Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whitelisted virus's


  • This topic is locked This topic is locked
17 replies to this topic

#1 libraryboy

libraryboy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 20 May 2010 - 09:34 AM

The Gmer log isn't the way you want it but thisis the best I could do. Thank you for your patience.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 18:18:27.87 on Wed 05/19/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.180 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Defogger.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://washingtonpost.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: View Original Image -
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241488863625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ShellServiceObjectDelayLoad - c:\windows\system32\j46mlej11ho.dll
AppInit_DLLs: 303169590.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\w4n5mrjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://washingtonpost.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-17 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-17 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-17 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-17 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-17 308064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 gupdate1ca652f177dcb4e;Google Update Service (gupdate1ca652f177dcb4e);c:\program files\google\update\GoogleUpdate.exe [2009-11-14 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-17 430152]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 12:25:25 1508 ----a-w- c:\program files\uninstal.log
2010-03-27 23:20:57 368 ----a-w- C:\drmHeader.bin
2010-03-10 16:20:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 08:02:04 417792 ------w- c:\windows\system32\vbscript.dll
2010-03-10 08:02:04 417792 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-03-10 04:57:43 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:57:36 1024000 ------w- c:\windows\system32\dllcache\browseui.dll
2010-02-26 19:35:08 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 11:17:33 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-22 04:09:25 43387 ----a-w- c:\windows\browser.exe
2009-11-14 15:03:29 0 ----a-w- c:\program files\common files\QUGY.HTML
2002-05-21 15:00:48 1362 ----a-r- c:\program files\ReadMe.txt
2004-08-10 04:00:00 94784 -csh--w- c:\windows\twain.dll
2004-08-10 04:00:00 50688 --sh--w- c:\windows\twain_32.dll
2002-08-01 00:55:12 208 -csh--w- c:\windows\WSYS049.SYS
2006-06-05 17:22:57 22 -csha-w- c:\windows\sminst\HPCD.sys
2004-08-10 04:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2004-08-10 04:00:00 54784 --sh--w- c:\windows\system32\msvcirt.dll
2004-08-10 04:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2004-08-10 04:00:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-10 04:00:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-10 04:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 18:19:48.89 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/1/2006 11:53:33 PM
System Uptime: 5/19/2010 7:37:21 AM (11 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 1772/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 225 GiB total, 69.696 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.525 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Any Video Converter 2.7.8
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
AVG Free 9.0
AVS Image Converter 1.2.1.100
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour
BufferChm
Canon CanoScan Toolbox 4.8
CCleaner
Cobian Backup 9
Codec 8.2 build 4
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Easy Internet Sign-up
Easy Website Pro 4
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
FinePixViewer Ver.3.2
FLV Player 2.0 (build 25)
FUJIFILM USB Driver
FullDPAppQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 6.0
HP Photo Imaging Software
HP Photo Printing Software
HP Photosmart Premier Software 6.0
HP Rhapsody
HP Share-to-Web
HP Support Overview
HP Update
HP Web Helper
HpSdpAppCoreApp
ImageMixer VCD for FinePix
InstantShareDevices
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 18
Lexibox Deluxe from Compaq (remove only)
Lexmark 730 Series
LightScribe 1.4.84.1
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Manual CanoScan 8400F
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MicroStaff WINASPI
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetObjects Fusion Essentials
Octoshape add-in for Adobe Flash Player
Office Animation Runtime
OmniPage SE
OptionalContentQFolder
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from Compaq (remove only)
Presto! PageManager 6.11
QuickTime
RandMap
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Shooting Stars Pool from Compaq (remove only)
SkinsHP1
Snosh V2.1
Sonic Express Labeler
Sonic MyDVD Plus
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SUPERAntiSpyware Free Edition
Tradewinds from Compaq (remove only)
Unload
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
XP Codec Pack
ZoneAlarm Spy Blocker
ZyGoVideo 2.0

==== Event Viewer Messages From Past Week ========

5/18/2010 10:28:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ws2_32.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/17/2010 6:24:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AvgLdx86 AvgMfx86 AvgTdiX Fips ftsata2 IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SABKUTIL SASDIFSV SASKUTIL Tcpip
5/17/2010 5:29:51 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/16/2010 9:16:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/16/2010 9:00:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips ftsata2 IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SABKUTIL Tcpip
5/16/2010 9:00:08 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 9:00:08 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 9:00:08 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 9:00:08 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 9:00:08 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 8:59:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/16/2010 4:18:24 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/16/2010 2:18:23 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/16/2010 12:48:22 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/16/2010 12:33:22 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/16/2010 1:18:22 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/15/2010 8:41:25 AM, error: Dhcp [1002] - The IP address lease 68.254.172.229 for the Network Card with network address 00173123C9DB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/14/2010 6:40:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde SABKUTIL ViaIde
5/13/2010 5:18:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.
5/13/2010 5:18:37 PM, error: Service Control Manager [7000] - The lxcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/13/2010 5:18:37 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service lxcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}
5/13/2010 10:04:56 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/13/2010 10:04:55 AM, error: Dhcp [1002] - The IP address lease 76.229.217.97 for the Network Card with network address 00173123C9DB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/12/2010 5:44:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 SABKUTIL
5/12/2010 5:44:27 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
5/12/2010 5:44:12 PM, error: Dhcp [1002] - The IP address lease 99.143.63.64 for the Network Card with network address 00173123C9DB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
5/12/2010 5:36:09 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00173123C9DB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 09:11:55
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgxyafod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF1EC9950]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[248] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe[248] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[504] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\PROGRA~1\Yahoo!\browser\ycommon.exe[504] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\winlogon.exe[692] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\winlogon.exe[692] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\services.exe[736] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\services.exe[736] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\lsass.exe[760] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\lsass.exe[760] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[800] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[800] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[924] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[924] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[1020] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1020] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\System32\svchost.exe[1112] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\System32\svchost.exe[1112] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[1164] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1164] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[1192] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1192] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1440] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\Program Files\Bonjour\mDNSResponder.exe[1440] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\Explorer.EXE[1548] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\Explorer.EXE[1548] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\spoolsv.exe[1580] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\spoolsv.exe[1580] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\svchost.exe[1600] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1600] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1876] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\Program Files\Java\jre6\bin\jqs.exe[1876] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe[2004] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe[2004] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\wuauclt.exe[2228] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\wuauclt.exe[2228] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2308] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\ehome\mcrdsvc.exe[2308] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\system32\dllhost.exe[2568] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\system32\dllhost.exe[2568] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3000] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3000] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\Program Files\Mozilla Firefox\firefox.exe[3000] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC4179]
.text C:\WINDOWS\System32\alg.exe[3184] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12133, 0xE0000040]
.data C:\WINDOWS\System32\alg.exe[3184] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC4179]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs F18CF400

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 22 May 2010 - 11:08 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 22 May 2010 - 05:02 PM

ComboFix 10-05-22.01 - Compaq_Administrator 05/22/2010 16:39:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.425 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\System
c:\documents and settings\Compaq_Administrator\System\win_qs8.jqx
c:\progra~1\COMMON~1\{0CB0F~1
c:\program files\deskbar
c:\program files\outlook
D:\Autorun.inf

c:\windows\system32\ws2_32.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-22 06:57 . 2010-05-22 06:57 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcp71.dll
2010-05-22 06:57 . 2010-05-22 06:57 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\jmc.dll
2010-05-22 06:57 . 2010-05-22 06:57 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcr71.dll
2010-05-22 06:57 . 2010-05-22 06:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-sse.dll
2010-05-22 06:57 . 2010-05-22 06:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-d3d.dll
2010-05-19 22:30 . 2010-05-19 22:31 -------- d-----w- c:\program files\Cobian Backup 9
2010-05-19 03:11 . 2010-05-19 03:11 666112 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll
2010-05-19 03:11 . 2010-05-19 03:11 319488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-05-17 22:30 . 2010-05-20 15:29 63488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 22:30 . 2010-05-17 22:30 52224 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 22:30 . 2010-05-20 15:29 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-21 14:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-16 14:30 . 2010-05-16 14:30 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-05-16 13:48 . 2010-05-16 13:48 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 22:14 . 2009-08-16 11:57 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\program files\Shareaza
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Shareaza
2010-05-16 20:16 . 2010-01-03 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 14:33 . 2006-02-22 04:49 46448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-16 12:38 . 2006-11-11 22:41 -------- d-----w- c:\program files\Lx_cats
2010-04-29 20:39 . 2010-02-04 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-04 15:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 03:57 . 2010-04-18 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-19 03:33 . 2006-02-22 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 03:24 . 2010-04-19 03:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-19 03:18 . 2010-04-19 03:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVS4YOU
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 01:55 . 2008-01-22 00:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-18 02:24 . 2010-04-18 02:24 -------- d-----w- c:\program files\Panda Security
2010-04-08 13:57 . 2009-01-06 16:22 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter
2010-04-06 14:26 . 2010-04-05 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-06 14:26 . 2010-04-05 12:08 -------- d-----w- c:\program files\DivX
2010-04-05 12:25 . 2010-04-05 12:25 1508 ----a-w- c:\program files\uninstal.log
2010-04-05 12:23 . 2008-01-19 15:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DivX
2010-04-05 12:06 . 2010-04-05 12:21 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-03 22:59 . 2007-04-12 05:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 22:50 . 2007-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-03 22:39 . 2009-11-07 23:07 -------- d-----w- c:\program files\CCleaner
2010-04-03 03:06 . 2009-12-03 14:16 -------- d-----w- c:\program files\QuickTime
2010-04-02 22:00 . 2009-12-03 14:13 -------- d-----w- c:\program files\Apple Software Update
2010-03-27 23:20 . 2008-03-08 19:45 368 ----a-w- C:\drmHeader.bin
2010-03-16 04:58 . 2010-03-16 04:58 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcp71.dll
2010-03-16 04:58 . 2010-03-16 04:58 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\jmc.dll
2010-03-16 04:58 . 2010-03-16 04:58 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcr71.dll
2010-03-16 04:57 . 2010-03-16 04:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-sse.dll
2010-03-16 04:57 . 2010-03-16 04:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-d3d.dll
2010-03-10 16:20 . 2010-03-10 16:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 08:02 . 2004-08-10 04:00 417792 ------w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2004-08-10 04:00 668672 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-10 04:00 454016 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 04:09 . 2010-02-22 04:09 390664 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11_AVG_RESTORED.exe
2010-02-22 04:09 . 2010-02-22 04:09 43387 ----a-w- c:\windows\browser.exe
2009-11-14 15:03 . 2009-11-14 15:03 0 ----a-w- c:\program files\Common Files\QUGY.HTML
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2004-08-10 04:00 . 2004-08-10 04:00 94784 -csh--w- c:\windows\twain.dll
2004-08-10 04:00 . 2004-08-10 04:00 50688 --sh--w- c:\windows\twain_32.dll
2002-08-01 00:55 . 2009-03-09 14:30 208 -csh--w- c:\windows\WSYS049.SYS
2006-06-05 17:22 . 2006-06-05 17:22 22 -csha-w- c:\windows\SMINST\HPCD.sys
2004-08-10 04:00 . 2004-08-10 04:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2004-08-10 04:00 . 2004-08-10 04:00 54784 --sh--w- c:\windows\system32\msvcirt.dll
2004-08-10 04:00 . 2004-08-10 04:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2004-08-10 04:00 . 2004-08-10 04:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2007-12-04 18:38 . 2004-08-10 04:00 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-10 04:00 . 2004-08-10 04:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-10 04:00 . 2004-08-10 04:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 . 8F4E07A923B2D43C433BE5BC9BF58D2C . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-12 113664]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-22 217088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\qugy.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\program files\Uninstall Information\nidoto.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:Shareaza

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/17/2010 9:24 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 gupdate1ca652f177dcb4e;Google Update Service (gupdate1ca652f177dcb4e);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2009 8:33 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-12 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-17 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://washingtonpost.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: View Original Image -
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w4n5mrjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://washingtonpost.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-ShellServiceObjectDelayLoad - c:\windows\system32\j46mlej11ho.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 16:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2800)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-05-22 16:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-22 21:55

Pre-Run: 153,430,749,184 bytes free
Post-Run: 153,630,294,016 bytes free

- - End Of File - - 9E9328EEEA80DD68655EC21528B70608

Thank you for your help.

jj

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 23 May 2010 - 01:45 AM

Hello, we need to replace a system file. Please let me know if you have your Windows XP CD at hand (if you don't have one, maybe you can borrow one from a friend or family member).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 23 May 2010 - 06:09 AM

My computer did not come with the disks as all the restore files are loaded on the D drive. I can borrow an XP home version CD from a friend. I seem to be running something called the XP Media Center Edition. I suppose the two are compatible. So long as the computer doesn't ask for a special registration number; but I will cross that bridge when I come to it. I will respond when I get the CD.

Thanks again for your help.

jj

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 23 May 2010 - 06:23 AM

Okay, please let me know when you have the CD.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 24 May 2010 - 05:16 PM

Sorry, but I have been unable to get a copy of windows xp. I am not sure if the home or Pro editions would work anyway since i have the Media Center edition 2002. I looked on the HP website and I was the scannow command. Do you think that could work in this case to restore the corrupted files? I have a Presario where everything is loaded with no separate disks.

thanks,
jj

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 25 May 2010 - 02:19 AM

Hello again,
SFC scannow will not work, since you have no valid replacement copies on your computer.

Lets try the following:

Please download kateskiller.zip and save it to your desktop.

Rightclick on kateskiller.zip and select Extract Here.

Once the files are extracted, open the folder in which they were extracted and doubleclick kateskiller.exe

Once finished, rerun Combofix and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 25 May 2010 - 05:55 AM

ComboFix 10-05-24.05 - Compaq_Administrator 05/25/2010 5:36.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.467 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\temp\IadHide5.dll

c:\windows\system32\ws2_32.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-24 23:25 . 2010-05-24 23:25 -------- d-----w- c:\program files\Alwil Software
2010-05-24 23:25 . 2010-05-24 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-19 22:30 . 2010-05-19 22:31 -------- d-----w- c:\program files\Cobian Backup 9
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-25 01:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-16 14:30 . 2010-05-16 14:30 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-05-16 13:48 . 2010-05-16 13:48 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 06:57 . 2010-05-22 06:57 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcp71.dll
2010-05-22 06:57 . 2010-05-22 06:57 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\jmc.dll
2010-05-22 06:57 . 2010-05-22 06:57 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcr71.dll
2010-05-22 06:57 . 2010-05-22 06:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-sse.dll
2010-05-22 06:57 . 2010-05-22 06:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-d3d.dll
2010-05-20 15:29 . 2010-05-17 22:30 63488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-20 15:29 . 2010-05-17 22:30 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-19 03:11 . 2010-05-19 03:11 666112 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll
2010-05-19 03:11 . 2010-05-19 03:11 319488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-05-18 22:14 . 2009-08-16 11:57 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2010-05-17 22:30 . 2010-05-17 22:30 52224 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\program files\Shareaza
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Shareaza
2010-05-16 20:16 . 2010-01-03 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 14:33 . 2006-02-22 04:49 46448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-16 12:38 . 2006-11-11 22:41 -------- d-----w- c:\program files\Lx_cats
2010-04-29 20:39 . 2010-02-04 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-04 15:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 03:57 . 2010-04-18 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-19 03:33 . 2006-02-22 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 03:24 . 2010-04-19 03:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-19 03:18 . 2010-04-19 03:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVS4YOU
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 01:55 . 2008-01-22 00:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-18 02:24 . 2010-04-18 02:24 -------- d-----w- c:\program files\Panda Security
2010-04-08 13:57 . 2009-01-06 16:22 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter
2010-04-06 14:26 . 2010-04-05 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-06 14:26 . 2010-04-05 12:08 -------- d-----w- c:\program files\DivX
2010-04-05 12:25 . 2010-04-05 12:25 1508 ----a-w- c:\program files\uninstal.log
2010-04-05 12:23 . 2008-01-19 15:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DivX
2010-04-05 12:06 . 2010-04-05 12:21 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-03 22:59 . 2007-04-12 05:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 22:50 . 2007-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-03 22:39 . 2009-11-07 23:07 -------- d-----w- c:\program files\CCleaner
2010-04-03 03:06 . 2009-12-03 14:16 -------- d-----w- c:\program files\QuickTime
2010-04-02 22:00 . 2009-12-03 14:13 -------- d-----w- c:\program files\Apple Software Update
2010-03-27 23:20 . 2008-03-08 19:45 368 ----a-w- C:\drmHeader.bin
2010-03-16 04:58 . 2010-03-16 04:58 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcp71.dll
2010-03-16 04:58 . 2010-03-16 04:58 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\jmc.dll
2010-03-16 04:58 . 2010-03-16 04:58 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcr71.dll
2010-03-16 04:57 . 2010-03-16 04:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-sse.dll
2010-03-16 04:57 . 2010-03-16 04:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-d3d.dll
2010-03-10 16:20 . 2010-03-10 16:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 08:02 . 2004-08-10 04:00 417792 ------w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2004-08-10 04:00 668672 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-10 04:00 454016 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-14 15:03 . 2009-11-14 15:03 0 ----a-w- c:\program files\Common Files\QUGY.HTML
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2004-08-10 04:00 . 2004-08-10 04:00 94784 -csh--w- c:\windows\twain.dll
2004-08-10 04:00 . 2004-08-10 04:00 50688 --sh--w- c:\windows\twain_32.dll
2002-08-01 00:55 . 2009-03-09 14:30 208 -csh--w- c:\windows\WSYS049.SYS
2006-06-05 17:22 . 2006-06-05 17:22 22 -csha-w- c:\windows\SMINST\HPCD.sys
2004-08-10 04:00 . 2004-08-10 04:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2004-08-10 04:00 . 2004-08-10 04:00 54784 --sh--w- c:\windows\system32\msvcirt.dll
2004-08-10 04:00 . 2004-08-10 04:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2004-08-10 04:00 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-10 04:00 . 2004-08-10 04:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-10 04:00 . 2004-08-10 04:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-10 . 8F4E07A923B2D43C433BE5BC9BF58D2C . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-12 113664]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-22 217088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\qugy.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\program files\Uninstall Information\nidoto.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:Shareaza

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/17/2010 9:24 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 gupdate1ca652f177dcb4e;Google Update Service (gupdate1ca652f177dcb4e);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2009 8:33 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-12 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-17 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://washingtonpost.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: View Original Image -
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w4n5mrjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://washingtonpost.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 05:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1532)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-05-25 05:51:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-25 10:51
ComboFix2.txt 2010-05-22 21:55

Pre-Run: 153,809,256,448 bytes free
Post-Run: 153,773,187,072 bytes free

- - End Of File - - 055394EDA1BA863F00D8F3428F11B29E

I will continue searching for an xp cd. thanks again for your time and effort.

,,

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 25 May 2010 - 09:00 AM

Please let me know how your computer is working right now. If it works reasonably well we could try to attempt and install Service Pack 3 for XP. This would most likely replace the file with a good copy.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 25 May 2010 - 05:12 PM

I threw caution to the wind and did run the scannow even without the cd disks. I have included the latest combo fix scan also after I ran scannow..

Even at its worst in this problem the computer worked very well, you would only know that there was a problem by the redirects using Google search.
If I need to install sp3 i am confident it will go smoothly.

thanks,
jj

ComboFix 10-05-24.05 - Compaq_Administrator 05/25/2010 16:46:51.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.468 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-25 14:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-25 14:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-25 14:36 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-25 14:36 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-25 14:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-25 14:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-25 14:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-25 14:36 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-25 14:36 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-25 13:45 . 2004-08-04 05:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-05-25 13:45 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-05-25 13:44 . 2001-08-18 03:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-05-25 13:44 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-05-25 13:44 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-05-25 13:44 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-05-25 13:44 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-05-25 13:44 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-05-25 13:44 . 2004-08-04 04:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-25 13:44 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-05-25 13:44 . 2004-08-04 05:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-05-25 13:42 . 2004-08-04 03:29 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys
2010-05-25 13:41 . 2001-08-17 18:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-05-25 13:40 . 2001-08-18 03:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-05-25 13:39 . 2004-08-09 21:00 10240 ----a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-05-25 13:38 . 2001-08-17 19:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-05-25 13:37 . 2001-08-18 03:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-05-25 13:36 . 2004-08-04 04:07 16128 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-05-25 13:35 . 2001-07-21 19:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-05-25 13:34 . 2001-08-18 03:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2010-05-25 13:33 . 2001-08-17 17:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-05-25 13:32 . 2001-08-17 18:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-05-25 13:31 . 2004-08-09 21:00 67584 ----a-w- c:\windows\system32\dllcache\pmigrate.dll
2010-05-25 13:30 . 2001-08-18 03:36 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
2010-05-25 13:29 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-05-25 13:28 . 2001-08-17 17:50 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-05-25 13:27 . 2004-08-04 04:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-05-25 13:27 . 2004-08-09 21:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-05-25 13:27 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-05-25 13:27 . 2001-08-17 18:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-05-25 13:27 . 2004-08-04 04:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-05-25 13:27 . 2001-08-17 18:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-05-25 13:27 . 2004-08-04 04:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-05-25 13:27 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-05-25 13:27 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-05-25 13:27 . 2001-08-17 18:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-05-25 13:25 . 2001-08-17 18:51 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2010-05-25 13:24 . 2001-08-17 17:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2010-05-25 13:23 . 2001-08-18 03:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-05-25 13:22 . 2001-08-18 03:36 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-05-25 13:21 . 2001-08-17 19:56 470144 ----a-w- c:\windows\system32\dllcache\g200d.dll
2010-05-25 13:20 . 2001-08-17 17:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2010-05-25 13:19 . 2001-08-17 17:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-05-25 13:18 . 2001-08-18 03:36 110592 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
2010-05-25 13:17 . 2004-08-09 21:00 198656 ----a-w- c:\windows\system32\dllcache\cintime.dll
2010-05-25 13:16 . 2001-08-17 18:57 14080 ----a-w- c:\windows\system32\dllcache\battc.sys
2010-05-25 13:15 . 2001-08-17 18:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2010-05-24 23:25 . 2010-05-24 23:25 -------- d-----w- c:\program files\Alwil Software
2010-05-24 23:25 . 2010-05-24 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-19 22:30 . 2010-05-19 22:31 -------- d-----w- c:\program files\Cobian Backup 9
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-25 11:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2010-05-17 22:28 . 2010-05-17 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-16 14:30 . 2010-05-16 14:30 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-05-16 13:48 . 2010-05-16 13:48 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 11:36 . 2010-05-17 22:30 63488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-25 11:35 . 2010-05-17 22:30 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-22 06:57 . 2010-05-22 06:57 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcp71.dll
2010-05-22 06:57 . 2010-05-22 06:57 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\jmc.dll
2010-05-22 06:57 . 2010-05-22 06:57 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63959cf6-n\msvcr71.dll
2010-05-22 06:57 . 2010-05-22 06:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-sse.dll
2010-05-22 06:57 . 2010-05-22 06:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6755a6c6-n\decora-d3d.dll
2010-05-19 03:11 . 2010-05-19 03:11 666112 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll
2010-05-19 03:11 . 2010-05-19 03:11 319488 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-05-18 22:14 . 2009-08-16 11:57 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2010-05-17 22:30 . 2010-05-17 22:30 52224 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\program files\Shareaza
2010-05-17 15:17 . 2009-11-19 15:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Shareaza
2010-05-16 20:16 . 2010-01-03 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 14:33 . 2006-02-22 04:49 46448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-16 12:38 . 2006-11-11 22:41 -------- d-----w- c:\program files\Lx_cats
2010-04-29 20:39 . 2010-02-04 15:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-04 15:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 03:57 . 2010-04-18 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-19 03:33 . 2006-02-22 04:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 03:24 . 2010-04-19 03:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-19 03:18 . 2010-04-19 03:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVS4YOU
2010-04-19 01:55 . 2010-04-19 01:55 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 01:55 . 2008-01-22 00:03 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-18 02:24 . 2010-04-18 02:24 -------- d-----w- c:\program files\Panda Security
2010-04-08 13:57 . 2009-01-06 16:22 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter
2010-04-06 14:26 . 2010-04-05 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-06 14:26 . 2010-04-05 12:08 -------- d-----w- c:\program files\DivX
2010-04-05 12:25 . 2010-04-05 12:25 1508 ----a-w- c:\program files\uninstal.log
2010-04-05 12:23 . 2008-01-19 15:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DivX
2010-04-05 12:06 . 2010-04-05 12:21 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-03 22:59 . 2007-04-12 05:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 22:50 . 2007-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-03 22:39 . 2009-11-07 23:07 -------- d-----w- c:\program files\CCleaner
2010-04-03 03:06 . 2009-12-03 14:16 -------- d-----w- c:\program files\QuickTime
2010-04-02 22:00 . 2009-12-03 14:13 -------- d-----w- c:\program files\Apple Software Update
2010-03-27 23:20 . 2008-03-08 19:45 368 ----a-w- C:\drmHeader.bin
2010-03-16 04:58 . 2010-03-16 04:58 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcp71.dll
2010-03-16 04:58 . 2010-03-16 04:58 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\jmc.dll
2010-03-16 04:58 . 2010-03-16 04:58 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58e35541-n\msvcr71.dll
2010-03-16 04:57 . 2010-03-16 04:57 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-sse.dll
2010-03-16 04:57 . 2010-03-16 04:57 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4cf33162-n\decora-d3d.dll
2010-03-10 16:20 . 2010-03-10 16:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 08:02 . 2004-08-10 04:00 417792 ------w- c:\windows\system32\vbscript.dll
2010-02-26 06:05 . 2004-08-10 04:00 668672 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-11-14 15:03 . 2009-11-14 15:03 0 ----a-w- c:\program files\Common Files\QUGY.HTML
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2004-08-10 04:00 . 2004-08-10 04:00 94784 -csh--w- c:\windows\twain.dll
2004-08-10 04:00 . 2004-08-10 04:00 50688 --sh--w- c:\windows\twain_32.dll
2002-08-01 00:55 . 2009-03-09 14:30 208 -csh--w- c:\windows\WSYS049.SYS
2006-06-05 17:22 . 2006-06-05 17:22 22 -csha-w- c:\windows\SMINST\HPCD.sys
2004-08-10 04:00 . 2004-08-10 04:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2004-08-10 04:00 . 2004-08-10 04:00 54784 --sh--w- c:\windows\system32\msvcirt.dll
2004-08-10 04:00 . 2004-08-10 04:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2007-12-04 18:38 . 2004-08-10 04:00 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-10 04:00 . 2004-08-10 04:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-10 04:00 . 2004-08-10 04:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-09 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-12 113664]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-22 36903]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-22 217088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Common Files\qugy.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\program files\Uninstall Information\nidoto.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:Shareaza

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/17/2010 9:24 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/25/2010 9:37 AM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2010 9:37 AM 19024]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 gupdate1ca652f177dcb4e;Google Update Service (gupdate1ca652f177dcb4e);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2009 8:33 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 13:33]

2010-05-12 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-17 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://washingtonpost.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: View Original Image -
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w4n5mrjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://washingtonpost.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 16:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2060)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-05-25 17:02:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-25 22:02
ComboFix2.txt 2010-05-25 10:51
ComboFix3.txt 2010-05-22 21:55

Pre-Run: 152,706,932,736 bytes free
Post-Run: 152,675,618,816 bytes free

- - End Of File - - A2DAB79ABDCA1103E1C4973FFE7F0649



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 25 May 2010 - 09:43 PM

That did the trick smile.gif How are things running now? What problems do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 25 May 2010 - 10:04 PM

Everything seems to be OK. I'll check back when I have a new issue. Thanks so much for your assistance!

jj

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:13 AM

Posted 25 May 2010 - 11:21 PM

We're not completely done yet smile.gif

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 libraryboy

libraryboy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 26 May 2010 - 07:29 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4144

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/26/2010 7:27:06 AM
mbam-log-2010-05-26 (07-27-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 234409
Time elapsed: 50 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

thanks,
jj




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users