 . 2007-12-06 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-11 23:42 . 2006-12-07 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 16:39 . 2009-08-12 15:33 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-12-29 16:39 . 2009-08-12 15:33 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\program files\iTunes
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 21:38 . 2009-12-28 21:38 -------- d-----w- c:\program files\iPod
2009-12-28 21:38 . 2008-12-30 05:04 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 21:38 . 2007-01-03 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 21:23 . 2009-12-28 21:23 -------- d-----w- c:\program files\Bonjour
2009-12-28 21:13 . 2007-01-03 01:12 -------- d-----w- c:\program files\QuickTime
2009-12-28 20:50 . 2009-12-28 20:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-28 20:42 . 2009-12-28 20:42 -------- d-----w- c:\program files\Safari
2009-12-28 20:37 . 2009-12-28 20:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-18 21:15 . 2008-11-11 18:05 869664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-06_18.46.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-09 19:17 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2010-01-29 20:15 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-02-09 492840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-10-28 1085704]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-06-19 54472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-2-16 629248]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-6 784912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-10 984352]
Service Manager.norun [2007-1-4 1908]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 22:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UmxPol"=2 (0x2)
"UmxFwHlp"=2 (0x2)
"UmxCfg"=2 (0x2)
"UmxAgent"=2 (0x2)
"ITMRTSVC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 6:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 6:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/9/2010 11:17 AM 108289]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 6:08 PM 66576]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 6:08 PM 88816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S4 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]
S4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 8:23 AM 1010192]
S4 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 8:39 AM 801296]
S4 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 6:10 PM 281104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-12-07 01:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {0C02B371-5723-416F-B297-D4B44E181871} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/07prepinstall.cab
DPF: {F1AB1375-2446-4EE8-95A4-10F9DD3B2744} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/06prepinstall.cab
FF - ProfilePath - c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 12:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1897051121-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(5568)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\csifcsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\LiveUpdate\AUpdate.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2010-02-09 12:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 20:21
ComboFix2.txt 2010-02-06 18:52

Pre-Run: 51,570,241,536 bytes free
Post-Run: 51,538,886,656 bytes free

- - End Of File - - FD0A66BE562ECDA0883BD7661EAA7B80


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 09 February 2010 - 03:41 PM

Please post me also c:\qoobox\combofix2.txt (it appears you ran Combofix two times).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 09 February 2010 - 04:01 PM

Here is the combofix2.txt

Thanks for your reply.

ComboFix 10-02-05.04 - Owner 02/06/2010 10:37:00.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.219 [GMT -8:00]
Running from: c:\utility\Combifix\pie.com
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\bszip.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- C:\rsit
2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- c:\program files\trend micro
2010-02-01 21:23 . 2004-08-04 08:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 21:23 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 21:23 . 2001-08-18 06:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 21:23 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 21:23 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 21:23 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 21:21 . 2004-08-04 06:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-02-01 21:20 . 2001-08-17 21:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-01 21:19 . 2001-08-18 06:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-01 21:18 . 2001-08-17 20:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-01 21:17 . 2001-08-17 21:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-02-01 21:16 . 2001-08-17 20:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-01 21:15 . 2004-08-04 06:41 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-02-01 21:14 . 2001-08-17 20:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-01 21:13 . 2001-08-17 22:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-02-01 21:12 . 2004-08-04 06:41 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2010-02-01 21:11 . 2004-08-04 08:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-01 21:10 . 2001-08-17 20:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-02-01 21:09 . 2004-08-04 07:10 61056 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-02-01 21:08 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-02-01 21:07 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-01 21:06 . 2001-08-18 06:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-02-01 21:05 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-01 21:04 . 2004-08-04 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-02-01 21:03 . 2004-08-04 06:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-02-01 21:02 . 2001-08-18 06:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-01 21:01 . 2001-08-17 20:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-02-01 21:00 . 2001-08-18 06:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-02-01 20:59 . 2001-08-17 20:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-02-01 20:58 . 2001-08-17 20:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-01 20:57 . 2004-08-04 07:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-01 20:56 . 2001-08-17 20:19 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2010-02-01 20:55 . 2004-08-04 08:56 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 21:23 . 2010-01-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-29 21:23 . 2010-01-29 21:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 20:16 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-29 20:16 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-29 20:16 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-29 20:15 . 2010-01-29 20:15 -------- d-----w- c:\program files\Avira
2010-01-29 20:15 . 2010-01-29 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-29 18:31 . 2010-01-29 18:31 52224 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 18:31 . 2010-01-29 18:32 117760 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com
2010-01-29 18:15 . 2010-01-29 18:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-28 22:06 . 2009-11-25 19:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 22:03 . 2010-01-29 20:54 -------- d-----w- C:\Avira
2010-01-15 22:57 . 2010-01-15 22:57 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\LogiShrd
2010-01-15 22:23 . 2010-01-15 22:23 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Leadertech
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-15 22:22 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-15 22:22 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-15 22:21 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-15 22:21 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-15 22:21 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-15 22:19 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-15 22:15 . 2004-08-04 07:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-15 22:15 . 2004-08-04 07:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-15 22:14 . 2004-08-04 08:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 07:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-15 22:14 . 2004-08-04 07:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-01-15 22:01 . 2010-01-15 22:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-15 22:01 . 2010-01-27 17:14 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\skypePM
2010-01-15 21:53 . 2010-01-28 19:20 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Skype
2010-01-15 21:52 . 2010-01-15 21:52 -------- d-----w- c:\program files\tbh
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\program files\Common Files\Skype
2010-01-15 21:50 . 2010-01-15 21:51 -------- d-----r- c:\program files\Skype
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-07 22:44 . 2009-06-22 17:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-06 18:44 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-06 18:44 . 2007-12-11 20:12 257458 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-02-05 20:18 . 2008-11-10 22:46 15132 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-02-03 19:29 . 2008-11-11 18:05 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-02-03 19:29 . 2008-11-11 18:05 1337608 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-02-02 18:36 . 2008-12-30 05:13 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Apple Computer
2010-01-29 18:10 . 2007-02-16 21:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 22:01 . 2007-12-11 18:06 -------- d-----w- c:\program files\CA
2010-01-28 18:00 . 2010-01-15 22:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-28 18:00 . 2010-01-15 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-22 19:50 . 2006-12-07 21:16 32760 ----a-w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:14 . 2006-12-08 18:57 -------- d-----w- c:\program files\06WebSetup
2010-01-16 21:09 . 2006-12-08 18:51 -------- d-----w- c:\program files\Common Files\Lacerte Shared
2010-01-15 22:24 . 2007-12-06 19:51 -------- d-----w- c:\program files\Logitech
2010-01-15 22:22 . 2007-12-06 19:51 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-15 22:17 . 2007-12-06 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-11 23:42 . 2006-12-07 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 16:39 . 2009-08-12 15:33 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-12-29 16:39 . 2009-08-12 15:33 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\program files\iTunes
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 21:38 . 2009-12-28 21:38 -------- d-----w- c:\program files\iPod
2009-12-28 21:38 . 2008-12-30 05:04 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 21:38 . 2007-01-03 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 21:23 . 2009-12-28 21:23 -------- d-----w- c:\program files\Bonjour
2009-12-28 21:13 . 2007-01-03 01:12 -------- d-----w- c:\program files\QuickTime
2009-12-28 20:50 . 2009-12-28 20:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-28 20:42 . 2009-12-28 20:42 -------- d-----w- c:\program files\Safari
2009-12-28 20:37 . 2009-12-28 20:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-18 21:15 . 2008-11-11 18:05 869664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-02-06 492840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-10-28 1085704]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-06-19 54472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-2-16 629248]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-6 784912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-10 984352]
Service Manager.norun [2007-1-4 1908]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 22:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 6:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 6:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/29/2010 12:15 PM 108289]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 6:08 PM 66576]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 8:23 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 8:39 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 6:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 6:08 PM 88816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S4 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-12-07 01:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {0C02B371-5723-416F-B297-D4B44E181871} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/07prepinstall.cab
DPF: {F1AB1375-2446-4EE8-95A4-10F9DD3B2744} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/06prepinstall.cab
FF - ProfilePath - c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 10:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3336)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\csifcsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec\LiveUpdate\AUpdate.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-06 10:52:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 18:51

Pre-Run: 51,407,155,200 bytes free
Post-Run: 51,601,387,520 bytes free

- - End Of File - - 0C0FF83C0F19AF59F4A05083DAF97DE9


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 09 February 2010 - 04:14 PM

Okay, lets install the Recovery Console next...

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.





  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 09 February 2010 - 04:30 PM

I dragged the MS downloaded program onto the combofix program. ComboFix ran and came up with this message, "Were you trying to run CFScript? The name, CFScript appears to be incorrectly spelt" My only choice is, "OK," or x out of the dialog box. Do I respond with ok?

#10 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 09 February 2010 - 05:44 PM

I re-downloaded ComboFix from the link you provided and that corrected the error that was popping up. The recovery console was installed and here is the log:

ComboFix 10-02-09.02 - Owner 02/09/2010 14:28:36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.138 [GMT -8:00]
Running from: c:\documents and settings\Owner.MARTY.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.MARTY.000\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 19:17 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-09 19:17 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-09 19:17 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-09 19:17 . 2010-02-09 19:17 -------- d-----w- c:\program files\Avira
2010-02-09 19:17 . 2010-02-09 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- C:\rsit
2010-02-02 18:34 . 2010-02-02 18:34 -------- d-----w- c:\program files\trend micro
2010-02-01 21:23 . 2004-08-04 08:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-01 21:23 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-01 21:23 . 2001-08-18 06:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-01 21:23 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-01 21:23 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-01 21:23 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-01 21:21 . 2004-08-04 06:29 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys
2010-02-01 21:20 . 2001-08-17 21:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-01 21:19 . 2001-08-18 06:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-01 21:18 . 2001-08-17 20:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-01 21:17 . 2001-08-17 21:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2010-02-01 21:16 . 2001-08-17 20:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-01 21:15 . 2004-08-04 06:41 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-02-01 21:14 . 2001-08-17 20:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-01 21:13 . 2001-08-17 22:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-02-01 21:12 . 2004-08-04 06:41 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2010-02-01 21:11 . 2004-08-04 08:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-01 21:10 . 2001-08-17 20:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2010-02-01 21:09 . 2004-08-04 07:10 61056 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-02-01 21:08 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-02-01 21:07 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-01 21:06 . 2001-08-18 06:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-02-01 21:05 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-01 21:04 . 2004-08-04 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-02-01 21:03 . 2004-08-04 06:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-02-01 21:02 . 2001-08-18 06:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-01 21:01 . 2001-08-17 20:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-02-01 21:00 . 2001-08-18 06:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-02-01 20:59 . 2001-08-17 20:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-02-01 20:58 . 2001-08-17 20:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-01 20:57 . 2004-08-04 07:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-01 20:56 . 2001-08-17 20:19 36992 -c--a-w- c:\windows\system32\dllcache\aztw2320.sys
2010-02-01 20:55 . 2004-08-04 08:56 3967 -c--a-w- c:\windows\system32\dllcache\adv02nt5.dll
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:08 . 2010-01-30 00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 21:23 . 2010-01-29 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-29 21:23 . 2010-01-29 21:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-29 18:31 . 2010-01-29 18:31 52224 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-29 18:31 . 2010-01-29 18:32 117760 ----a-w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-29 18:31 . 2010-01-29 18:31 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\SUPERAntiSpyware.com
2010-01-29 18:15 . 2010-01-29 18:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-28 22:06 . 2009-11-25 19:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 22:03 . 2010-02-09 19:05 -------- d-----w- C:\Avira
2010-01-15 22:57 . 2010-01-15 22:57 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\LogiShrd
2010-01-15 22:23 . 2010-01-15 22:23 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Leadertech
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-15 22:22 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-15 22:22 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-15 22:22 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-15 22:21 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-15 22:21 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-15 22:21 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-15 22:19 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-15 22:16 . 2004-08-04 06:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-15 22:16 . 2004-08-04 07:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-01-15 22:16 . 2004-08-04 07:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-15 22:15 . 2004-08-04 07:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-15 22:15 . 2004-08-04 07:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-01-15 22:15 . 2004-08-04 07:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-15 22:15 . 2004-08-04 07:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-01-15 22:15 . 2004-08-04 07:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-15 22:14 . 2004-08-04 07:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-15 22:14 . 2004-08-04 08:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-15 22:14 . 2004-08-04 07:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-15 22:14 . 2004-08-04 07:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-01-15 22:01 . 2010-01-15 22:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-15 22:01 . 2010-01-27 17:14 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\skypePM
2010-01-15 21:53 . 2010-01-28 19:20 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Skype
2010-01-15 21:52 . 2010-01-15 21:52 -------- d-----w- c:\program files\tbh
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\program files\Common Files\Skype
2010-01-15 21:50 . 2010-01-15 21:51 -------- d-----r- c:\program files\Skype
2010-01-15 21:50 . 2010-01-15 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-09 20:14 . 2007-12-11 20:12 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-09 20:14 . 2007-12-11 20:12 257458 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-02-05 20:18 . 2008-11-10 22:46 15132 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-02-03 19:29 . 2008-11-11 18:05 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-02-03 19:29 . 2008-11-11 18:05 1337608 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-02-02 18:36 . 2008-12-30 05:13 -------- d-----w- c:\documents and settings\Owner.MARTY.000\Application Data\Apple Computer
2010-01-29 18:10 . 2007-02-16 21:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-28 22:01 . 2007-12-11 18:06 -------- d-----w- c:\program files\CA
2010-01-28 18:00 . 2010-01-15 22:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-28 18:00 . 2010-01-15 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-22 19:50 . 2006-12-07 21:16 32760 ----a-w- c:\documents and settings\Owner.MARTY.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 21:14 . 2006-12-08 18:57 -------- d-----w- c:\program files\06WebSetup
2010-01-16 21:09 . 2006-12-08 18:51 -------- d-----w- c:\program files\Common Files\Lacerte Shared
2010-01-15 22:24 . 2007-12-06 19:51 -------- d-----w- c:\program files\Logitech
2010-01-15 22:22 . 2007-12-06 19:51 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-15 22:17 . 2007-12-06 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-11 23:42 . 2006-12-07 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 16:39 . 2009-08-12 15:33 850736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-12-29 16:39 . 2009-08-12 15:33 2151728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\program files\iTunes
2009-12-28 21:39 . 2009-12-28 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 21:38 . 2009-12-28 21:38 -------- d-----w- c:\program files\iPod
2009-12-28 21:38 . 2008-12-30 05:04 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 21:38 . 2007-01-03 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 21:23 . 2009-12-28 21:23 -------- d-----w- c:\program files\Bonjour
2009-12-28 21:13 . 2007-01-03 01:12 -------- d-----w- c:\program files\QuickTime
2009-12-28 20:50 . 2009-12-28 20:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-28 20:42 . 2009-12-28 20:42 -------- d-----w- c:\program files\Safari
2009-12-28 20:37 . 2009-12-28 20:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-18 21:15 . 2008-11-11 18:05 869664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-06_18.46.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-09 19:17 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2010-01-29 20:15 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2010-02-09 20:15 . 2010-02-09 20:16 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2010-02-06 18:45 . 2010-02-06 18:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-02-09 492840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-10-28 1085704]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-06-19 54472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-2-16 629248]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-6 784912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-10 984352]
Service Manager.norun [2007-1-4 1908]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 22:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UmxPol"=2 (0x2)
"UmxFwHlp"=2 (0x2)
"UmxCfg"=2 (0x2)
"UmxAgent"=2 (0x2)
"ITMRTSVC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 6:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 6:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/9/2010 11:17 AM 108289]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 6:08 PM 66576]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 1:57 PM 70952]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 6:08 PM 88816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S4 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]
S4 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 8:23 AM 1010192]
S4 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 8:39 AM 801296]
S4 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 6:10 PM 281104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-12-07 01:17]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {0C02B371-5723-416F-B297-D4B44E181871} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/07prepinstall.cab
DPF: {F1AB1375-2446-4EE8-95A4-10F9DD3B2744} - hxxps://www.lacertesoftware.com/MyAccount/WebDownloads/bin/06prepinstall.cab
FF - ProfilePath - c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\Owner.MARTY.000\Application Data\Mozilla\Firefox\Profiles\o9wj7b6t.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 14:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1897051121-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1988)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-09 14:37:52
ComboFix-quarantined-files.txt 2010-02-09 22:37
ComboFix2.txt 2010-02-09 20:21
ComboFix3.txt 2010-02-06 18:52

Pre-Run: 51,534,770,176 bytes free
Post-Run: 51,521,314,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BE6FA49839A8F2FEB51C2F4A7F0CC5F9


#11 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 09 February 2010 - 06:02 PM

Not sure if this is of any help but this line in the ComboFix report:

S4 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]

which refers to CA Internet Security Suite, is no longer installed. It wasn't the smoothest of uninstalls either. But that's another story. The folder this references does not exist anymore. Since it once had something to do with the firewall, maybe it is part of the problem.

Thanks for your reply.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 10 February 2010 - 03:26 AM

You might be right about CA. Besides the service you pointed out, I see also some evidence in the GMER log.

According to information on Google, CA does not come with a proper uninstaller.

Best would be to download and install Revo Uninstaller and remove all leftovers from the program that way.

Let me know if you were able to do that and if that solves the problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 10 February 2010 - 02:01 PM

That Revo uninstaller found lots of leftover things in the CA Anti-Spyware and Firewall programs. I removed all the leftover registry keys and files and rebooted. Still won't update.

Thanks for your reply.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:42 PM

Posted 10 February 2010 - 02:58 PM

The most simple thing to do is to reinstall the applications that do not update (as mentioned, avira, mbam and sas).

As for windows update, lets try to fix this.
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program. Note - you might see an error message regarding Internet Explorer. Just ignore this and continue.
  • Press the green double checkmark box (Looks like this: )
  • UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:



  • Click on go
  • Exit/Close Dial-A-Fix

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 polskamachina

polskamachina
  • Topic Starter

  • Malware Response Team
  • 4,004 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 10 February 2010 - 03:46 PM

Still can't run Windows update. Here is the log:

12:18:37 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 8.0.6001.18702
MPC: 76477-OEM
CPU: Intel® Pentium® 4 CPU 2.80GHz (~2790MHz)
BIOS: 11/8/2004
Memory (approx): 509MB
Uptime: 1 hour(s)
Current directory: C:\Utility\Dial a fix\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---

2/10/2010 12:18:37 PM -- Dial-a-fix : [v0.60.0.24] -- started
12:18:37 PM | Policy scan started
12:18:37 PM | Policy scan ended - no restrictive policies were found
--- MSI ---
12:19:35 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
12:19:44 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
12:19:44 PM | Registered: C:\WINDOWS\system32\msxml.dll
12:19:45 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
12:19:45 PM | Registered: C:\WINDOWS\system32\msxml2.dll
12:19:52 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
12:19:52 PM | Registered: C:\WINDOWS\system32\msxml3.dll
12:19:53 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
12:19:53 PM | Registered: C:\WINDOWS\system32\msxml4.dll
12:19:53 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
12:19:53 PM | Registered: C:\WINDOWS\system32\qmgr.dll
12:19:53 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
12:19:53 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
12:19:53 PM | Unregistered: C:\WINDOWS\system32\muweb.dll
12:19:54 PM | Registered: C:\WINDOWS\system32\muweb.dll
12:19:54 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:19:54 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:19:54 PM | Registered: C:\WINDOWS\system32\wuapi.dll
12:19:54 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
12:19:55 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
12:19:55 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
12:19:55 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
12:19:55 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
12:19:55 PM | Registered: C:\WINDOWS\system32\wucltui.dll
12:19:55 PM | Unregistered: C:\WINDOWS\system32\wups.dll
12:19:55 PM | Registered: C:\WINDOWS\system32\wups.dll
12:19:55 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
12:19:56 PM | Registered: C:\WINDOWS\system32\wups2.dll
12:19:56 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
12:19:56 PM | Registered: C:\WINDOWS\system32\wuweb.dll
12:19:56 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
12:20:08 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
12:20:12 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
12:20:12 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
12:20:12 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
12:20:12 PM | Registered: C:\WINDOWS\system32\cryptui.dll
12:20:13 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
12:20:13 PM | Registered: C:\WINDOWS\system32\cryptext.dll
12:20:13 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
12:20:13 PM | Registered: C:\WINDOWS\system32\dssenh.dll
12:20:13 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
12:20:13 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
12:20:14 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
12:21:40 PM | Registered: C:\WINDOWS\system32\initpki.dll
12:21:40 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
12:21:40 PM | Registered: C:\WINDOWS\system32\licdll.dll
12:21:40 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
12:21:40 PM | Registered: C:\WINDOWS\system32\mssign32.dll
12:21:40 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
12:21:40 PM | Registered: C:\WINDOWS\system32\mssip32.dll
12:21:41 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
12:21:41 PM | Registered: C:\WINDOWS\system32\scardssp.dll
12:21:41 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
12:21:41 PM | Registered: C:\WINDOWS\system32\sccbase.dll
12:21:42 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
12:21:42 PM | Registered: C:\WINDOWS\system32\scecli.dll
12:21:42 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
12:21:42 PM | Registered: C:\WINDOWS\system32\softpub.dll
12:21:42 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
12:21:43 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
12:21:43 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
12:21:43 PM | Registered: C:\WINDOWS\system32\regwizc.dll
12:21:43 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
12:21:43 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
12:21:43 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:21:43 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:21:43 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
12:21:43 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
12:21:44 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
12:21:44 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
12:21:44 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
12:21:44 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
12:21:45 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
12:21:45 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
12:21:45 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
12:21:45 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
12:21:50 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
12:21:50 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
12:21:51 PM | Registered: C:\WINDOWS\system32\tdc.ocx
12:21:51 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
12:21:51 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
12:21:52 PM | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
12:21:52 PM | Registered: C:\WINDOWS\system32\appwiz.cpl
12:21:52 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
12:21:52 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
12:21:52 PM | Registered: C:\WINDOWS\system32\quartz.dll
12:21:53 PM | Registered: C:\WINDOWS\system32\danim.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\dmscript.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
12:21:54 PM | Registered: C:\WINDOWS\system32\atl.dll
12:21:54 PM | Registered: C:\WINDOWS\system32\corpol.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\jscript.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\dispex.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\scrrun.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\scrobj.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\vbscript.dll
12:21:55 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
12:21:56 PM | Registered: C:\WINDOWS\system32\activeds.dll
12:21:56 PM | Registered: C:\WINDOWS\system32\audiodev.dll
12:21:57 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
12:21:57 PM | Registered: C:\WINDOWS\system32\browseui.dll
12:21:57 PM | Registered: C:\WINDOWS\system32\browsewm.dll
12:21:58 PM | Registered: C:\WINDOWS\system32\cabview.dll
12:21:58 PM | Registered: C:\WINDOWS\system32\cdfview.dll
12:21:58 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
12:21:58 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
12:21:58 PM | Registered: C:\WINDOWS\system32\comcat.dll
12:21:59 PM | Registered: C:\WINDOWS\system32\cscui.dll
12:21:59 PM | Registered: C:\WINDOWS\system32\credui.dll
12:21:59 PM | Registered: C:\WINDOWS\system32\datime.dll
12:21:59 PM | Registered: C:\WINDOWS\system32\devmgr.dll
12:21:59 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
12:22:00 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
12:22:00 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dmloader.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dmocx.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dmview.ocx
12:22:01 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
12:22:01 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dsquery.dll
12:22:01 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
12:22:02 PM | Registered: C:\WINDOWS\system32\els.dll
12:22:02 PM | Registered: C:\WINDOWS\system32\es.dll
12:22:02 PM | Registered: C:\WINDOWS\system32\fontext.dll
12:22:02 PM | Registered: C:\WINDOWS\system32\hlink.dll
12:22:02 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
12:22:03 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
12:22:03 PM | Registered: C:\WINDOWS\system32\iepeers.dll
12:22:03 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:25:49 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
12:25:56 PM | Registered: C:\WINDOWS\system32\ils.dll
12:25:56 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:25:58 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
12:25:58 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
12:25:59 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:26:15 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
12:26:27 PM | Registered: C:\WINDOWS\system32\laprxy.dll
12:26:27 PM | Registered: C:\WINDOWS\system32\lmrt.dll
12:26:28 PM | Registered: C:\WINDOWS\system32\mlang.dll
12:26:28 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
12:26:29 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
12:26:29 PM | Registered: C:\WINDOWS\system32\mscoree.dll
12:26:29 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:26:52 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
12:28:32 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
12:28:32 PM | Registered: C:\WINDOWS\system32\msieftp.dll
12:28:32 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
12:28:32 PM | Registered: C:\WINDOWS\system32\msr2c.dll
12:28:32 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:28:45 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
12:28:45 PM | Registered: C:\WINDOWS\system32\mydocs.dll
12:28:45 PM | Registered: C:\WINDOWS\system32\mstime.dll
12:28:45 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
12:28:45 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
12:28:45 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
12:28:46 PM | Registered: C:\WINDOWS\system32\netman.dll
12:28:46 PM | Registered: C:\WINDOWS\system32\netshell.dll
12:28:46 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
12:28:46 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
12:28:46 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
12:28:46 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
12:28:47 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:28:57 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
12:29:00 PM | Registered: C:\WINDOWS\system32\ole32.dll
12:29:01 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
12:29:01 PM | Registered: C:\WINDOWS\system32\oleacc.dll
12:29:01 PM | Registered: C:\WINDOWS\system32\olepro32.dll
12:29:01 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
12:29:01 PM | Registered: C:\WINDOWS\system32\photowiz.dll
12:29:01 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:29:16 PM | Registered: C:\WINDOWS\system32\remotepg.dll
12:29:16 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
12:29:16 PM | Registered: C:\WINDOWS\system32\rshx32.dll
12:29:16 PM | Registered: C:\WINDOWS\system32\sendmail.dll
12:29:17 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
12:29:19 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
12:29:19 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
12:29:19 PM | Registered: C:\WINDOWS\system32\shell32.dll
12:29:23 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
12:29:24 PM | Registered: C:\WINDOWS\system32\shmedia.dll
12:29:24 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
12:29:24 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
12:29:24 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
12:29:24 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
12:29:24 PM | Registered: C:\WINDOWS\system32\srclient.dll
12:29:25 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
12:29:25 PM | Registered: C:\WINDOWS\system32\stobject.dll
12:29:25 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll
12:29:25 PM | Registered: C:\WINDOWS\system32\themeui.dll
12:29:26 PM | Registered: C:\WINDOWS\system32\twext.dll
12:29:27 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
12:29:27 PM | Registered: C:\WINDOWS\system32\urlmon.dll
12:29:27 PM | Registered: C:\WINDOWS\system32\userenv.dll
12:29:27 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
12:29:35 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
12:29:37 PM | Registered: C:\WINDOWS\system32\webvw.dll
12:29:37 PM | Registered: C:\WINDOWS\system32\winhttp.dll
12:29:37 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
12:29:37 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
12:29:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
12:29:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
12:29:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
12:29:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
12:29:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
12:29:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
12:29:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
12:29:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
12:29:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
12:29:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
12:29:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
12:29:41 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
12:29:41 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
12:29:41 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
12:29:42 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
12:29:43 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
12:29:43 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users