View Full Version : virtumonde.dll
pprestwich
2008-05-09, 18:05
Can someone please help me remove this from my machine? I have 3 entries, removed the other 9 with spybot. Cant get these 3 out of my system. My Os is Windows Vista Home with service pack 1.
Rorschach112
2008-05-09, 18:46
Please read the Sticky Threads here and post the required logs
pprestwich
2008-05-09, 19:16
how do i attach
Rorschach112
2008-05-09, 19:19
Don't attach the logs, post them here
pprestwich
2008-05-09, 19:23
How do i do this i cant figure this out?
pprestwich
2008-05-09, 19:29
here is the one log i was able to get from hijackthis. the online scanner wont work. I'm using firefox as my browser.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:07 AM, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrick\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXOhGaY.dll,#1
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Cookies - {2003a090-8521-11d6-b186-2eed50000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208654648_b49711740bc4017d480a118a225c3338&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp ;) - C:\Windows\AnyTrial.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9636 bytes
pprestwich
2008-05-09, 19:38
I cant open the web page for Kaspersky Online Scanner. It wont let me run it and now I cant even get to the site.
Rorschach112
2008-05-09, 20:51
Hello
Rename HijackThis.exe to pp.exe
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
pprestwich
2008-05-09, 22:30
Here is the combofix log and a new highjack this log.ComboFix 08-05-08.1 - Patrick 2008-05-09 15:08:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.246 [GMT -4:00]
Running from: C:\Users\Patrick\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\admvutbj.dll
C:\Windows\system32\cBsPICRj.dll
C:\Windows\system32\cpemaiwm.dll
C:\Windows\system32\edhsevmg.dll
C:\Windows\system32\gmveshde.ini
C:\Windows\system32\jghwhnje.dll
C:\Windows\system32\mcrh.tmp
C:\WINDOWS\System32\MTuDNqss.ini
C:\Windows\system32\qomliGvU.dll
C:\WINDOWS\System32\ruCbLnnn.ini
C:\WINDOWS\System32\ruCbLnnn.ini2
C:\Windows\system32\ssqNDuTM.dll
C:\Windows\System32\swhnybvn.ini
C:\Windows\system32\wgowqvbh.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-05-09 13:32 . 2008-05-09 13:32 2,112 --a------ C:\WINDOWS\System32\avtrmowv.exe
2008-05-09 11:23 . 2008-05-09 11:23 <DIR> d-------- C:\Program Files\Safer Networking
2008-05-07 11:49 . 2008-05-09 11:37 1,688 --a------ C:\WINDOWS\wininit.ini
2008-05-07 10:49 . 2008-05-07 10:49 <DIR> d-------- C:\VundoFix Backups
2008-05-07 10:48 . 2008-05-09 12:06 39 --a------ C:\MUI00
2008-05-07 09:58 . 2008-05-07 10:08 414 ---hs---- C:\WINDOWS\System32\rxbecwgf.ini
2008-05-07 08:40 . 2008-05-07 08:40 2,112 --a------ C:\WINDOWS\System32\pfdxuvvl.exe
2008-05-07 08:29 . 2008-05-07 08:29 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Yahoo!
2008-05-06 19:44 . 2008-05-06 19:44 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-05-06 16:11 . 2008-05-06 16:11 16 --a------ C:\WINDOWS\System32\coh.cache
2008-05-06 15:50 . 2008-05-06 16:04 123,952 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.SYS
2008-05-06 15:50 . 2008-05-06 16:04 10,740 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.CAT
2008-05-06 15:50 . 2008-05-06 16:04 805 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.INF
2008-05-06 15:48 . 2008-05-06 16:04 <DIR> d-------- C:\Program Files\Symantec
2008-05-06 15:47 . 2008-05-06 15:47 <DIR> d-------- C:\graphics
2008-05-06 12:07 . 2008-05-06 12:12 <DIR> d-------- C:\Users\Patrick\{1110f69d-63ed-4d75-9e49-8b0976fe452f}
2008-05-05 12:41 . 2008-05-05 12:56 <DIR> d-------- C:\WebCamNX
2008-05-05 12:39 . 2008-05-05 12:39 <DIR> d-------- C:\WebCam
2008-05-05 11:41 . 2008-05-05 11:41 <DIR> d-------- C:\Program Files\SuperAdBlocker(74).com
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-05 10:45 . 2008-05-05 10:45 244 --ah----- C:\sqmnoopt19.sqm
2008-05-05 10:45 . 2008-05-05 10:45 232 --ah----- C:\sqmdata19.sqm
2008-05-05 10:23 . 2008-05-05 10:23 244 --ah----- C:\sqmnoopt18.sqm
2008-05-05 10:23 . 2008-05-05 10:23 232 --ah----- C:\sqmdata18.sqm
2008-05-05 08:57 . 2008-05-06 16:29 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-05 08:57 . 2008-05-06 16:29 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-05 08:55 . 2008-05-05 08:55 244 --ah----- C:\sqmnoopt17.sqm
2008-05-05 08:55 . 2008-05-05 08:55 232 --ah----- C:\sqmdata17.sqm
2008-05-05 08:48 . 2008-05-05 08:48 244 --ah----- C:\sqmnoopt16.sqm
2008-05-05 08:48 . 2008-05-05 08:48 232 --ah----- C:\sqmdata16.sqm
2008-05-05 08:36 . 2008-05-05 08:36 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-05 08:36 . 2008-05-05 08:36 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-05 08:34 . 2008-05-05 08:34 107,472 --a------ C:\Users\Patrick\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-05 08:31 . 2008-05-05 08:31 <DIR> d-------- C:\Program Files\MSECache
2008-05-05 02:24 . 2008-05-05 02:32 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\ArcSoft
2008-05-04 18:28 . 2008-05-05 16:58 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\SiteAdvisor
2008-05-04 18:26 . 2008-05-04 18:26 244 --ah----- C:\sqmnoopt15.sqm
2008-05-04 18:26 . 2008-05-04 18:26 232 --ah----- C:\sqmdata15.sqm
2008-05-04 14:33 . 2008-05-04 14:33 244 --ah----- C:\sqmnoopt14.sqm
2008-05-04 14:33 . 2008-05-04 14:33 232 --ah----- C:\sqmdata14.sqm
2008-05-04 14:17 . 2008-05-04 14:17 <DIR> d-------- C:\Program Files\LucasArts
2008-05-04 14:12 . 2008-05-04 14:12 <DIR> d-------- C:\Program Files\mst software
2008-05-04 13:39 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-05-04 13:37 . 2008-01-15 11:26 4,874,240 --a------ C:\WINDOWS\RtHDVCpl.exe
2008-05-04 13:37 . 2008-01-15 19:19 2,047,576 --a------ C:\WINDOWS\System32\drivers\RTKVHDA.sys
2008-05-04 13:37 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-05-04 13:37 . 2008-01-09 18:52 636,416 --a------ C:\WINDOWS\System32\RtkPgExt.dll
2008-05-04 13:37 . 2007-11-13 12:35 532,480 --a------ C:\WINDOWS\System32\RTSndMgr.cpl
2008-05-04 13:37 . 2008-05-04 13:37 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-05-04 13:34 . 2008-05-04 13:34 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\WinBatch
2008-05-04 09:13 . 2008-05-04 09:13 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\WildTangent
2008-05-03 18:02 . 2008-05-03 18:02 244 --ah----- C:\sqmnoopt13.sqm
2008-05-03 18:02 . 2008-05-03 18:02 232 --ah----- C:\sqmdata13.sqm
2008-05-03 18:01 . 2008-05-03 21:10 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-03 18:01 . 2008-05-03 21:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-03 17:59 . 2008-05-03 17:59 <DIR> d-------- C:\Program Files\KeyScrambler
2008-05-03 17:59 . 2008-03-22 17:37 113,896 --a------ C:\WINDOWS\System32\drivers\keyscrambler.sys
2008-05-03 17:57 . 2008-05-03 17:57 <DIR> d-------- C:\WINDOWS\System32\URTTemp
2008-05-03 17:57 . 2008-05-03 17:57 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\SuperAdBlocker.com
2008-05-03 17:57 . 2008-05-06 10:32 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-03 17:45 . 2008-05-05 10:51 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Users\All Users\McAfee
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\ProgramData\McAfee
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-03 17:43 . 2008-05-03 17:43 <DIR> d-------- C:\WINDOWS\System32\Adobe
2008-05-03 14:33 . 2008-05-03 14:33 244 --ah----- C:\sqmnoopt12.sqm
2008-05-03 14:33 . 2008-05-03 14:33 232 --ah----- C:\sqmdata12.sqm
2008-05-01 20:32 . 2008-05-01 22:50 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\LimeWire
2008-05-01 18:03 . 2008-05-01 18:03 244 --ah----- C:\sqmnoopt11.sqm
2008-05-01 18:03 . 2008-05-01 18:03 232 --ah----- C:\sqmdata11.sqm
2008-04-28 01:07 . 2008-04-28 01:07 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-27 19:27 . 2008-01-19 03:35 9,847,296 --a------ C:\WINDOWS\System32\NlsData000a.dll
2008-04-27 19:26 . 2008-01-19 03:35 3,072,000 --a------ C:\WINDOWS\System32\networkmap.dll
2008-04-27 19:25 . 2008-01-19 02:06 8,147,456 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-04-27 19:24 . 2008-01-19 03:36 704,512 --a------ C:\WINDOWS\System32\SmiEngine.dll
2008-04-27 19:24 . 2008-01-19 03:33 599,552 --a------ C:\WINDOWS\System32\vsp1cln.exe
2008-04-27 19:24 . 2008-01-19 03:36 357,888 --a------ C:\WINDOWS\System32\wbemcomn.dll
2008-04-27 19:24 . 2008-01-05 07:31 145,455 --a------ C:\WINDOWS\System32\perfmon.msc
2008-04-27 19:24 . 2008-01-19 03:36 139,264 --a------ C:\WINDOWS\System32\SmiInstaller.dll
2008-04-27 19:24 . 2008-01-05 07:31 3 --a------ C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-27 19:23 . 2008-01-19 03:34 305,152 --a------ C:\WINDOWS\System32\msdelta.dll
2008-04-27 19:23 . 2008-01-19 03:34 258,560 --a------ C:\WINDOWS\System32\dpx.dll
2008-04-27 19:23 . 2008-01-19 03:34 246,784 --a------ C:\WINDOWS\System32\drvstore.dll
2008-04-27 19:23 . 2008-01-19 03:36 218,624 --a------ C:\WINDOWS\System32\wdscore.dll
2008-04-27 19:23 . 2008-01-19 03:33 130,560 --a------ C:\WINDOWS\System32\PkgMgr.exe
2008-04-27 19:23 . 2008-01-19 03:35 35,328 --a------ C:\WINDOWS\System32\mspatcha.dll
2008-04-26 15:10 . 2008-01-10 16:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll
2008-04-26 15:10 . 2008-01-10 16:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll
2008-04-26 12:42 . 2008-04-26 12:42 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Apple Computer
2008-04-26 11:03 . 2008-04-26 14:35 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 11:03 . 2008-05-09 15:08 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 11:03 . 2008-05-09 15:08 65,536 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TM.blf
2008-04-26 02:06 . 2008-04-26 02:06 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-04-26 02:06 . 2008-04-27 18:03 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-04-25 23:04 . 2008-04-25 23:05 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\Stephanie
2008-04-25 22:45 . 2008-04-25 22:45 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\HP
2008-04-25 22:45 . 2008-04-25 22:45 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Hewlett-Packard
2008-04-25 22:44 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Searches
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Videos
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Saved Games
2008-04-25 22:43 . 2008-05-08 21:51 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Pictures
2008-04-25 22:43 . 2008-04-26 14:33 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Music
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Links
2008-04-25 22:43 . 2008-05-07 08:39 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Downloads
2008-04-25 22:43 . 2008-05-01 19:30 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Documents
2008-04-25 22:43 . 2008-05-01 19:29 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Contacts
2008-04-25 22:43 . 2006-11-02 08:37 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Media Center Programs
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> d--h----- C:\Users\Stephanie.Susan-PC.000\AppData
2008-04-25 22:43 . 2008-05-06 10:32 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000
2008-04-25 22:43 . 2008-04-25 22:43 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-25 22:43 . 2008-04-25 22:43 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-25 22:43 . 2008-05-09 15:08 262,144 --ah----- C:\Users\Stephanie.Susan-PC.000\ntuser.dat.LOG1
2008-04-25 22:43 . 2008-04-25 22:43 65,536 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:43 . 2008-04-25 22:43 0 --ah----- C:\Users\Stephanie.Susan-PC.000\ntuser.dat.LOG2
2008-04-24 00:03 . 2008-05-09 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 00:03 . 2008-04-24 00:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 23:02 . 2008-04-23 23:02 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 13:56 . 2008-04-20 13:57 25,799,597 --a------ C:\Users\Patrick\Documents.exe
2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\WINDOWS\Sun
2008-04-20 00:23 . 2008-04-20 00:24 <DIR> d-------- C:\Program Files\Java
2008-04-20 00:23 . 2008-04-20 00:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-19 18:25 . 2008-04-19 18:26 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-19 18:22 . 2008-04-25 22:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 20:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 20:04 --------- d-----w C:\ProgramData\Symantec
2008-05-06 19:47 --------- d-----w C:\Program Files\Yahoo!
2008-05-06 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 17:37 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-04 17:37 --------- d-----w C:\Program Files\Realtek
2008-05-04 13:13 --------- d-----w C:\ProgramData\WildTangent
2008-04-28 00:25 174 --sha-w C:\Program Files\desktop.ini
2008-04-28 00:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-28 00:16 --------- d-----w C:\Program Files\Windows Calendar
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Mail
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Journal
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Defender
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-18 04:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-15 23:02 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-04-15 20:31 --------- d-----w C:\Program Files\DivX
2008-04-15 15:44 --------- d-----w C:\Program Files\HP
2008-04-15 15:39 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-15 04:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Templates
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Favorites
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Documents
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Desktop
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Application Data
2008-03-26 13:48 766,464 ----a-w C:\Windows\system32\drivers\athr.sys
2008-02-29 00:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 23:14 972,072 ----a-w C:\Windows\UNRecode.exe
2005-05-26 21:35 1,422 ----a-w C:\Program Files\ReadMe.txt
--sha-w 1,251,807,232 2008-05-09 19:15:15 \pagefile.sys
--sha-w 74 2006-12-28 19:25:44 \autoexec.bat
--sha-w 10 2006-09-18 21:43:37 \config.sys
--sha-r 0 2008-04-15 18:29:30 \MSDOS.SYS
--sha-r 0 2008-04-15 18:29:30 \IO.SYS
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 21:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 13:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 07:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\WINDOWS\RtHDVCpl.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 17:03 36640]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [5/1/2008 8:47:16 PM 1662]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoDeletePrinter"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BugSoft AnyTrial"=C:\Users\Patrick\Downloads\Software\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD & BlueRay Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD & BlueRay Support\SlySoft.AnyTrial RESET TOOL\AnyTrialControl.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"BM19db587a"=Rundll32.exe "C:\Windows\system32\tjyvprgm.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1785511274-261059448-3078229800-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07D01512-EDDD-42C3-9AD3-51D2240958FF}"= Profile=Private|C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4A4B35A4-34D9-4037-BCE9-732A5D87ED5D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DB520688-43DB-446E-B1EC-DD26BC8128EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{474D8E5C-0D47-4484-A533-39B93E528835}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0D0BF572-2B04-4E38-A775-445C4E8F26B3}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FF2370EE-00E0-4DD7-92E3-B8717DB79B1C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61DE21D9-1E2E-476E-A5ED-44C10EB4032C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E525810-4401-4C38-9B4C-E5FAF1C0C30D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7D34A7F6-5141-477A-8424-2E4DC3F6EBA9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65E6D178-4F7E-451E-8638-D6E3B5572A21}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5EF7EB0F-CBFF-49F3-AFC7-1EBFE9F12BE6}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{11237FA4-2BEC-401E-A926-5B53987313DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5DAF383E-715D-4C1C-ACEE-5EF56950141F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7EB69B6E-2F91-4DE6-B5BC-1B7EF576E339}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{85A9267D-A4E6-4AAB-9583-90834D86B3C1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F8A54D86-ADC0-4193-8ECB-16F9F5742FD1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6AC6B818-A0C8-48DF-AF32-EBBD4AA8EF29}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{32B619F8-7B48-45F5-ACC7-05A6717F963A}"= Disabled:C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4298780B-B0A1-4FE9-A79A-2E7ADDC76AFD}"= Disabled:UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9E18208E-A615-47ED-AF98-6D7868028CBE}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56D0806F-C7DE-4BD6-94A9-6444C44D6C2C}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1C7FF8BD-0843-4694-920C-3075151C6947}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{30D3A20D-FEE6-45A3-AD9B-CAF16B94937E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{803A3B64-B3BF-493B-BECD-4037A2EBF9C6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A20FC639-BA44-4A30-8793-60AFF20543B7}"= Disabled:UDP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{7D82C7C5-EF20-418E-8148-ECB04A0DDA96}"= Disabled:TCP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-04-04 17:47]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R2 AnyTrial;BugSoft AnyTrial;C:\Windows\AnyTrial.exe [2008-04-15 19:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 10:36]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys [2008-03-22 17:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 09:48]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-28 19:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 18:33:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 20:30:05 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Patrick.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-09 19:16:08 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-09 19:16:00 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 15:16:52
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-09 15:22:36 - machine was rebooted [Patrick]
ComboFix-quarantined-files.txt 2008-05-09 19:22:14
Pre-Run: 173,828,657,152 bytes free
Post-Run: 174,657,048,576 bytes free
361 --- E O F --- 2008-05-08 21:33:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:49 PM, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrick\Desktop\pp.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Cookies - {2003a090-8521-11d6-b186-2eed50000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208654648_b49711740bc4017d480a118a225c3338&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp ;) - C:\Windows\AnyTrial.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10024 bytes
Rorschach112
2008-05-09, 22:37
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\System32\avtrmowv.exe
C:\WINDOWS\System32\rxbecwgf.ini
C:\WINDOWS\System32\pfdxuvvl.exe
C:\Users\Patrick\Documents.exe
C:\Windows\system32\tjyvprgm.dll
Folder::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM19db587a"=-
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Also post a new HijackThis log
pprestwich
2008-05-09, 23:19
I ran combo fix already and it got rid of all the entries of virtumonde.dll. Should i still follow your last set of instructions or can i just leave it alone? Plus the 2 log reports were from after i ran combofix.
Thanks
Rorschach112
2008-05-09, 23:23
Yep go ahead and post the logs
pprestwich
2008-05-10, 19:02
Here are the 2 logs that you asked for.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:01 AM, on 10/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrick\Downloads\Malware removel\pp.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Cookies - {2003a090-8521-11d6-b186-2eed50000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208654648_b49711740bc4017d480a118a225c3338&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp ;) - C:\Windows\AnyTrial.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9857 bytes
ComboFix 08-05-09.1 - Patrick 2008-05-10 11:28:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.152 [GMT -4:00]
Running from: C:\Users\Patrick\Desktop\ComboFix.exe
Command switches used :: C:\Users\Patrick\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Users\Patrick\Documents.exe
C:\WINDOWS\System32\avtrmowv.exe
C:\WINDOWS\System32\pfdxuvvl.exe
C:\WINDOWS\System32\rxbecwgf.ini
C:\Windows\system32\tjyvprgm.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Patrick\Documents.exe
C:\WINDOWS\System32\avtrmowv.exe
C:\WINDOWS\System32\pfdxuvvl.exe
C:\WINDOWS\System32\rxbecwgf.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-09 11:23 . 2008-05-09 11:23 <DIR> d-------- C:\Program Files\Safer Networking
2008-05-07 11:49 . 2008-05-09 11:37 1,688 --a------ C:\WINDOWS\wininit.ini
2008-05-07 10:49 . 2008-05-07 10:49 <DIR> d-------- C:\VundoFix Backups
2008-05-07 10:48 . 2008-05-09 12:06 39 --a------ C:\MUI00
2008-05-07 08:29 . 2008-05-07 08:29 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Yahoo!
2008-05-06 19:44 . 2008-05-06 19:44 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-05-06 16:11 . 2008-05-06 16:11 16 --a------ C:\WINDOWS\System32\coh.cache
2008-05-06 15:50 . 2008-05-06 16:04 123,952 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.SYS
2008-05-06 15:50 . 2008-05-06 16:04 10,740 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.CAT
2008-05-06 15:50 . 2008-05-06 16:04 805 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.INF
2008-05-06 15:48 . 2008-05-06 16:04 <DIR> d-------- C:\Program Files\Symantec
2008-05-06 15:47 . 2008-05-06 15:47 <DIR> d-------- C:\graphics
2008-05-06 12:07 . 2008-05-06 12:12 <DIR> d-------- C:\Users\Patrick\{1110f69d-63ed-4d75-9e49-8b0976fe452f}
2008-05-05 12:41 . 2008-05-05 12:56 <DIR> d-------- C:\WebCamNX
2008-05-05 12:39 . 2008-05-05 12:39 <DIR> d-------- C:\WebCam
2008-05-05 11:41 . 2008-05-05 11:41 <DIR> d-------- C:\Program Files\SuperAdBlocker(74).com
2008-05-05 11:08 . 2008-05-05 11:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-05 10:45 . 2008-05-05 10:45 244 --ah----- C:\sqmnoopt19.sqm
2008-05-05 10:45 . 2008-05-05 10:45 232 --ah----- C:\sqmdata19.sqm
2008-05-05 10:23 . 2008-05-05 10:23 244 --ah----- C:\sqmnoopt18.sqm
2008-05-05 10:23 . 2008-05-05 10:23 232 --ah----- C:\sqmdata18.sqm
2008-05-05 08:57 . 2008-05-06 16:29 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-05 08:57 . 2008-05-06 16:29 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-05 08:55 . 2008-05-05 08:55 244 --ah----- C:\sqmnoopt17.sqm
2008-05-05 08:55 . 2008-05-05 08:55 232 --ah----- C:\sqmdata17.sqm
2008-05-05 08:48 . 2008-05-05 08:48 244 --ah----- C:\sqmnoopt16.sqm
2008-05-05 08:48 . 2008-05-05 08:48 232 --ah----- C:\sqmdata16.sqm
2008-05-05 08:36 . 2008-05-05 08:36 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-05 08:36 . 2008-05-05 08:36 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-05 08:34 . 2008-05-05 08:34 107,472 --a------ C:\Users\Patrick\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-05 08:31 . 2008-05-05 08:31 <DIR> d-------- C:\Program Files\MSECache
2008-05-05 02:24 . 2008-05-05 02:32 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\ArcSoft
2008-05-04 18:28 . 2008-05-05 16:58 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\SiteAdvisor
2008-05-04 18:26 . 2008-05-04 18:26 244 --ah----- C:\sqmnoopt15.sqm
2008-05-04 18:26 . 2008-05-04 18:26 232 --ah----- C:\sqmdata15.sqm
2008-05-04 14:33 . 2008-05-04 14:33 244 --ah----- C:\sqmnoopt14.sqm
2008-05-04 14:33 . 2008-05-04 14:33 232 --ah----- C:\sqmdata14.sqm
2008-05-04 14:17 . 2008-05-04 14:17 <DIR> d-------- C:\Program Files\LucasArts
2008-05-04 14:12 . 2008-05-04 14:12 <DIR> d-------- C:\Program Files\mst software
2008-05-04 13:39 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-05-04 13:37 . 2008-01-15 11:26 4,874,240 --a------ C:\WINDOWS\RtHDVCpl.exe
2008-05-04 13:37 . 2008-01-15 19:19 2,047,576 --a------ C:\WINDOWS\System32\drivers\RTKVHDA.sys
2008-05-04 13:37 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-05-04 13:37 . 2008-01-09 18:52 636,416 --a------ C:\WINDOWS\System32\RtkPgExt.dll
2008-05-04 13:37 . 2007-11-13 12:35 532,480 --a------ C:\WINDOWS\System32\RTSndMgr.cpl
2008-05-04 13:37 . 2008-05-04 13:37 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-05-04 13:34 . 2008-05-04 13:34 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\WinBatch
2008-05-04 09:13 . 2008-05-04 09:13 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\WildTangent
2008-05-03 18:02 . 2008-05-03 18:02 244 --ah----- C:\sqmnoopt13.sqm
2008-05-03 18:02 . 2008-05-03 18:02 232 --ah----- C:\sqmdata13.sqm
2008-05-03 18:01 . 2008-05-03 21:10 249,856 --------- C:\WINDOWS\Setup1.exe
2008-05-03 18:01 . 2008-05-03 21:10 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-03 17:59 . 2008-05-03 17:59 <DIR> d-------- C:\Program Files\KeyScrambler
2008-05-03 17:59 . 2008-03-22 17:37 113,896 --a------ C:\WINDOWS\System32\drivers\keyscrambler.sys
2008-05-03 17:57 . 2008-05-03 17:57 <DIR> d-------- C:\WINDOWS\System32\URTTemp
2008-05-03 17:57 . 2008-05-03 17:57 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\SuperAdBlocker.com
2008-05-03 17:57 . 2008-05-06 10:32 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-03 17:45 . 2008-05-05 10:51 <DIR> d-------- C:\Users\Patrick\AppData\Roaming\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Users\All Users\McAfee
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\ProgramData\McAfee
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-03 17:43 . 2008-05-03 17:43 <DIR> d-------- C:\WINDOWS\System32\Adobe
2008-05-03 14:33 . 2008-05-03 14:33 244 --ah----- C:\sqmnoopt12.sqm
2008-05-03 14:33 . 2008-05-03 14:33 232 --ah----- C:\sqmdata12.sqm
2008-05-01 20:32 . 2008-05-01 22:50 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\LimeWire
2008-05-01 18:03 . 2008-05-01 18:03 244 --ah----- C:\sqmnoopt11.sqm
2008-05-01 18:03 . 2008-05-01 18:03 232 --ah----- C:\sqmdata11.sqm
2008-04-28 01:07 . 2008-04-28 01:07 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-27 19:27 . 2008-01-19 03:35 9,847,296 --a------ C:\WINDOWS\System32\NlsData000a.dll
2008-04-27 19:26 . 2008-01-19 03:35 3,072,000 --a------ C:\WINDOWS\System32\networkmap.dll
2008-04-27 19:25 . 2008-01-19 02:06 8,147,456 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-04-27 19:24 . 2008-01-19 03:36 704,512 --a------ C:\WINDOWS\System32\SmiEngine.dll
2008-04-27 19:24 . 2008-01-19 03:33 599,552 --a------ C:\WINDOWS\System32\vsp1cln.exe
2008-04-27 19:24 . 2008-01-19 03:36 357,888 --a------ C:\WINDOWS\System32\wbemcomn.dll
2008-04-27 19:24 . 2008-01-05 07:31 145,455 --a------ C:\WINDOWS\System32\perfmon.msc
2008-04-27 19:24 . 2008-01-19 03:36 139,264 --a------ C:\WINDOWS\System32\SmiInstaller.dll
2008-04-27 19:24 . 2008-01-05 07:31 3 --a------ C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-27 19:23 . 2008-01-19 03:34 305,152 --a------ C:\WINDOWS\System32\msdelta.dll
2008-04-27 19:23 . 2008-01-19 03:34 258,560 --a------ C:\WINDOWS\System32\dpx.dll
2008-04-27 19:23 . 2008-01-19 03:34 246,784 --a------ C:\WINDOWS\System32\drvstore.dll
2008-04-27 19:23 . 2008-01-19 03:36 218,624 --a------ C:\WINDOWS\System32\wdscore.dll
2008-04-27 19:23 . 2008-01-19 03:33 130,560 --a------ C:\WINDOWS\System32\PkgMgr.exe
2008-04-27 19:23 . 2008-01-19 03:35 35,328 --a------ C:\WINDOWS\System32\mspatcha.dll
2008-04-26 15:10 . 2008-01-10 16:15 755,027 --a------ C:\WINDOWS\System32\xvidcore.dll
2008-04-26 15:10 . 2008-01-10 16:16 159,839 --a------ C:\WINDOWS\System32\xvidvfw.dll
2008-04-26 12:42 . 2008-04-26 12:42 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Apple Computer
2008-04-26 11:03 . 2008-04-26 14:35 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 11:03 . 2008-05-10 11:28 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 11:03 . 2008-05-10 11:28 65,536 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{30835211-1337-11dd-9aeb-001a922a71c7}.TM.blf
2008-04-26 02:06 . 2008-04-26 02:06 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-04-26 02:06 . 2008-04-27 18:03 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-04-25 23:04 . 2008-04-25 23:05 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\Stephanie
2008-04-25 22:45 . 2008-04-25 22:45 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\HP
2008-04-25 22:45 . 2008-04-25 22:45 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Hewlett-Packard
2008-04-25 22:44 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Searches
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Videos
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Saved Games
2008-04-25 22:43 . 2008-05-09 21:56 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Pictures
2008-04-25 22:43 . 2008-04-26 14:33 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Music
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Links
2008-04-25 22:43 . 2008-05-07 08:39 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Downloads
2008-04-25 22:43 . 2008-05-01 19:30 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Documents
2008-04-25 22:43 . 2008-05-09 21:19 <DIR> dr------- C:\Users\Stephanie.Susan-PC.000\Contacts
2008-04-25 22:43 . 2006-11-02 08:37 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Media Center Programs
2008-04-25 22:43 . 2008-04-25 22:44 <DIR> d--h----- C:\Users\Stephanie.Susan-PC.000\AppData
2008-04-25 22:43 . 2008-05-06 10:32 <DIR> d-------- C:\Users\Stephanie.Susan-PC.000
2008-04-25 22:43 . 2008-04-25 22:43 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-25 22:43 . 2008-04-25 22:43 524,288 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-25 22:43 . 2008-05-10 11:28 262,144 --ah----- C:\Users\Stephanie.Susan-PC.000\ntuser.dat.LOG1
2008-04-25 22:43 . 2008-04-25 22:43 65,536 --ahs---- C:\Users\Stephanie.Susan-PC.000\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:43 . 2008-04-25 22:43 0 --ah----- C:\Users\Stephanie.Susan-PC.000\ntuser.dat.LOG2
2008-04-24 00:03 . 2008-05-10 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 00:03 . 2008-04-24 00:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 23:02 . 2008-04-23 23:02 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 00:25 . 2008-04-20 00:25 <DIR> d-------- C:\WINDOWS\Sun
2008-04-20 00:23 . 2008-04-20 00:24 <DIR> d-------- C:\Program Files\Java
2008-04-20 00:23 . 2008-04-20 00:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-19 18:25 . 2008-04-19 18:26 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-19 18:22 . 2008-04-25 22:18 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-18 12:57 . 2008-04-25 22:18 <DIR> d-------- C:\Program Files\iTunes
2008-04-18 12:57 . 2008-04-18 12:57 <DIR> d-------- C:\Program Files\iPod
2008-04-18 12:45 . 2008-04-18 12:54 <DIR> d-------- C:\Program Files\QuickTime
2008-04-18 12:40 . 2008-04-18 12:54 <DIR> d-------- C:\Users\All Users\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 20:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 20:04 --------- d-----w C:\ProgramData\Symantec
2008-05-06 19:47 --------- d-----w C:\Program Files\Yahoo!
2008-05-06 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 17:37 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-04 17:37 --------- d-----w C:\Program Files\Realtek
2008-05-04 15:30 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-04 13:13 --------- d-----w C:\ProgramData\WildTangent
2008-04-28 00:25 174 --sha-w C:\Program Files\desktop.ini
2008-04-28 00:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-28 00:16 --------- d-----w C:\Program Files\Windows Calendar
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Mail
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Journal
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Defender
2008-04-28 00:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-27 23:43 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-27 23:43 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-18 04:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-15 23:02 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-04-15 20:31 --------- d-----w C:\Program Files\DivX
2008-04-15 15:44 --------- d-----w C:\Program Files\HP
2008-04-15 15:39 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-15 04:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Templates
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Favorites
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Documents
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Desktop
2008-04-15 03:10 --------- d-sh--w C:\ProgramData\Application Data
2008-03-26 13:48 766,464 ----a-w C:\Windows\system32\drivers\athr.sys
2008-03-23 01:30 2,085,376 ----a-w C:\Windows\System32\x264vfw.dll
2008-03-04 19:33 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-02-29 00:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 23:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-18 23:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2005-05-26 21:35 1,422 ----a-w C:\Program Files\ReadMe.txt
--sha-w 1,390,219,264 2008-05-10 02:46:24 \pagefile.sys
--sha-w 74 2006-12-28 19:25:44 \autoexec.bat
--sha-w 10 2006-09-18 21:43:37 \config.sys
--sha-r 0 2008-04-15 18:29:30 \MSDOS.SYS
--sha-r 0 2008-04-15 18:29:30 \IO.SYS
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\config.sys
2006-09-18 21:43 10 --sha-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-09_15.21.43.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 19:15:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-09 19:59:23 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-09 19:16:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-10 15:30:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-09 19:08:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-05-10 15:27:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-05-09 19:16:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-09 20:00:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-09 20:00:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-09 19:07:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-10 15:16:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-09 19:07:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-10 15:16:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-09 19:07:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-10 15:16:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-09 19:08:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-10 15:28:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-05-09 17:01:20 9,308 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1785511274-261059448-3078229800-1000_UserData.bin
+ 2008-05-09 20:01:40 9,504 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1785511274-261059448-3078229800-1000_UserData.bin
- 2008-05-09 17:01:20 66,634 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-09 20:01:40 66,990 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-08 23:19:10 45,696 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-09 20:01:38 46,296 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 14:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 21:15 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 13:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 07:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\WINDOWS\RtHDVCpl.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 17:03 36640]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
C:\Users\Stephanie.Susan-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [5/1/2008 8:47:16 PM 1662]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
"NoDeletePrinter"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BugSoft AnyTrial"=C:\Users\Patrick\Downloads\Software\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD & BlueRay Support\AnyDVD.&.AnyDVD.HD.v6.3.1.5.FiNAL + HD & BlueRay Support\SlySoft.AnyTrial RESET TOOL\AnyTrialControl.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1785511274-261059448-3078229800-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{07D01512-EDDD-42C3-9AD3-51D2240958FF}"= Profile=Private|C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4A4B35A4-34D9-4037-BCE9-732A5D87ED5D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DB520688-43DB-446E-B1EC-DD26BC8128EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{474D8E5C-0D47-4484-A533-39B93E528835}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0D0BF572-2B04-4E38-A775-445C4E8F26B3}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FF2370EE-00E0-4DD7-92E3-B8717DB79B1C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{61DE21D9-1E2E-476E-A5ED-44C10EB4032C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E525810-4401-4C38-9B4C-E5FAF1C0C30D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7D34A7F6-5141-477A-8424-2E4DC3F6EBA9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65E6D178-4F7E-451E-8638-D6E3B5572A21}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5EF7EB0F-CBFF-49F3-AFC7-1EBFE9F12BE6}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{11237FA4-2BEC-401E-A926-5B53987313DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5DAF383E-715D-4C1C-ACEE-5EF56950141F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7EB69B6E-2F91-4DE6-B5BC-1B7EF576E339}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{85A9267D-A4E6-4AAB-9583-90834D86B3C1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F8A54D86-ADC0-4193-8ECB-16F9F5742FD1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6AC6B818-A0C8-48DF-AF32-EBBD4AA8EF29}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{32B619F8-7B48-45F5-ACC7-05A6717F963A}"= Disabled:C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4298780B-B0A1-4FE9-A79A-2E7ADDC76AFD}"= Disabled:UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9E18208E-A615-47ED-AF98-6D7868028CBE}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56D0806F-C7DE-4BD6-94A9-6444C44D6C2C}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1C7FF8BD-0843-4694-920C-3075151C6947}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{30D3A20D-FEE6-45A3-AD9B-CAF16B94937E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{803A3B64-B3BF-493B-BECD-4037A2EBF9C6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A20FC639-BA44-4A30-8793-60AFF20543B7}"= Disabled:UDP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{7D82C7C5-EF20-418E-8148-ECB04A0DDA96}"= Disabled:TCP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-04-04 17:47]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R2 AnyTrial;BugSoft AnyTrial;C:\Windows\AnyTrial.exe [2008-04-15 19:23]
R2 RogersUpdateManager;Rogers Update Manager;C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [2007-10-31 09:34]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 14:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 10:36]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys [2008-03-22 17:37]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 18:32]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 09:48]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-28 19:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 15:33:06 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-06 20:30:05 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Patrick.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-05-10 15:15:16 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-09 19:59:29 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 11:32:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-10 11:34:23
ComboFix-quarantined-files.txt 2008-05-10 15:34:17
ComboFix2.txt 2008-05-09 19:23:00
Pre-Run: 167,569,010,688 bytes free
Post-Run: 167,594,979,328 bytes free
357 --- E O F --- 2008-05-08 21:33:43
Rorschach112
2008-05-10, 20:12
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also tell me how your PC is running
pprestwich
2008-05-11, 17:39
here is the log you asked for. Also my computer seems to be running fine. Is there anything I should be looking for?
Malwarebytes' Anti-Malware 1.12
Database version: 739
Scan type: Quick Scan
Objects scanned: 37798
Time elapsed: 4 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Stephanie.Susan-PC.000\AppData\Local\Temp\tmp00030694 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Stephanie.Susan-PC.000\AppData\Local\Temp\tmp005bdbbf (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Stephanie.Susan-PC.000\AppData\Local\Temp\tmp021f2e5a (Trojan.Vundo) -> Quarantined and deleted successfully.
Rorschach112
2008-05-11, 18:07
Your logs are clean ! We need to do a few things
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
Rorschach112
2008-05-16, 03:14
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.