Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Packed.Win32.Katusha.j


  • This topic is locked This topic is locked
9 replies to this topic

#1 Ronit236

Ronit236

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 April 2010 - 10:38 AM

Kaspersky is the only one that finds this, I used MBAM to scan the computer, it found a few viruses which were detected and removed and I ran it a second time it came back with one more infection in the recovery folder but nothing on the third try. I'm sorry I don't have the log from MBAM however this is the only log I got from Kaspersky. No other AV software detects this Virus/Trojan. Any help will be greatly appreciated.



KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, April 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, April 03, 2010 21:52:44
Records in database: 3913933


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Objects scanned 154015
Threats found 1
Infected objects found 2
Suspicious objects found 0
Scan duration 20:26:46

File name Threat Threats count
C:\Documents and Settings\Administrator\Local Settings\Application Data\1632078083.dll Infected: Packed.Win32.Katusha.j 1

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0V8RMH6J\n002102801r0409J10000601R6fb97bd0Xdd6bf33fY96df8da6Z03002f3630dP000500070[1] Infected: Packed.Win32.Katusha.j 1

Selected area has been scanned.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:17 PM

Posted 05 April 2010 - 01:26 PM

Good evening., smile.gif

Please follow steps 6,7 and 8 here and post the results back into this thread.

Also, if you open MBAM and select the Logs Tab you should see the logs it has created. Each log has the time and date attached to it - let me have the one(s) that identified what you are referring to.

So long, and thanks for all the fish.

 

 


#3 Ronit236

Ronit236
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 April 2010 - 05:32 PM

I don't have any virtual drives on my computer. I tried running the GMER file according to instruction #8 but it freezes at: C:\Documents and Settings\Administrator\Application Data\Apple Computer\MobileSync\Backup\ebf63fea47bd3991feae5e0da65f1937217e5351.
Here's the log from step #6 and for some reason I'm unable to access MBAM after running GMER, my taskbar has frozen, I will try to upload those once I restart the system after coming back from the store. Thank you again for the help!
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 15:45:01.48 on Mon 04/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1390 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\Sminst\Recguard.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PTHOSTTR] c:\program files\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Grabber All - c:\program files\grabber\grabberall.htm
IE: &Grabber Image - c:\program files\grabber\grabber.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} - hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jt0x7psy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jt0x7psy.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-20 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-20 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-20 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-20 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-20 242696]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-10-25 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-4 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-20 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-20 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-20 26120]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-20 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-4 5888008]
S2 gupdate1cab23decc7d9b0;Google Update Service (gupdate1cab23decc7d9b0);c:\program files\google\update\GoogleUpdate.exe [2010-2-20 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys --> c:\windows\system32\drivers\cv2k1.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-04-05 13:48:26 0 d-sha-r- C:\cmdcons
2010-04-05 13:47:40 98816 ----a-w- c:\windows\sed.exe
2010-04-05 13:47:40 77312 ----a-w- c:\windows\MBR.exe
2010-04-05 13:47:40 261632 ----a-w- c:\windows\PEV.exe
2010-04-05 13:47:40 161792 ----a-w- c:\windows\SWREG.exe
2010-04-04 01:16:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-03 19:33:13 0 d-----w- C:\Songs
2010-04-02 13:44:30 0 d-----w- C:\Stuff from Desktop
2010-04-01 21:43:45 0 d-----w- C:\cabs
2010-04-01 14:44:39 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-04-01 14:44:35 0 d-----w- c:\program files\McAfee Security Scan
2010-03-31 23:01:41 0 d-----w- c:\docume~1\admini~1\applic~1\AskToolbar
2010-03-31 17:28:12 991232 ------w- c:\windows\system32\dllcache\ieframe.dll.mui
2010-03-31 17:28:12 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-03-31 17:28:12 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-31 17:28:12 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-31 17:28:12 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-31 17:28:12 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-03-31 17:28:12 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-31 17:28:12 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-03-31 17:28:12 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-31 17:17:31 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-30 21:33:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-30 21:33:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 21:08:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-30 21:08:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-30 21:08:28 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-03-30 21:07:31 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-30 20:59:13 0 d-----w- c:\docume~1\admini~1\applic~1\SuperNZB
2010-03-30 20:58:38 0 d-----w- c:\program files\SuperNZB
2010-03-30 20:28:56 69 ----a-w- c:\windows\NeroDigital.ini
2010-03-30 20:14:08 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-03-30 20:14:08 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-03-30 20:14:08 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-03-30 20:14:08 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-03-30 20:14:08 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-03-30 20:14:08 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-03-30 19:24:30 0 d-----w- c:\program files\Nero
2010-03-30 19:23:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-03-30 19:23:21 0 d-----w- c:\program files\Ask.com
2010-03-30 16:29:16 0 d-----w- c:\docume~1\admini~1\applic~1\HandBrake
2010-03-30 16:29:09 0 d-----w- c:\program files\Handbrake
2010-03-30 13:17:56 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-29 23:41:15 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage
2010-03-29 22:37:15 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-03-29 22:37:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:37:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 22:37:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-29 22:37:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 20:01:17 0 d-----w- c:\windows\system32\scripting
2010-03-29 20:01:16 0 d-----w- c:\windows\l2schemas
2010-03-29 20:01:15 0 d-----w- c:\windows\system32\en
2010-03-29 20:01:15 0 d-----w- c:\windows\system32\bits
2010-03-29 19:55:07 0 d-----w- c:\windows\network diagnostic
2010-03-29 19:37:02 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-03-29 19:02:43 32768 ------w- c:\windows\biwlanappxpver.dll
2010-03-29 19:02:28 0 d-----w- c:\docume~1\admini~1\applic~1\Intel
2010-03-29 19:02:19 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-29 19:00:41 0 d-----w- c:\program files\InterVideo
2010-03-29 19:00:26 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-29 18:59:14 656 ----a-w- c:\windows\system32\InstallUtil.InstallLog
2010-03-29 18:59:03 0 d-----w- c:\program files\Windows Media Connect
2010-03-29 18:58:28 0 d-----w- c:\program files\common files\SureThing Shared
2010-03-29 18:57:30 0 d-----w- c:\program files\Sonic
2010-03-29 18:57:27 0 d-----w- c:\program files\common files\Sonic Shared
2010-03-29 18:55:58 0 d-----w- c:\program files\Hp
2010-03-29 18:55:52 0 d-----w- c:\windows\Hewlett-Packard
2010-03-29 18:55:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Infineon
2010-03-29 18:55:06 0 d-----w- c:\docume~1\admini~1\applic~1\Infineon
2010-03-29 18:54:35 0 d-----w- c:\program files\ProtectTools
2010-03-29 18:52:21 6912056 ----a-w- c:\windows\HP Cityscape Wide.bmp
2010-03-29 18:49:37 344064 ----a-r- c:\windows\system32\msvcr70.dll
2010-03-29 18:42:43 32768 ------w- c:\windows\biwlandrvxpver.dll
2010-03-29 18:41:41 9728 ------w- c:\windows\HPNICVersion.dll
2010-03-29 18:41:25 0 d-----w- c:\program files\Broadcom
2010-03-29 18:40:50 0 d-----w- c:\docume~1\alluse~1\applic~1\hpqLog
2010-03-29 18:40:31 9728 ------w- c:\windows\HPModemVersion.dll
2010-03-29 18:40:13 0 d-----w- c:\windows\Options
2010-03-29 07:02:20 0 d-----w- C:\Backup
2010-03-29 06:58:25 0 d-----w- c:\windows\system32\NtmsData
2010-03-26 01:12:19 0 d-----w- c:\program files\REA
2010-03-25 19:20:44 0 d-----w- c:\documents and settings\administrator\WINDOWS
2010-03-23 23:26:41 68404 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-23 16:16:38 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-23 16:10:51 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-23 16:09:59 0 d-----w- c:\windows\SHELLNEW
2010-03-23 01:27:29 0 d-----w- c:\program files\VideoLAN
2010-03-22 17:32:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-22 16:54:26 0 d-----w- c:\program files\Free RAR Extract Frog
2010-03-22 16:41:16 0 d-----w- c:\program files\uTorrent
2010-03-22 16:41:00 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
2010-03-16 16:27:17 0 d-----w- c:\program files\Smilebox
2010-03-11 17:03:36 0 d-----w- c:\program files\OLYMPUS
2010-03-10 23:13:46 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 21:10:41 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cabfccf98dc2b2.mof
2010-03-09 15:35:35 0 d-----w- c:\docume~1\admini~1\applic~1\TeamViewer
2010-03-09 15:35:14 0 d-----w- c:\program files\TeamViewer
2010-03-08 19:49:14 0 d-----w- c:\program files\Grabber
2010-03-08 19:47:04 0 d-----w- c:\docume~1\admini~1\applic~1\Regensoft
2010-03-08 18:28:46 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9

==================== Find3M ====================

2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-04 23:25:36 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 23:25:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 23:25:24 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 23:25:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 23:24:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-19 14:26:23 1756 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq nc6400 (RM100AW#ABA)_YN_0U_QCND7091M0Z_E434375003_46_I30AD_SHP_VKBC Version 56.34_B68YCU Ver. F.0A_T070417_WXP2_L409_M2040_J80_7Intel_8Core2 T5600_91.83_#100219_N14E416FD_(RM100AW#ABA).MRK

============= FINISH: 15:45:41.89 ===============

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:17 PM

Posted 06 April 2010 - 01:19 PM

Good evening. smile.gif

I'll wait for the news on the MBAM log before we proceed.

So long, and thanks for all the fish.

 

 


#5 Ronit236

Ronit236
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 06 April 2010 - 08:50 PM

Here we go, got all 3 logs, did you still want me to run GMER? It keeps freezing after a while.


Log #1

-------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/4/2010 7:35:29 PM
mbam-log-2010-04-04 (19-35-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257678
Time elapsed: 1 hour(s), 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Desktop\Keymaker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP76\A0024424.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP87\A0027737.exe (Trojan.Agent) -> Quarantined and deleted successfully.


-------------------------------------------------------------------------------------------------------------

Log #2

-------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/4/2010 9:30:12 PM
mbam-log-2010-04-04 (21-30-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257727
Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP87\A0028655.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------------------------

Log #3


-------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

4/4/2010 10:35:10 PM
mbam-log-2010-04-04 (22-35-10).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 257648
Time elapsed: 1 hour(s), 1 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------------------------------------


P.S. Sorry about the late response, been busy with stuff and haven't been able to get on the Laptop since I last posted.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:17 PM

Posted 07 April 2010 - 02:09 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#7 Ronit236

Ronit236
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 07 April 2010 - 02:37 PM

OK I will give it a shot and then post the log here.

#8 Ronit236

Ronit236
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 07 April 2010 - 02:57 PM

Here's the Combofix log.

ComboFix 10-04-06.05 - Administrator 04/07/2010 15:42:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1452 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-04 01:16 . 2010-04-05 02:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-03 19:33 . 2010-04-03 19:58 -------- d-----w- C:\Songs
2010-04-02 13:44 . 2010-04-04 01:03 -------- d-----w- C:\Stuff from Desktop
2010-04-01 21:43 . 2010-04-01 21:43 -------- d-----w- C:\cabs
2010-04-01 17:50 . 2010-04-01 17:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\ImgBurn
2010-04-01 17:43 . 2010-04-01 17:43 -------- d-----w- c:\program files\ImgBurn
2010-04-01 17:39 . 2010-04-01 17:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sonic
2010-04-01 17:38 . 2010-04-01 17:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
2010-04-01 14:44 . 2010-04-01 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-04-01 14:44 . 2010-04-05 14:28 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-01 14:43 . 2010-04-01 14:43 -------- d-----w- c:\program files\NOS
2010-04-01 14:42 . 2010-04-01 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-31 23:01 . 2010-03-31 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\AskToolbar
2010-03-31 23:01 . 2010-03-31 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2010-03-31 17:28 . 2010-03-11 12:38 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-31 17:28 . 2010-03-11 12:38 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-31 17:28 . 2010-03-11 12:38 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-31 17:28 . 2010-03-11 12:38 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-31 17:28 . 2010-03-11 12:38 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2010-03-31 17:28 . 2010-03-11 12:38 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2010-03-31 17:28 . 2010-03-10 13:18 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-31 17:28 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2010-03-31 17:17 . 2010-03-31 17:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-30 21:34 . 2010-03-30 21:34 -------- d-----w- c:\windows\Sun
2010-03-30 21:33 . 2010-03-30 21:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 21:08 . 2010-03-30 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-30 21:08 . 2010-03-30 21:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-30 21:08 . 2010-03-30 21:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-30 21:07 . 2010-03-30 21:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-30 20:59 . 2010-03-30 21:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SuperNZB
2010-03-30 20:58 . 2010-03-30 20:58 -------- d-----w- c:\program files\SuperNZB
2010-03-30 20:23 . 2010-03-30 20:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LightScribe
2010-03-30 20:23 . 2010-04-01 20:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2010-03-30 20:14 . 2002-11-21 14:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-03-30 20:14 . 2002-11-21 14:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-03-30 20:14 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-03-30 20:14 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-03-30 20:14 . 2002-11-21 14:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-03-30 20:14 . 2002-11-21 14:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-03-30 19:24 . 2010-03-30 19:34 -------- d-----w- c:\program files\Nero
2010-03-30 19:23 . 2010-03-30 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-03-30 19:23 . 2010-03-30 19:34 -------- d-----w- c:\program files\Common Files\Nero
2010-03-30 19:23 . 2010-03-30 19:23 -------- d-----w- c:\program files\Ask.com
2010-03-30 16:29 . 2010-03-30 16:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HandBrake
2010-03-30 16:29 . 2010-03-30 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HandBrake
2010-03-30 16:29 . 2010-03-30 16:29 -------- d-----w- c:\program files\Handbrake
2010-03-30 13:17 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-29 23:41 . 2010-03-29 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-29 23:41 . 2010-03-29 23:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2010-03-29 22:37 . 2010-03-29 22:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-29 22:37 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:37 . 2010-03-29 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 22:37 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 22:37 . 2010-03-29 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 20:01 . 2010-03-29 20:01 -------- d-----w- c:\windows\system32\scripting
2010-03-29 20:01 . 2010-03-29 20:01 -------- d-----w- c:\windows\l2schemas
2010-03-29 20:01 . 2010-03-29 20:01 -------- d-----w- c:\windows\system32\en
2010-03-29 20:01 . 2010-03-29 20:01 -------- d-----w- c:\windows\system32\bits
2010-03-29 19:37 . 2006-03-23 12:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-03-29 19:36 . 2010-03-29 19:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Infineon
2010-03-29 19:02 . 2005-07-05 12:21 32768 ------w- c:\windows\biwlanappxpver.dll
2010-03-29 19:02 . 2010-03-29 19:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-03-29 19:02 . 2010-03-29 19:02 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-03-29 19:02 . 2010-03-29 19:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-03-29 19:02 . 2010-03-29 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-03-29 19:01 . 2010-03-29 19:02 -------- d-----w- c:\program files\Intel
2010-03-29 19:00 . 2010-03-30 20:14 -------- d-----w- c:\program files\InterVideo
2010-03-29 19:00 . 2004-08-04 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-29 18:59 . 2010-03-29 18:59 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-29 18:59 . 2010-03-29 18:59 -------- d-----w- c:\program files\Windows Media Connect
2010-03-29 18:56 . 2010-03-29 18:56 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-29 18:55 . 2010-03-29 18:55 -------- d-----w- c:\program files\Hp
2010-03-29 18:55 . 2010-03-29 18:55 -------- d-----w- c:\windows\Hewlett-Packard
2010-03-29 18:55 . 2010-03-29 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Infineon
2010-03-29 18:55 . 2010-03-29 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Infineon
2010-03-29 18:54 . 2010-03-29 18:54 -------- d-----w- c:\program files\ProtectTools
2010-03-29 18:49 . 2002-01-04 15:37 344064 ----a-r- c:\windows\system32\msvcr70.dll
2010-03-29 18:48 . 2010-03-30 21:33 -------- d-----w- c:\program files\Java
2010-03-29 18:48 . 2010-03-29 18:48 -------- d-----w- c:\program files\Common Files\Java
2010-03-29 18:48 . 2010-03-29 18:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2010-03-29 18:42 . 2005-07-05 12:18 32768 ------w- c:\windows\biwlandrvxpver.dll
2010-03-29 18:41 . 2006-02-07 14:33 9728 ------w- c:\windows\HPNICVersion.dll
2010-03-29 18:41 . 2010-03-29 18:41 -------- d-----w- c:\program files\Broadcom
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqLog
2010-03-29 18:40 . 2006-04-28 20:07 9728 ------w- c:\windows\HPModemVersion.dll
2010-03-29 18:40 . 2010-03-29 18:40 -------- d-----w- c:\windows\Options
2010-03-29 07:02 . 2010-03-29 07:04 -------- d-----w- C:\Backup
2010-03-29 06:58 . 2010-03-29 07:01 -------- d-----w- c:\windows\system32\NtmsData
2010-03-29 06:57 . 2010-03-29 06:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SoftThinks
2010-03-26 01:12 . 2010-03-26 01:15 -------- d-----w- c:\program files\REA
2010-03-25 19:20 . 2010-03-25 19:20 -------- d-----w- c:\documents and settings\Administrator\WINDOWS
2010-03-23 23:26 . 2010-03-23 23:26 68404 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-23 16:16 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-23 16:16 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-23 16:15 . 2010-03-25 14:28 -------- d-----w- c:\program files\Microsoft Works
2010-03-23 16:13 . 2010-03-23 16:13 -------- d-----w- c:\program files\Microsoft.NET
2010-03-23 16:10 . 2010-03-23 16:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-23 16:09 . 2010-03-23 16:14 -------- d-----w- c:\windows\SHELLNEW
2010-03-23 16:08 . 2010-03-23 16:08 -------- d-----r- C:\MSOCache
2010-03-23 01:58 . 2010-04-04 00:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-03-23 01:27 . 2010-03-23 01:27 -------- d-----w- c:\program files\VideoLAN
2010-03-22 17:32 . 2010-03-23 17:33 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-22 16:54 . 2010-03-22 17:10 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-03-22 16:41 . 2010-03-22 16:41 -------- d-----w- c:\program files\uTorrent
2010-03-22 16:41 . 2010-04-01 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-03-16 16:27 . 2010-03-16 16:27 -------- d-----w- c:\program files\Smilebox
2010-03-11 17:05 . 2010-03-11 17:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\OLYMPUS
2010-03-11 17:03 . 2010-03-11 17:03 -------- d-----w- c:\program files\OLYMPUS
2010-03-10 23:13 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 15:35 . 2010-03-30 17:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2010-03-09 15:35 . 2010-03-09 15:35 -------- d-----w- c:\program files\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 17:24 . 2010-02-20 20:08 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-04-01 14:47 . 2010-02-20 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-01 14:35 . 2010-04-01 14:35 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 14:35 . 2010-04-01 14:35 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-30 21:32 . 2010-03-30 21:32 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-30 21:09 . 2010-03-30 21:09 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-30 21:09 . 2010-03-30 21:09 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-30 20:14 . 2006-09-20 07:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-30 17:44 . 2006-09-20 07:29 -------- d-----w- c:\program files\HPQ
2010-03-29 22:37 . 2010-03-29 22:37 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 21:03 . 2010-03-29 21:03 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-29 21:03 . 2010-03-29 21:03 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-29 20:06 . 2004-08-07 13:12 91823 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-29 18:58 . 2006-09-20 07:32 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-29 18:58 . 2010-03-29 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-29 18:58 . 2006-09-20 07:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-29 18:58 . 2010-03-29 18:58 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-03-29 18:58 . 2010-03-29 18:57 -------- d-----w- c:\program files\Sonic
2010-03-29 18:58 . 2010-03-29 18:57 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-29 18:55 . 2010-02-20 15:03 -------- d-----w- c:\program files\Google
2010-03-29 18:51 . 2010-02-20 15:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-26 17:36 . 2010-02-19 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-26 01:12 . 2010-03-26 01:12 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1363589E-F441-4AF5-9AFB-4B55F7F787C7}\NewShortcut11_1363589EF4414AF59AFB4B55F7F787C7.exe
2010-03-26 01:12 . 2010-03-26 01:12 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1363589E-F441-4AF5-9AFB-4B55F7F787C7}\NewShortcut1_1363589EF4414AF59AFB4B55F7F787C7.exe
2010-03-26 01:12 . 2010-03-26 01:12 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{1363589E-F441-4AF5-9AFB-4B55F7F787C7}\ARPPRODUCTICON.exe
2010-03-23 23:18 . 2010-02-20 14:44 83392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 16:15 . 2010-02-20 20:03 -------- d-----w- c:\program files\MSBuild
2010-03-22 19:53 . 2010-04-01 14:43 32576 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jt0x7psy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-22 19:53 . 2010-04-01 14:43 29984 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jt0x7psy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-03-22 17:36 . 2010-03-22 17:36 688920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-03-11 12:38 . 2004-08-04 08:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-08 19:49 . 2010-03-08 19:49 -------- d-----w- c:\program files\Grabber
2010-03-08 19:47 . 2010-03-08 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Regensoft
2010-03-08 18:28 . 2010-03-08 18:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-03-04 23:25 . 2010-02-20 14:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 23:25 . 2010-03-04 23:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 23:25 . 2010-02-20 14:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 23:25 . 2010-02-20 14:44 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-04 23:25 . 2010-02-20 14:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 23:24 . 2010-02-20 14:44 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-23 02:04 . 2010-02-23 02:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-22 01:40 . 2010-02-20 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-21 17:58 . 2010-02-21 17:58 -------- d-----w- c:\program files\MSXML 4.0
2010-02-21 01:06 . 2010-02-20 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-02-20 23:37 . 2010-02-19 14:50 -------- d-----w- c:\program files\Samsung
2010-02-20 22:18 . 2010-02-20 22:18 -------- d-----w- c:\program files\Regensoft
2010-02-20 22:18 . 2010-02-20 22:18 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-20 22:18 . 2010-02-20 22:18 -------- d-----w- c:\program files\Red Kawa
2010-02-20 22:12 . 2010-02-20 22:12 -------- d-----w- c:\program files\Emicsoft Studio
2010-02-20 20:03 . 2010-02-20 20:03 -------- d-----w- c:\program files\Reference Assemblies
2010-02-20 19:59 . 2010-02-20 19:59 -------- d-----w- c:\program files\MSXML 6.0
2010-02-20 15:04 . 2010-02-20 15:03 -------- d-----w- c:\program files\DivX
2010-02-20 15:03 . 2010-02-20 15:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-20 14:57 . 2010-02-20 14:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-02-20 14:54 . 2010-02-20 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-20 14:53 . 2010-02-20 14:52 -------- d-----w- c:\program files\iTunes
2010-02-20 14:53 . 2010-02-20 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-20 14:53 . 2010-02-20 14:53 -------- d-----w- c:\program files\iPod
2010-02-20 14:53 . 2010-02-20 14:49 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 14:52 . 2010-02-20 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-20 14:51 . 2010-02-20 14:51 -------- d-----w- c:\program files\Bonjour
2010-02-20 14:51 . 2010-02-20 14:50 -------- d-----w- c:\program files\QuickTime
2010-02-20 14:50 . 2010-02-20 14:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-20 14:44 . 2010-02-20 14:44 -------- d-----w- c:\program files\AVG
2010-02-20 14:44 . 2010-02-20 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-19 16:12 . 2006-09-20 07:20 -------- d-----w- c:\program files\microsoft frontpage
2010-02-19 16:12 . 2006-09-20 07:33 -------- d-----w- c:\program files\Fingerprint Sensor
2010-02-19 16:12 . 2006-09-20 07:31 -------- d-----w- c:\program files\Analog Devices
2010-02-19 16:10 . 2006-09-20 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2010-02-19 14:58 . 2010-02-19 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-02-19 14:40 . 2010-02-19 14:40 -------- d-----w- c:\program files\MSECache
2010-02-19 14:40 . 2010-02-19 14:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\TP
2010-02-19 14:37 . 2010-02-19 14:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 14:31 . 2010-02-19 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-19 14:30 . 2010-02-19 14:30 0 ----a-w- c:\windows\nsreg.dat
2010-02-19 14:27 . 2010-02-19 14:27 -------- d-----w- c:\program files\WIDCOMM
2010-02-19 14:26 . 2010-02-19 14:26 1756 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Compaq nc6400 (RM100AW#ABA)_YN_0U_QCND7091M0Z_E434375003_46_I30AD_SHP_VKBC Version 56.34_B68YCU Ver. F.0A_T070417_WXP2_L409_M2040_J80_7Intel_8Core2 T5600_91.83_#100219_N14E416FD_(RM100AW#ABA).MRK
2010-02-19 14:23 . 2010-02-19 14:23 -------- d-----w- c:\program files\Program Shortcuts
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-05_14.35.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 16:26 . 2010-04-07 16:26 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-29 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-30 149280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-3-29 184320]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 23:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-08-19 13:52 389120 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/20/2010 10:44 AM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/20/2010 10:44 AM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/20/2010 10:44 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/20/2010 10:44 AM 242696]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [10/25/2005 2:10 PM 35488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/4/2010 7:25 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 7:25 PM 308064]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [3/18/2010 5:26 AM 172328]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/20/2010 10:44 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/20/2010 10:44 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/20/2010 10:44 AM 26120]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/20/2006 3:24 AM 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 9:26 AM 35968]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/4/2010 7:25 PM 5888008]
S2 gupdate1cab23decc7d9b0;Google Update Service (gupdate1cab23decc7d9b0);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2010 11:03 AM 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:03]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:03]

2010-04-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Grabber All - c:\program files\Grabber\grabberall.htm
IE: &Grabber Image - c:\program files\Grabber\grabber.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jt0x7psy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jt0x7psy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 15:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???@P??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(4676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2010-04-07 15:55:05
ComboFix-quarantined-files.txt 2010-04-07 19:54
ComboFix2.txt 2010-04-05 14:39

Pre-Run: 9,960,574,976 bytes free
Post-Run: 9,960,722,432 bytes free

- - End Of File - - CAF3092955E755FC3BF9D675D4D9BE26


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:17 PM

Posted 07 April 2010 - 06:26 PM

QUOTE
Let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:17 PM

Posted 19 April 2010 - 02:25 PM

As there has been no response for over five days this thread has been locked.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users