View Full Version : Additional help needed
Guilty Sp4rk
2009-04-22, 04:24
I'm sorry for not replying for a while. I can't find my thread so i started a new one. I was directed to disable trendmicro and run combofix again. The problem is, I can't disable it. It requires a password to disable and I don't have it. This computer is the one I use for homeschooling, they have the password... here is an up to date hjt log. Please help:sad:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:20 PM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.connectionsacademy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {4c39ece2-e0cf-4110-affc-c119de4ce517} - C:\WINDOWS\system32\duputiva.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\hsf73ikmdf3f.dll - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Name] C:\WINDOWS\system32\cas\msname.vbs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [2315632b] rundll32.exe "C:\WINDOWS\system32\dajufiwe.dll",b
O4 - HKLM\..\Run: [CPM202650b7] Rundll32.exe "c:\windows\system32\zesiyaza.dll",a
O4 - HKLM\..\Run: [Wdeholifetahefoz] rundll32.exe "C:\WINDOWS\Cfagazuyufom.dat",e
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF15735.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Student\LOCALS~1\Temp\189101462.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://schools.connectionsacademy.com
O15 - Trusted Zone: www.aim.com (http://www.aim.com)
O15 - Trusted Zone: www.aolatschool.com (http://www.aolatschool.com)
O15 - Trusted Zone: ar.atwola.com
O15 - Trusted Zone: www.ar.atwola.com (http://www.ar.atwola.com)
O15 - Trusted Zone: www.brainpop.com (http://www.brainpop.com)
O15 - Trusted Zone: http://schools.connectionsacademy.com
O15 - Trusted Zone: www.edgate.com (http://www.edgate.com)
O15 - Trusted Zone: www.letsgolearn.com (http://www.letsgolearn.com)
O15 - Trusted Zone: http://*.msnbc.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: http://*.schoolnotes.com
O15 - Trusted Zone: http://*.teacherweb.com
O15 - Trusted Zone: www.worldbookonline.com (http://www.worldbookonline.com)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40B284D1-D9E6-40FD-B729-D15A4ACFC1E5}: NameServer = 71.242.0.12 71.250.0.12
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10639 bytes
http://forums.spybot.info/showthread.php?p=306540
Guilty Sp4rk
2009-04-22, 04:58
Sorry, here is the link to the archived thread: http://forums.spybot.info/showthread.php?t=47663&page=4
Again, I'm sorry I didn't reply to that. I was having trouble with my internet connection.
pskelley
2009-04-27, 14:42
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.
If you still need help, read the directions so you can see stuff like this:
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
Then post a new HJT log since it has been a week. The last log indicates a very infected computer so do not expect fast or easy. The computer should only be online when you are troubleshooting.
Thanks
Guilty Sp4rk
2009-04-28, 00:24
Here is the fresh HJT log as you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:48 PM, on 4/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\RAUAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\Program Files\OfficeScan NT\PccNTMon.EXE
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.connectionsacademy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {4c39ece2-e0cf-4110-affc-c119de4ce517} - C:\WINDOWS\system32\duputiva.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\hsf73ikmdf3f.dll - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Name] C:\WINDOWS\system32\cas\msname.vbs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [2315632b] rundll32.exe "C:\WINDOWS\system32\dajufiwe.dll",b
O4 - HKLM\..\Run: [CPM202650b7] Rundll32.exe "c:\windows\system32\zesiyaza.dll",a
O4 - HKLM\..\Run: [Wdeholifetahefoz] rundll32.exe "C:\WINDOWS\Cfagazuyufom.dat",e
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF15735.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Student\LOCALS~1\Temp\189101462.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://schools.connectionsacademy.com
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.aolatschool.com
O15 - Trusted Zone: ar.atwola.com
O15 - Trusted Zone: www.ar.atwola.com
O15 - Trusted Zone: www.brainpop.com
O15 - Trusted Zone: http://schools.connectionsacademy.com
O15 - Trusted Zone: www.edgate.com
O15 - Trusted Zone: www.letsgolearn.com
O15 - Trusted Zone: http://*.msnbc.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: http://*.schoolnotes.com
O15 - Trusted Zone: http://*.teacherweb.com
O15 - Trusted Zone: www.worldbookonline.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11526 bytes
pskelley
2009-04-28, 00:32
http://www.connectionsacademy.com/home.aspx <<< this is a personal computer? If not, see this:
http://forums.spybot.info/showpost.php?p=25712&postcount=5
More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.
To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected, immediately.
If it is a personal computer, proceed like this carefully:
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks
Guilty Sp4rk
2009-04-28, 00:40
It belongs to the home schooling system I use, I'm not connected to a network though, they sent the computer to me and I use it at home. But unfortunately the tech support is horrible, and they always give me the same answer to everything: "run spybot and remove the threat, you're fine." Thats even after I tell them that virtumonde keeps re-appearing. I'm asking you to please help me out so I can get back to work and hopefully I won't fail this year :sad:
pskelley
2009-04-28, 00:46
I you can accept responsibility for the computer, continue with the instructions I posted.
Thanks...Phil
Guilty Sp4rk
2009-04-28, 01:34
I take full responsibility for the computer.
Here is my ComboFix log:
ComboFix 09-04-27.02 - Student 04/27/2009 18:18.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.76 [GMT -7:00]
Running from: c:\documents and settings\Student\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Service_FCI
-------\Legacy_FCI
-------\Service_FCI
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-27 20:23 . 2009-04-27 20:48 -------- d-----w c:\documents and settings\Student\Application Data\Desktop Sidebar
2009-04-27 20:05 . 2009-04-27 20:05 -------- d-----w c:\program files\Desktop Sidebar
2009-04-25 06:05 . 2005-11-14 05:40 89360 ----a-w c:\windows\system32\VB5DB.DLL
2009-04-25 06:05 . 2009-04-25 06:17 -------- d-----w C:\Unreal Anthology
2009-04-25 00:51 . 2009-04-27 07:52 -------- d-----w C:\Quake2
2009-04-25 00:32 . 2009-04-25 00:32 -------- d--h--w c:\windows\PIF
2009-04-25 00:03 . 2009-04-25 00:03 -------- d-----w c:\program files\Nufsoft
2009-04-22 20:08 . 2009-04-22 20:08 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-22 20:08 . 2009-04-22 20:08 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-22 20:08 . 2009-04-22 20:08 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-22 06:18 . 2009-04-25 06:47 -------- d-----w c:\program files\PSP Wallpaper Maker
2009-04-21 04:42 . 2009-04-21 05:19 -------- d-----w c:\program files\Rockstar Custom Tracks
2009-04-21 00:07 . 2009-04-21 00:15 -------- d-----w c:\documents and settings\Student\Application Data\Skype
2009-04-21 00:07 . 2009-04-21 00:07 -------- d-----r c:\program files\Skype
2009-04-21 00:07 . 2009-04-21 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-19 04:08 . 2009-04-19 04:08 -------- d-----w c:\program files\Pcsx2
2009-04-19 02:25 . 2009-04-19 02:30 -------- d-----w c:\documents and settings\Student\Application Data\SoundSpectrum
2009-04-19 02:23 . 2009-04-19 02:23 -------- d-----w c:\program files\SoundSpectrum
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\Student\Application Data\Sony
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Sony
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-17 05:45 . 2009-04-17 05:45 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Downloaded Installations
2009-04-17 05:44 . 2009-04-21 06:27 -------- d-----w c:\program files\Sony
2009-04-17 05:44 . 2009-04-17 05:44 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-17 05:43 . 2009-04-17 05:43 -------- d-----w c:\program files\Sony Setup
2009-04-16 23:07 . 2009-04-16 23:07 0 ----a-w c:\windows\Xwofiwam.bin
2009-04-16 23:07 . 2009-04-17 06:10 158208 ----a-w c:\windows\Cfagazuyufom.dat
2009-04-16 21:17 . 2009-04-16 21:17 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\{AF69389A-FCD4-4ADE-AA55-2047887F4793}
2009-04-15 08:03 . 2009-04-25 09:52 -------- d-----w c:\documents and settings\Student\Application Data\Stardock
2009-04-15 08:03 . 2009-04-15 08:03 -------- dc-h--w c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-15 08:02 . 2009-04-15 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\Stardock
2009-04-15 08:02 . 2009-04-15 08:04 -------- d-----w c:\program files\Stardock
2009-04-13 05:18 . 2009-04-13 05:18 -------- d-----w c:\program files\ffdshow
2009-04-13 05:18 . 2009-04-14 00:45 -------- d-----w c:\documents and settings\Student\Application Data\Sp4rkMod
2009-04-12 02:23 . 2009-04-12 02:23 -------- d-----w C:\VundoFix Backups
2009-04-12 01:50 . 2009-04-12 01:50 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-11 21:36 . 2009-04-27 20:02 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Stardock
2009-04-11 21:29 . 2003-02-27 05:27 36864 ----a-w c:\windows\system32\wbsys.dll
2009-04-11 21:29 . 2009-04-11 21:29 -------- d-----w c:\program files\Common Files\Stardock
2009-04-11 21:29 . 2009-04-16 07:23 -------- d-----w c:\program files\AlienGUIse
2009-04-11 19:49 . 2009-04-11 19:49 -------- d-----w c:\program files\Crytek
2009-04-11 06:01 . 2009-04-11 06:01 -------- d-----w c:\documents and settings\Student\Application Data\Thinking Minds Budiling Bytes
2009-04-10 01:18 . 2009-04-10 01:18 -------- d-----w c:\documents and settings\Student\Application Data\URSoft
2009-04-10 01:18 . 2009-04-25 00:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 01:18 . 2009-04-11 21:42 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-10 00:01 . 2009-04-10 00:05 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-10 00:01 . 2009-04-10 00:01 -------- d-----w c:\documents and settings\Student\Application Data\SystemRequirementsLab
2009-04-08 05:40 . 2009-04-08 05:40 4096 ----a-w c:\windows\d3dx.dat
2009-04-07 19:13 . 2009-04-07 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-07 05:09 . 2009-04-25 03:56 -------- d-----w c:\windows\system32\Adobe
2009-04-04 22:42 . 2009-04-04 22:42 -------- d-----w c:\program files\JanSoft
2009-04-04 22:33 . 2004-01-08 18:38 208896 ----a-w c:\windows\system\lame_enc.dll
2009-04-04 21:42 . 2009-04-04 21:42 -------- d-----w c:\documents and settings\Student\Application Data\dvdcss
2009-04-04 18:55 . 2007-06-29 21:47 34304 ----a-w c:\windows\system32\drivers\AmdLLD.sys
2009-04-04 18:55 . 2009-04-04 18:55 -------- d-----w c:\program files\AMD
2009-04-04 18:50 . 2009-04-04 18:51 -------- d-----w c:\windows\system32\The Future Is Fusion dir
2009-04-04 18:50 . 2009-04-04 18:50 520192 ----a-w c:\windows\system32\The Future Is Fusion.scr
2009-04-04 02:12 . 2009-04-04 02:12 -------- d-----w c:\program files\Ubisoft
2009-04-03 06:51 . 2004-08-04 07:56 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-03 06:51 . 2004-08-04 07:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-02 23:01 . 2009-04-04 02:01 -------- d-----w c:\program files\the Rosenrot Screensaver
2009-03-31 21:42 . 2009-03-31 21:51 -------- d-----w c:\documents and settings\Student\Application Data\vlc
2009-03-31 21:41 . 2009-03-31 21:41 -------- d-----w c:\program files\VideoLAN
2009-03-31 21:18 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-31 21:18 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-03-31 21:18 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-03-31 21:18 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-03-31 21:18 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-03-31 21:18 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-31 21:18 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-03-31 21:18 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-03-31 20:30 . 2009-03-31 20:30 253688 ----a-w c:\windows\system32\cssdll32.dll.vir
2009-03-31 20:30 . 2009-04-01 08:07 -------- d-----w c:\program files\AskBarDis
2009-03-31 20:26 . 2009-04-22 20:15 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-03-31 20:26 . 2009-04-22 20:08 -------- d-----w c:\program files\COMODO
2009-03-31 20:24 . 2009-03-31 20:24 -------- d-----w c:\windows\system32\CatRoot_bak
2009-03-31 00:33 . 2009-03-31 00:33 -------- d-----w c:\program files\PQDVD
2009-03-30 22:36 . 2009-03-30 22:36 -------- d-----w c:\program files\Xiph.Org
2009-03-29 02:25 . 2009-03-31 22:15 -------- d-----w c:\program files\Peretek
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 01:22 . 2007-06-08 21:46 -------- d-----w c:\program files\OfficeScan NT
2009-04-28 00:11 . 2009-03-15 02:47 -------- d-----w c:\program files\YouTube Downloader
2009-04-28 00:10 . 2009-03-17 08:24 -------- d-----w c:\program files\Isotope244 Graphics
2009-04-25 06:05 . 2006-07-11 05:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 22:14 . 2009-03-13 03:56 46472 ----a-w c:\documents and settings\Student\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 00:25 . 2009-03-25 09:10 -------- d-----w c:\program files\the FarCry River Screensaver
2009-04-19 01:13 . 2009-03-19 20:57 -------- d-----w c:\program files\ZMatrix
2009-04-14 08:46 . 2006-02-28 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-13 02:10 . 2006-07-11 05:47 -------- d-----w c:\program files\Java
2009-04-12 20:08 . 2006-02-28 12:00 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-11 20:33 . 2009-03-21 06:16 -------- d-----w c:\program files\SCi Games
2009-04-10 07:21 . 2009-03-20 04:00 -------- d-----w c:\program files\OgreDemo
2009-04-10 07:13 . 2009-03-14 05:54 -------- d-----w c:\program files\Extension Changer
2009-04-10 01:24 . 2009-03-14 01:39 -------- d-----w c:\program files\Common Files\Apple
2009-03-31 22:15 . 2009-03-25 09:08 -------- d-----w c:\program files\the FarCry Slideshow
2009-03-29 00:16 . 2009-03-29 00:16 -------- d-----w c:\program files\SRS Labs
2009-03-25 09:06 . 2009-03-25 09:06 818753 ----a-w c:\windows\system32\My Screensaver.scr
2009-03-25 02:41 . 2009-03-25 02:41 -------- d-----w c:\program files\Audacity
2009-03-21 06:18 . 2009-03-21 06:18 -------- d-----w c:\program files\Common Files\DirectX
2009-03-21 02:56 . 2009-03-21 02:56 -------- d-----w c:\program files\Trend Micro
2009-03-21 02:05 . 2009-03-14 01:42 -------- d-----w c:\program files\Bonjour
2009-03-21 02:03 . 2009-03-21 01:57 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-21 01:28 . 2009-03-14 01:40 -------- d-----w c:\program files\QuickTime
2009-03-19 20:54 . 2009-03-19 20:54 -------- d-----w c:\program files\KellySoftware
2009-03-19 01:18 . 2009-03-19 00:00 -------- d-----w c:\program files\MyBot
2009-03-18 23:57 . 2009-03-18 23:56 -------- d-----w c:\program files\Buddy Icon Maker
2009-03-18 13:17 . 2009-03-18 13:17 231424 ----a-w C:\WhiteCap_JMC.dll
2009-03-18 06:11 . 2009-03-13 02:12 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 23:42 . 2009-03-16 23:42 0 ----a-w c:\windows\nsreg.dat
2009-03-16 09:36 . 2009-03-16 09:18 103509 ----a-w c:\windows\hpoins04.dat
2009-03-16 09:36 . 2009-03-16 09:36 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-16 09:36 . 2006-07-11 05:39 -------- d-----w c:\program files\Hewlett-Packard
2009-03-16 09:34 . 2006-07-11 05:56 -------- d-----w c:\program files\Hp
2009-03-15 00:30 . 2009-03-15 00:30 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-14 23:55 . 2009-03-14 23:55 -------- d-----w c:\program files\Rockstar Games
2009-03-14 04:09 . 2009-03-14 04:08 -------- d-----w c:\program files\Paint.NET
2009-03-14 01:40 . 2009-03-14 01:40 -------- d-----w c:\program files\Apple Software Update
2009-03-13 03:53 . 2009-03-13 03:53 0 ----a-w c:\windows\ativpsrm.bin
2009-03-13 02:09 . 2006-07-11 06:10 -------- d-----w c:\program files\Windows Media Connect
2009-03-13 02:01 . 2009-03-13 02:00 -------- d-----w c:\program files\AIM6
2009-03-13 02:01 . 2009-03-13 02:01 -------- d-----w c:\program files\Viewpoint
2009-03-13 02:00 . 2009-03-13 02:00 -------- d-----w c:\program files\Common Files\AOL
2009-03-12 22:29 . 2006-07-11 05:54 -------- d-----w c:\program files\ATI Technologies
2009-03-12 22:07 . 2009-03-12 21:32 -------- d-----w c:\program files\Microsoft Games
2009-03-12 21:40 . 2009-03-12 21:40 109208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-12 21:39 . 2009-03-12 21:39 -------- d-----w c:\program files\MSBuild
2009-03-12 21:39 . 2009-03-12 21:39 -------- d-----w c:\program files\Reference Assemblies
2009-03-12 21:34 . 2009-03-12 21:34 -------- d-----w c:\program files\MSXML 6.0
2009-03-12 21:19 . 2009-03-12 21:19 -------- d-----w c:\program files\RADVideo
2009-03-12 21:19 . 2009-03-12 21:19 -------- d-----w c:\program files\Opera
2009-03-09 12:19 . 2009-03-16 22:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 07:46 . 2009-02-10 07:46 3013120 ----a-w c:\windows\Matrix_ks.SCR
2009-02-09 10:19 . 2006-02-28 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-04 05:03 . 2009-02-04 05:03 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 . 2009-02-04 04:56 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:44 . 2009-02-04 04:44 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:13 . 2009-02-04 04:13 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-04 04:13 . 2009-02-04 04:13 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-04 04:05 . 2009-03-12 22:17 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-04 03:58 . 2009-02-04 03:58 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:53 . 2009-02-04 03:53 122880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 02:43 . 2009-02-04 02:43 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 . 2009-02-04 02:42 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 . 2009-02-04 02:40 3244032 ----a-w c:\windows\system32\aticaldd.dll
2009-01-11 20:08 . 2009-01-11 20:08 71680 --sha-w c:\windows\system32\watekaho.dll.vir
.
((((((((((((((((((((((((((((( SnapShot_2009-04-16_21.18.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08 . 2006-12-02 07:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2008-07-29 19:55 . 2008-07-29 19:55 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-04-28 01:22 . 2009-04-28 01:22 16384 c:\windows\temp\Perflib_Perfdata_374.dat
+ 2004-08-04 08:00 . 2004-08-04 08:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
- 2007-06-11 21:38 . 2007-04-30 23:33 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2007-06-11 21:38 . 2007-04-30 23:33 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-11-27 13:31 . 2008-11-27 13:31 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
- 2007-06-11 21:38 . 2007-04-30 23:30 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-06-11 21:34 . 2009-04-17 05:43 74137 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-04-22 20:08 . 2009-04-22 20:08 80400 c:\windows\system32\drivers\inspect.sys
+ 2009-04-27 20:23 . 2009-04-27 20:23 42166 c:\windows\Installer\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}\ARPPRODUCTICON.exe
+ 2009-04-17 05:44 . 2009-04-17 07:01 10134 c:\windows\Installer\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}\ARPPRODUCTICON.exe
+ 2009-04-17 05:47 . 2009-04-17 05:47 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\StorePluginInterface\b9f81be70feecbbe99caf76286a81b1c\StorePluginInterface.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 44544 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\5eef2f32e44870fde9f65d34d523ef3e\stdole.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Stardock.Central.Se#\d21cc57c839a3309804c1890db6b831b\Stardock.Central.Security.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 30720 c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\9eb969e20b8c21551b1d86ad18d6839c\SFMARKETLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\PluginSystem\d1764d7969525889f7413d707b86ebde\PluginSystem.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\b01acd50cd087cb03cfbdb96d2d1fc91\Interop.QTOControlLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 90112 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\a65941cb6afa45143e10029ed67b7c91\Interop.PortableDeviceTypesLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 90112 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\81acb7087a602f0c504aa419059435dd\Interop.PortableDeviceApiLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 35840 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\6c8a75ff0fe8a9ec2372a772253e56a5\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\bdba10f7daecebb3dad5884a3bd74bf5\Interop.CDDBLINKLibSMS.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\03362786ee7bab13244eaf01b7f230c2\Interfaces.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\098430f8e39fab317b8fa56a220ee659\AxInterop.QTOControlLib.ni.dll
+ 2009-04-17 05:45 . 2009-04-17 05:45 10096 c:\windows\assembly\GAC_32\StorePluginInterface\1.0.0.0__7010de4470b07f04\StorePluginInterface.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-09-23 06:48 . 2005-09-23 06:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 06:48 . 2005-09-23 06:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 06:48 . 2005-09-23 06:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-06-07 22:28 . 2005-06-07 22:28 155648 c:\windows\system32\SDCtrls.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
- 2007-06-11 21:38 . 2007-05-01 00:11 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-06-11 21:38 . 2007-05-01 00:11 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 581632 c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-25 02:32 . 2008-03-25 02:32 218496 c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
+ 2004-08-07 13:02 . 2009-04-25 09:47 210488 c:\windows\system32\FNTCACHE.DAT
+ 1998-10-29 18:45 . 2000-07-31 16:48 306688 c:\windows\IsUninst.exe
- 1998-10-29 18:45 . 1998-10-29 18:45 306688 c:\windows\IsUninst.exe
+ 2009-04-21 00:07 . 2009-04-21 00:07 364726 c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-04-25 09:58 . 2009-04-25 09:58 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\b99ee29e00649674dd4900e6b8831d7e\VistaBridgeLibrary.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 499712 c:\windows\assembly\NativeImages_v2.0.50727_32\VDialog\6e2721373a5ba721abcebc1ce13378e0\VDialog.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\SharpBITS.Base\a08b341782f3c475800ab5d21ab0d77a\SharpBITS.Base.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd\24ffcfe36e76c3c70c2ae34d3cb24166\Sd.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 770048 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Web\41fb1d8286e41831cb88bd2a7c8bdbe2\Sd.Web.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Uninstall\2136b4534ca01182644d38dc0d4d2439\Sd.Uninstall.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.UI\da65ec5d9e272826c382a25717176c25\Sd.UI.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Irc\9ca6aaf5da94b52dc20fcf46d6a90f63\Sd.Irc.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.InstallManager\ca97854c33d441a8cf53afebdc454267\Sd.InstallManager.ni.dll
+ 2009-04-25 09:59 . 2009-04-25 09:59 569344 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common.XmlSerial#\01645f0f2641776c80e24653276f0132\Sd.Common.XmlSerializers.ni.dll
+ 2009-04-25 09:59 . 2009-04-25 09:59 647168 c:\windows\assembly\NativeImages_v2.0.50727_32\sd.central.cvp.serv#\fafd8a8d2845ab3c522799fc21cb0efa\sd.central.cvp.server.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 147456 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive\3bc17674188ad6c059fd0508b9bd8cf6\Sd.Central.Archive.ni.dll
+ 2009-04-25 09:59 . 2009-04-25 09:59 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Central.Archive.#\dff753e68fed97b3135d80978f9489f0\Sd.Central.Archive.XmlSerializers.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\35ebc948721990d924151e6adbdb7a95\PerstNET.ni.dll
+ 2009-04-25 09:59 . 2009-04-25 09:59 331776 c:\windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\21c8d19f30c1a17dc21f73fe4abff7ef\MyDock.Util.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\6eb75f48b5dda8af19e61c9435b32ed3\MediaManager.Utils.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\02ec2139849b32357b821e85d3e757af\MediaManager.SplashScreen.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 966656 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\42f6dd88d1e574e1b442b4ce57e5edf0\MediaManager.GUI.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\b367e4694dcafc89ec4a3560cc007306\Lucene.Net.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 712704 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\c214dffd2c15fedb78004903ebe143ef\log4net.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 847872 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\10227b612e8dfe5456b327126e1975c8\Interop.WMPLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\be0a732a8653d694ae0ec1fed06a22eb\Interop.SHDocVw.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\113eabd3cd18b3bad2963a8c640b4bf1\Interop.QTOLibrary.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\79d4338e1ea9190a7c217c2f69b70141\Interop.IWshRuntimeLibrary.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\560d96a30c42eca48611a8853209edae\Interop.IWshRuntimeLibrary.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 389120 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\881866bcbbf90b71169abc356f865b3c\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 700416 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\2e64a51cb2668ccaaa926809065d9219\ICSharpCode.SharpZipLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\a0d5ef7a6c9d5eeb13717fb2bae1d06d\GCPlayer.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\958e92e2d8d4b2f26d8f41d2dcfd20f5\AxInterop.WMPLib.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\297d47a6bcdd38f0220763c47c587043\AxInterop.SHDocVw.ni.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-02-28 12:00 . 2005-11-14 05:40 1386496 c:\windows\system32\msvbvm60.dll
+ 2008-11-27 13:31 . 2008-11-27 13:31 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 1036288 c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\206a1dd4d1979264215c9934851409cb\Sony.MediaSoftware.clrshared.ni.dll
+ 2009-04-25 09:58 . 2009-04-25 09:58 1282048 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Common\c02bef379d14f8e34265f08e4be848df\Sd.Common.ni.dll
+ 2009-04-17 05:47 . 2009-04-17 05:47 1921024 c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\795d34e155788cc87e76ccb0d0ace8d0\MediaManager.ni.exe
+ 2009-04-25 09:59 . 2009-04-25 09:59 5963776 c:\windows\assembly\NativeImages_v2.0.50727_32\Impulse\714c976b811596123714c4896f373890\Impulse.ni.exe
+ 2009-04-17 05:47 . 2009-04-17 05:47 7110656 c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\b756c8f526ee32e48caff333e02f1af7\AppCommon.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c39ece2-e0cf-4110-affc-c119de4ce517}]
c:\windows\system32\duputiva.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2BA40A2-74F3-42BD-F434-2604812C8954}]
c:\windows\system32\hsf73ikmdf3f.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
c:\documents and settings\Student\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 323584]
Stardock ObjectDock.lnk - c:\program files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2009-4-15 3446512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-5-9 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoManageMyComputerVerb"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoThemesTab"= 1 (0x1)
"NoPropertiesRecycleBin"= 1 (0x1)
"NoFolderOptions"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B2BA40A2-74F3-42BD-F434-2604812C8954}"= "c:\windows\system32\hsf73ikmdf3f.dll" [BU]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\zesiyaza.dll" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mshpoce.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Student\\Desktop\\Black & White\\Black and White\\runblack.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Documents and Settings\\Student\\Application Data\\Sp4rkMod\\armorsurf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Quake2\\QUAKE2.EXE"=
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-22 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-22 24336]
S2 TmFilter;Trend Micro Filter;c:\program files\OfficeScan NT\TmXPFlt.sys [2008-11-27 205328]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\OfficeScan NT\TmPreFlt.sys [2008-11-27 36368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1003ad07-1bb1-11de-949c-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4191f182-22ea-11de-94a3-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae2a78f-10f2-11de-9491-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://schools.connectionsacademy.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aim.com\www
Trusted Zone: aol.com\iknowthat.school
Trusted Zone: aolatschool.com\www
Trusted Zone: atwola.com\ar
Trusted Zone: atwola.com\www.ar
Trusted Zone: brainpop.com\www
Trusted Zone: connectionsacademy.com\schools
Trusted Zone: D
Trusted Zone: edgate.com\www
Trusted Zone: letsgolearn.com\www
Trusted Zone: msnbc.com
Trusted Zone: passport.net\login
Trusted Zone: schoolnotes.com
Trusted Zone: teacherweb.com
Trusted Zone: worldbookonline.com\www
FF - ProfilePath - c:\documents and settings\Student\Application Data\Mozilla\Firefox\Profiles\qhfqqwfy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.isotope244.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 18:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????m??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AC8B27C-6EA8-21A2-D08F-827F395DFF83}*]
"jaendkkcgdhfgkbhnogg"=hex:66,61,6e,68,6e,62,69,70,6c,6b,62,69,00,2f
"pamnpofglimiajhlfhebfnnjfohndgka"=hex:65,61,6e,68,6d,62,6e,70,6a,6b,00,69
"haendkkcgdhfgkbh"=hex:6e,62,6e,68,70,62,6a,62,61,63,61,61,61,63,62,63,6b,64,
69,6a,6e,61,65,6d,6d,66,61,6e,70,67,68,66,69,61,6e,62,69,6d,62,6b,61,70,69,\
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="nlEdzWfcJFrUmEmxsa9oCPawQylv7p/C/eSuI8cv4Dkno/0/Xy8YDA=="
"PLCK"="egG6NwC6vxDNFG1a3atYpRoj9w27s2mq"
"Percents"="0 0.1465 0.3362 0.6169 0.8131 0.8961 0.9105 "
"Increment"=".003003"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\guard32.dll
c:\windows\mshpoce.dll
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\mshpoce.dll
c:\windows\Cfagazuyufom.dat
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\OfficeScan NT\ntrtscan.exe
c:\program files\OfficeScan NT\tmlisten.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OfficeScan NT\OfcDog.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Hp\HP Software Update\hpwuSchd2.exe
c:\windows\system32\DLA\DLACTRLW.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files\OfficeScan NT\PccNTMon.exe
c:\program files\OfficeScan NT\RAUAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OfficeScan NT\PccNTUpd.exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-28 18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 01:30
ComboFix2.txt 2009-04-16 22:39
ComboFix3.txt 2009-04-16 21:21
ComboFix4.txt 2009-04-14 09:01
ComboFix5.txt 2009-04-28 00:56
Pre-Run: 20,618,571,776 bytes free
Post-Run: 20,613,472,256 bytes free
487 --- E O F --- 2009-04-02 10:01
Guilty Sp4rk
2009-04-28, 01:37
Sorry for double post, logs were too much for one post.
Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:56 PM, on 4/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\OfficeScan NT\RAUAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.connectionsacademy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {4c39ece2-e0cf-4110-affc-c119de4ce517} - C:\WINDOWS\system32\duputiva.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\hsf73ikmdf3f.dll - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Name] C:\WINDOWS\system32\cas\msname.vbs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [2315632b] rundll32.exe "C:\WINDOWS\system32\dajufiwe.dll",b
O4 - HKLM\..\Run: [CPM202650b7] Rundll32.exe "c:\windows\system32\zesiyaza.dll",a
O4 - HKLM\..\Run: [Wdeholifetahefoz] rundll32.exe "C:\WINDOWS\Cfagazuyufom.dat",e
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF7461.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Student\LOCALS~1\Temp\189101462.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://schools.connectionsacademy.com
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.aolatschool.com
O15 - Trusted Zone: ar.atwola.com
O15 - Trusted Zone: www.ar.atwola.com
O15 - Trusted Zone: www.brainpop.com
O15 - Trusted Zone: http://schools.connectionsacademy.com
O15 - Trusted Zone: www.edgate.com
O15 - Trusted Zone: www.letsgolearn.com
O15 - Trusted Zone: http://*.msnbc.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: http://*.schoolnotes.com
O15 - Trusted Zone: http://*.teacherweb.com
O15 - Trusted Zone: www.worldbookonline.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11157 bytes
Here is my uninstall list:
3D Windows XP Screen Saver
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AIM 6
AlienGUIse Theme Manager
AMD Fusion for Gaming
Apple Software Update
Application Installer 4.00.B6
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Bonjour
Buddy Icon Maker 1.0.0.1
Catalyst Control Center - Branding
ClearType Tuning Control Panel Applet
COMODO Internet Security
COMODO SafeSurf
Critical Update for Windows Media Player 11 (KB959772)
CryENGINE MOD SDK for FarCry v1.4
Desktop Sidebar
Far Cry Demo
ffdshow [rev 2527] [2008-12-19]
Gloom
GTA San Andreas
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Help and Support
HP Image Zone 4.2
HP Integrated Module with Bluetooth wireless technology
HP Notebook Accessories Product Tour
HP PSC & OfficeJet 4.2
HP Quick Launch Buttons 6.00 G2
HP Update
HP User Guides 0022
HP Wireless Assistant 2.00 F1
InterVideo DVD Check
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6 Update 1
LADSPA_plugins-win-0.4.15
Machines at War
Matrix-ks
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo Custom Edition
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MyBot
Nature Illusion Studio
ObjectDock
Ogg Codecs 0.81.15562
Opera 9.64
Paint.NET v3.36
Pcsx2 0.9.6
Philips PC Camera
PlayStation(R)Network Downloader
PlayStation(R)Store
PSP Video Express(remove only)
Quake II
QuickTime
RAD Video Tools
Real 3D Matrix 3D Screensaver
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Seekapp 1.0 build 131
Skype™ 4.0
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sony Media Manager for PSP 3.0
SoundMAX
Sp4rkMod
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SRS Audio Sandbox
Stardock Impulse
Stardock Impulse
Static TV 3D Screensaver Free
Swiff Player 1.1
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
The Future Is Fusion Screen Saver
Trend Micro OfficeScan Client
Unreal Anthology
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
VLC media player 0.9.4
WhiteCap
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Your Uninstaller! 2008 Version 6.2
pskelley
2009-04-28, 01:44
Sorry for double post, logs were too much for one post.
That's not a problem, what is a problem is combofix has been run several times and I do not have that information.
ComboFix2.txt 2009-04-16 22:39
ComboFix3.txt 2009-04-16 21:21
ComboFix4.txt 2009-04-14 09:01
ComboFix5.txt 2009-04-28 00:56
That means the first run was two weeks ago, I need to be sure we are using the newest version of combofix. If this version has been on the computer for two week, please delete it from the computer, then download it new from the link I provided and post the new scan results. I will not proceed until I have this information.
Thanks
Guilty Sp4rk
2009-04-28, 01:50
I deleted previous versions and downloaded the one from your link just to be safe. The log I just posted is from the link you just gave me :)
pskelley
2009-04-28, 02:24
Please follow the directions carefully and in the numbered order.
1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
2) Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\vogekohe.dll
C:\WINDOWS\system32\dajufiwe.dll
c:\windows\system32\zesiyaza.dll
C:\WINDOWS\Cfagazuyufom.dat
C:\WINDOWS\TEMP\kfihi7v6.exe
C:\WINDOWS\system32\hsf73ikmdf3f.dll
c:\windows\system32\zesiyaza.dll
C:\DOCUME~1\Student\LOCALS~1\Temp\189101462.exe
c:\windows\Xwofiwam.bin
c:\windows\Cfagazuyufom.dat
c:\windows\system32\duputiva.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c39ece2-e0cf-4110-affc-c119de4ce517}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2BA40A2-74F3-42BD-F434-2604812C8954}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B2BA40A2-74F3-42BD-F434-2604812C8954}"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1003ad07-1bb1-11de-949c-0017a4e3bc5c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4191f182-22ea-11de-94a3-0017a4e3bc5c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae2a78f-10f2-11de-9491-0017a4e3bc5c}]
Folder::
C:\WINDOWS\system32\cas
C:\VundoFix Backups
Save this as CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(some items may be gone, removed by CFScript)
O2 - BHO: (no name) - {4c39ece2-e0cf-4110-affc-c119de4ce517} - C:\WINDOWS\system32\duputiva.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\hsf73ikmdf3f.dll - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Name] C:\WINDOWS\system32\cas\msname.vbs
O4 - HKLM\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s
O4 - HKLM\..\Run: [2315632b] rundll32.exe "C:\WINDOWS\system32\dajufiwe.dll",b
O4 - HKLM\..\Run: [CPM202650b7] Rundll32.exe "c:\windows\system32\zesiyaza.dll",a
O4 - HKLM\..\Run: [Wdeholifetahefoz] rundll32.exe "C:\WINDOWS\Cfagazuyufom.dat",e
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF7461.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kfihi7v6.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Student\LOCALS~1\Temp\189101462.exe
O4 - HKUS\S-1-5-19\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jiwihifanu] Rundll32.exe "C:\WINDOWS\system32\vogekohe.dll",s (User 'NETWORK SERVICE')
O15 - Trusted Zone <<< look at all 015 items and make sure you put them there. If you don't know any, check them and remove them with HJT.
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running now?
Thanks
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player 10 Plugin
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Ask Toolbar <<< suggested uninstall, see this information:
http://www.systemlookup.com/CLSID/27159.html
http://www.benedelman.org/spyware/ask-toolbars/
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Those are out of date and unsafe, uninstall them:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
SpywareBlaster v3.5.1 <<< badly out of date
Good program but won't protect you if you don't maintain it.
Viewpoint Media Player
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
http://vil.nai.com/vil/content/v_137262.htm
Guilty Sp4rk
2009-04-29, 03:25
Here are the logs from all 3 apps :)
ComboFix:
ComboFix 09-04-27.02 - Student 04/28/2009 17:00.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.156 [GMT -7:00]
Running from: c:\documents and settings\Student\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Student\Desktop\CFScript.txt
FW: COMODO Firewall *enabled*
* Created a new restore point
FILE ::
c:\docume~1\Student\LOCALS~1\Temp\189101462.exe
c:\windows\Cfagazuyufom.dat
c:\windows\system32\dajufiwe.dll
c:\windows\system32\duputiva.dll
c:\windows\system32\hsf73ikmdf3f.dll
c:\windows\system32\vogekohe.dll
c:\windows\system32\zesiyaza.dll
c:\windows\TEMP\kfihi7v6.exe
c:\windows\Xwofiwam.bin
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
c:\windows\Cfagazuyufom.dat
c:\windows\system32\cas
c:\windows\system32\cas\call.bat
c:\windows\system32\cas\caok.com
c:\windows\system32\cas\caok2.com
c:\windows\system32\cas\check.vbs
c:\windows\system32\cas\checkdateKW.vbs
c:\windows\system32\cas\delregkey.vbs
c:\windows\system32\cas\invisible.vbs
c:\windows\system32\cas\Locked.vbs
c:\windows\system32\cas\message.vbs
c:\windows\system32\cas\Mime.pl
c:\windows\system32\cas\msname.vbs
c:\windows\system32\cas\shut.bat
c:\windows\system32\cas\shutdown2.vbs
c:\windows\system32\cas\sn.vbs
c:\windows\system32\cas\StartShut.bat
c:\windows\Xwofiwam.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Service_FCI
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-28 07:20 . 2009-04-28 07:20 -------- d-----w c:\program files\Sanny Builder 3
2009-04-28 04:32 . 2009-04-28 04:32 -------- d-----w c:\documents and settings\Student\Application Data\Havok
2009-04-28 03:56 . 2009-04-28 04:39 -------- d-----w c:\program files\Havok
2009-04-27 20:23 . 2009-04-27 20:48 -------- d-----w c:\documents and settings\Student\Application Data\Desktop Sidebar
2009-04-27 20:05 . 2009-04-27 20:05 -------- d-----w c:\program files\Desktop Sidebar
2009-04-25 06:05 . 2005-11-14 05:40 89360 ----a-w c:\windows\system32\VB5DB.DLL
2009-04-25 06:05 . 2009-04-25 06:17 -------- d-----w C:\Unreal Anthology
2009-04-25 00:51 . 2009-04-27 07:52 -------- d-----w C:\Quake2
2009-04-25 00:32 . 2009-04-25 00:32 -------- d--h--w c:\windows\PIF
2009-04-25 00:03 . 2009-04-25 00:03 -------- d-----w c:\program files\Nufsoft
2009-04-22 20:08 . 2009-04-22 20:08 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-22 20:08 . 2009-04-22 20:08 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-22 20:08 . 2009-04-22 20:08 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-22 06:18 . 2009-04-25 06:47 -------- d-----w c:\program files\PSP Wallpaper Maker
2009-04-21 04:42 . 2009-04-21 05:19 -------- d-----w c:\program files\Rockstar Custom Tracks
2009-04-21 00:07 . 2009-04-28 07:34 -------- d-----w c:\documents and settings\Student\Application Data\Skype
2009-04-21 00:07 . 2009-04-21 00:07 -------- d-----r c:\program files\Skype
2009-04-21 00:07 . 2009-04-21 00:07 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-19 04:08 . 2009-04-19 04:08 -------- d-----w c:\program files\Pcsx2
2009-04-19 02:25 . 2009-04-19 02:30 -------- d-----w c:\documents and settings\Student\Application Data\SoundSpectrum
2009-04-19 02:23 . 2009-04-19 02:23 -------- d-----w c:\program files\SoundSpectrum
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\Student\Application Data\Sony
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-17 05:47 . 2009-04-17 05:47 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Sony
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-17 05:45 . 2009-04-17 05:45 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Downloaded Installations
2009-04-17 05:44 . 2009-04-21 06:27 -------- d-----w c:\program files\Sony
2009-04-17 05:44 . 2009-04-17 05:44 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-17 05:43 . 2009-04-17 05:43 -------- d-----w c:\program files\Sony Setup
2009-04-16 21:17 . 2009-04-16 21:17 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\{AF69389A-FCD4-4ADE-AA55-2047887F4793}
2009-04-15 08:03 . 2009-04-25 09:52 -------- d-----w c:\documents and settings\Student\Application Data\Stardock
2009-04-15 08:03 . 2009-04-15 08:03 -------- dc-h--w c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-15 08:02 . 2009-04-15 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\Stardock
2009-04-15 08:02 . 2009-04-15 08:04 -------- d-----w c:\program files\Stardock
2009-04-13 05:18 . 2009-04-13 05:18 -------- d-----w c:\program files\ffdshow
2009-04-13 05:18 . 2009-04-14 00:45 -------- d-----w c:\documents and settings\Student\Application Data\Sp4rkMod
2009-04-12 01:50 . 2009-04-12 01:50 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-11 21:36 . 2009-04-27 20:02 -------- d-----w c:\documents and settings\Student\Local Settings\Application Data\Stardock
2009-04-11 21:29 . 2003-02-27 05:27 36864 ----a-w c:\windows\system32\wbsys.dll
2009-04-11 21:29 . 2009-04-11 21:29 -------- d-----w c:\program files\Common Files\Stardock
2009-04-11 21:29 . 2009-04-16 07:23 -------- d-----w c:\program files\AlienGUIse
2009-04-11 19:49 . 2009-04-11 19:49 -------- d-----w c:\program files\Crytek
2009-04-11 06:01 . 2009-04-11 06:01 -------- d-----w c:\documents and settings\Student\Application Data\Thinking Minds Budiling Bytes
2009-04-10 01:18 . 2009-04-10 01:18 -------- d-----w c:\documents and settings\Student\Application Data\URSoft
2009-04-10 01:18 . 2009-04-25 00:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 01:18 . 2009-04-11 21:42 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-10 00:01 . 2009-04-10 00:05 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-10 00:01 . 2009-04-10 00:01 -------- d-----w c:\documents and settings\Student\Application Data\SystemRequirementsLab
2009-04-08 05:40 . 2009-04-08 05:40 4096 ----a-w c:\windows\d3dx.dat
2009-04-07 19:13 . 2009-04-07 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-07 05:09 . 2009-04-25 03:56 -------- d-----w c:\windows\system32\Adobe
2009-04-04 22:42 . 2009-04-04 22:42 -------- d-----w c:\program files\JanSoft
2009-04-04 22:33 . 2004-01-08 18:38 208896 ----a-w c:\windows\system\lame_enc.dll
2009-04-04 21:42 . 2009-04-04 21:42 -------- d-----w c:\documents and settings\Student\Application Data\dvdcss
2009-04-04 18:55 . 2007-06-29 21:47 34304 ----a-w c:\windows\system32\drivers\AmdLLD.sys
2009-04-04 18:55 . 2009-04-04 18:55 -------- d-----w c:\program files\AMD
2009-04-04 18:50 . 2009-04-04 18:51 -------- d-----w c:\windows\system32\The Future Is Fusion dir
2009-04-04 18:50 . 2009-04-04 18:50 520192 ----a-w c:\windows\system32\The Future Is Fusion.scr
2009-04-04 02:12 . 2009-04-04 02:12 -------- d-----w c:\program files\Ubisoft
2009-04-03 06:51 . 2004-08-04 07:56 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-03 06:51 . 2004-08-04 07:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-02 23:01 . 2009-04-04 02:01 -------- d-----w c:\program files\the Rosenrot Screensaver
2009-03-31 21:42 . 2009-03-31 21:51 -------- d-----w c:\documents and settings\Student\Application Data\vlc
2009-03-31 21:41 . 2009-03-31 21:41 -------- d-----w c:\program files\VideoLAN
2009-03-31 21:18 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-31 21:18 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-03-31 21:18 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-03-31 21:18 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-03-31 21:18 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-03-31 21:18 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-31 21:18 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-03-31 21:18 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-03-31 20:30 . 2009-03-31 20:30 253688 ----a-w c:\windows\system32\cssdll32.dll.vir
2009-03-31 20:30 . 2009-04-01 08:07 -------- d-----w c:\program files\AskBarDis
2009-03-31 20:26 . 2009-04-22 20:15 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-03-31 20:26 . 2009-04-22 20:08 -------- d-----w c:\program files\COMODO
2009-03-31 20:24 . 2009-03-31 20:24 -------- d-----w c:\windows\system32\CatRoot_bak
2009-03-31 00:33 . 2009-03-31 00:33 -------- d-----w c:\program files\PQDVD
2009-03-30 22:36 . 2009-03-30 22:36 -------- d-----w c:\program files\Xiph.Org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 00:05 . 2007-06-08 21:46 -------- d-----w c:\program files\OfficeScan NT
2009-04-28 00:11 . 2009-03-15 02:47 -------- d-----w c:\program files\YouTube Downloader
2009-04-28 00:10 . 2009-03-17 08:24 -------- d-----w c:\program files\Isotope244 Graphics
2009-04-25 06:05 . 2006-07-11 05:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 22:14 . 2009-03-13 03:56 46472 ----a-w c:\documents and settings\Student\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 00:25 . 2009-03-25 09:10 -------- d-----w c:\program files\the FarCry River Screensaver
2009-04-19 01:13 . 2009-03-19 20:57 -------- d-----w c:\program files\ZMatrix
2009-04-14 08:46 . 2006-02-28 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-13 02:10 . 2006-07-11 05:47 -------- d-----w c:\program files\Java
2009-04-12 20:08 . 2006-02-28 12:00 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-11 20:33 . 2009-03-21 06:16 -------- d-----w c:\program files\SCi Games
2009-04-10 07:21 . 2009-03-20 04:00 -------- d-----w c:\program files\OgreDemo
2009-04-10 07:13 . 2009-03-14 05:54 -------- d-----w c:\program files\Extension Changer
2009-04-10 01:24 . 2009-03-14 01:39 -------- d-----w c:\program files\Common Files\Apple
2009-03-31 22:15 . 2009-03-29 02:25 -------- d-----w c:\program files\Peretek
2009-03-31 22:15 . 2009-03-25 09:08 -------- d-----w c:\program files\the FarCry Slideshow
2009-03-29 00:16 . 2009-03-29 00:16 -------- d-----w c:\program files\SRS Labs
2009-03-25 09:06 . 2009-03-25 09:06 818753 ----a-w c:\windows\system32\My Screensaver.scr
2009-03-25 02:41 . 2009-03-25 02:41 -------- d-----w c:\program files\Audacity
2009-03-21 06:18 . 2009-03-21 06:18 -------- d-----w c:\program files\Common Files\DirectX
2009-03-21 02:56 . 2009-03-21 02:56 -------- d-----w c:\program files\Trend Micro
2009-03-21 02:05 . 2009-03-14 01:42 -------- d-----w c:\program files\Bonjour
2009-03-21 02:03 . 2009-03-21 01:57 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-21 01:28 . 2009-03-14 01:40 -------- d-----w c:\program files\QuickTime
2009-03-19 20:54 . 2009-03-19 20:54 -------- d-----w c:\program files\KellySoftware
2009-03-19 01:18 . 2009-03-19 00:00 -------- d-----w c:\program files\MyBot
2009-03-18 23:57 . 2009-03-18 23:56 -------- d-----w c:\program files\Buddy Icon Maker
2009-03-18 13:17 . 2009-03-18 13:17 231424 ----a-w C:\WhiteCap_JMC.dll
2009-03-18 06:11 . 2009-03-13 02:12 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-16 23:42 . 2009-03-16 23:42 0 ----a-w c:\windows\nsreg.dat
2009-03-16 09:36 . 2009-03-16 09:18 103509 ----a-w c:\windows\hpoins04.dat
2009-03-16 09:36 . 2009-03-16 09:36 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-16 09:36 . 2006-07-11 05:39 -------- d-----w c:\program files\Hewlett-Packard
2009-03-16 09:34 . 2006-07-11 05:56 -------- d-----w c:\program files\Hp
2009-03-15 00:30 . 2009-03-15 00:30 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-14 23:55 . 2009-03-14 23:55 -------- d-----w c:\program files\Rockstar Games
2009-03-14 04:09 . 2009-03-14 04:08 -------- d-----w c:\program files\Paint.NET
2009-03-14 01:40 . 2009-03-14 01:40 -------- d-----w c:\program files\Apple Software Update
2009-03-13 03:53 . 2009-03-13 03:53 0 ----a-w c:\windows\ativpsrm.bin
2009-03-13 02:09 . 2006-07-11 06:10 -------- d-----w c:\program files\Windows Media Connect
2009-03-13 02:01 . 2009-03-13 02:00 -------- d-----w c:\program files\AIM6
2009-03-13 02:01 . 2009-03-13 02:01 -------- d-----w c:\program files\Viewpoint
2009-03-13 02:00 . 2009-03-13 02:00 -------- d-----w c:\program files\Common Files\AOL
2009-03-12 22:29 . 2006-07-11 05:54 -------- d-----w c:\program files\ATI Technologies
2009-03-12 22:07 . 2009-03-12 21:32 -------- d-----w c:\program files\Microsoft Games
2009-03-12 21:40 . 2009-03-12 21:40 109208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-12 21:39 . 2009-03-12 21:39 -------- d-----w c:\program files\MSBuild
2009-03-12 21:39 . 2009-03-12 21:39 -------- d-----w c:\program files\Reference Assemblies
2009-03-12 21:34 . 2009-03-12 21:34 -------- d-----w c:\program files\MSXML 6.0
2009-03-12 21:19 . 2009-03-12 21:19 -------- d-----w c:\program files\RADVideo
2009-03-12 21:19 . 2009-03-12 21:19 -------- d-----w c:\program files\Opera
2009-03-09 12:19 . 2009-03-16 22:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-10 07:46 . 2009-02-10 07:46 3013120 ----a-w c:\windows\Matrix_ks.SCR
2009-02-09 10:19 . 2006-02-28 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-04 05:03 . 2009-02-04 05:03 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 . 2009-02-04 04:56 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:44 . 2009-02-04 04:44 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:13 . 2009-02-04 04:13 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-04 04:13 . 2009-02-04 04:13 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-04 04:05 . 2009-03-12 22:17 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-04 03:58 . 2009-02-04 03:58 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:53 . 2009-02-04 03:53 122880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 02:43 . 2009-02-04 02:43 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 . 2009-02-04 02:42 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 . 2009-02-04 02:40 3244032 ----a-w c:\windows\system32\aticaldd.dll
2009-01-11 20:08 . 2009-01-11 20:08 71680 --sha-w c:\windows\system32\watekaho.dll.vir
.
((((((((((((((((((((((((((((( SnapShot_2009-04-28_01.26.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 00:04 . 2009-04-29 00:04 16384 c:\windows\temp\Perflib_Perfdata_1c4.dat
- 2009-03-13 03:33 . 2009-03-13 03:33 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 1175552 c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_5490cd9f\msvcr80d.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 1036288 c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_5490cd9f\msvcp80d.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 1015808 c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_5490cd9f\msvcm80d.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-13 03:33 . 2009-03-13 03:33 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-04-28 04:34 . 2009-04-28 04:34 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c39ece2-e0cf-4110-affc-c119de4ce517}]
c:\windows\system32\duputiva.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2BA40A2-74F3-42BD-F434-2604812C8954}]
c:\windows\system32\hsf73ikmdf3f.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
c:\documents and settings\Student\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-7 323584]
Stardock ObjectDock.lnk - c:\program files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2009-4-15 3446512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-5-9 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoManageMyComputerVerb"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoThemesTab"= 1 (0x1)
"NoPropertiesRecycleBin"= 1 (0x1)
"NoFolderOptions"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B2BA40A2-74F3-42BD-F434-2604812C8954}"= "c:\windows\system32\hsf73ikmdf3f.dll" [BU]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\zesiyaza.dll" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zesiyaza.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mshpoce.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Student\\Desktop\\Black & White\\Black and White\\runblack.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Documents and Settings\\Student\\Application Data\\Sp4rkMod\\armorsurf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Quake2\\QUAKE2.EXE"=
"c:\\Program Files\\Havok\\Havok Behavior\\bin\\Release\\HBT.exe"=
"c:\\Documents and Settings\\Student\\Desktop\\New Folder\\RedFaction.exe"=
"c:\\Documents and Settings\\Student\\Desktop\\New Folder\\rf.exe"=
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-22 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-22 24336]
S2 TmFilter;Trend Micro Filter;c:\program files\OfficeScan NT\TmXPFlt.sys [2008-11-27 205328]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\OfficeScan NT\TmPreFlt.sys [2008-11-27 36368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1003ad07-1bb1-11de-949c-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4191f182-22ea-11de-94a3-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae2a78f-10f2-11de-9491-0017a4e3bc5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com g:
\Shell\Open\command - f:\resycled\ntldr.com g:
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://schools.connectionsacademy.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aim.com\www
Trusted Zone: aol.com\iknowthat.school
Trusted Zone: aolatschool.com\www
Trusted Zone: atwola.com\ar
Trusted Zone: atwola.com\www.ar
Trusted Zone: brainpop.com\www
Trusted Zone: connectionsacademy.com\schools
Trusted Zone: D
Trusted Zone: edgate.com\www
Trusted Zone: letsgolearn.com\www
Trusted Zone: msnbc.com
Trusted Zone: passport.net\login
Trusted Zone: schoolnotes.com
Trusted Zone: teacherweb.com
Trusted Zone: worldbookonline.com\www
FF - ProfilePath - c:\documents and settings\Student\Application Data\Mozilla\Firefox\Profiles\qhfqqwfy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.isotope244.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 14:06
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???0k??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AC8B27C-6EA8-21A2-D08F-827F395DFF83}*]
"jaendkkcgdhfgkbhnogg"=hex:66,61,6e,68,6e,62,69,70,6c,6b,62,69,00,2f
"pamnpofglimiajhlfhebfnnjfohndgka"=hex:65,61,6e,68,6d,62,6e,70,6a,6b,00,69
"haendkkcgdhfgkbh"=hex:6e,62,6e,68,70,62,6a,62,61,63,61,61,61,63,62,63,6b,64,
69,6a,6e,61,65,6d,6d,66,61,6e,70,67,68,66,69,61,6e,62,69,6d,62,6b,61,70,69,\
[HKEY_USERS\S-1-5-21-1787410411-2529828033-874725645-1007\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="nlEdzWfcJFrUmEmxsa9oCPawQylv7p/C/eSuI8cv4Dkno/0/Xy8YDA=="
"PLCK"="egG6NwC6vxDNFG1a3atYpRoj9w27s2mq"
"Percents"="0 0.1465 0.3362 0.6169 0.8131 0.8961 0.9105 "
"Increment"=".003003"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\guard32.dll
c:\windows\mshpoce.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\OfficeScan NT\ntrtscan.exe
c:\program files\OfficeScan NT\tmlisten.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Hp\HP Software Update\hpwuSchd2.exe
c:\windows\system32\DLA\DLACTRLW.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files\OfficeScan NT\PccNTMon.exe
c:\program files\OfficeScan NT\RAUAgent.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\OfficeScan NT\OfcDog.exe
c:\program files\OfficeScan NT\PccNTUpd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-04-28 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 21:11
ComboFix2.txt 2009-04-28 01:30
ComboFix3.txt 2009-04-16 22:39
ComboFix4.txt 2009-04-16 21:21
ComboFix5.txt 2009-04-28 23:58
Pre-Run: 19,307,249,664 bytes free
Post-Run: 19,306,303,488 bytes free
434 --- E O F --- 2009-04-02 10:01
Mbam:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
4/28/2009 3:27:11 PM
mbam-log-2009-04-28 (15-27-02).txt
Scan type: Full Scan (C:\|)
Objects scanned: 163837
Time elapsed: 52 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekapp (Adware.Seekapp) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekapp Service (Adware.Seekapp) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mshpoce.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\mshpoce.dll (Trojan.Vundo.H) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hsf73ikmdf3f.dll.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP63\A0019068.exe (Adware.SeekApp) -> No action taken.
C:\WINDOWS\system32\cssdll32.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\watekaho.dll.vir (Trojan.Vundo) -> No action taken.
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:44 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\OfficeScan NT\RAUAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://schools.connectionsacademy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://schools.connectionsacademy.com
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.aolatschool.com
O15 - Trusted Zone: www.brainpop.com
O15 - Trusted Zone: http://schools.connectionsacademy.com
O15 - Trusted Zone: www.edgate.com
O15 - Trusted Zone: www.letsgolearn.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: http://*.schoolnotes.com
O15 - Trusted Zone: http://*.teacherweb.com
O15 - Trusted Zone: www.worldbookonline.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9422 bytes
pskelley
2009-04-29, 11:54
How is the computer running now?
MBAM:
Ths version used was not update: Database version: 1945
The newest database is: (Database 2058 Date 4/29/2009)
Open MBAM > Click the Update tab > click Check for Updates > allow MBAM to download and install the newest version.
click the Updates tab > Perform Full Scan
All item in the scan you posted read: No action taken
If the directions are follow they will read: Quarantined and deleted successfully.
Post the new scan results and provide feedback about performance.
Thanks
Guilty Sp4rk
2009-04-30, 00:11
All looks good now :) and my computer's performance has really jumped. I can start Unreal Tournament 2004 within a minute now instead of waiting up to 5 minutes. Internet browsing is faster and I get less browser lockups.
Malwarebytes' Anti-Malware 1.36
Database version: 2059
Windows 5.1.2600 Service Pack 2
4/29/2009 4:57:11 PM
mbam-log-2009-04-29 (16-57-11).txt
Scan type: Full Scan (C:\|)
Objects scanned: 175500
Time elapsed: 51 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\jurj.exe.vir (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthbrwlblabmotbksayxqbglskxryymeumt.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthurqerhvhhorgcpplceofgsfgrupggmjd.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\1942833276.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\1949083276.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\2022364526.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\206725008.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\2195802026.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\290943758.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\3221012790.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP85\A0021732.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP85\A0021734.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP92\A0022861.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
pskelley
2009-04-30, 00:32
I am assuming COMODO Internet Security is also supplying antivirus protection as well as firewall. If this is not the case, let me know so I can provide links to freeware programs.
Let's see if we can wrap up like this:
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update COMODO Internet Security and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
Guilty Sp4rk
2009-04-30, 01:31
I did as asked and cleaned my system restore files. All is well. I didn't install the virus protection part of COMODO, only the firewall. Links to freeware apps would be a great help, thanks. :)
pskelley
2009-04-30, 01:45
Install ONLY one:
1) http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
2) http://www.avast.com/eng/avast_4_home.html
What's new in avast! version 4
http://www.avast.com/eng/whats_new_in_avast_v2.html
3) http://www.free-av.com/
http://www.free-av.com/en/support/index.html
Guilty Sp4rk
2009-04-30, 02:04
Will these run alonside Trend Micro OfficeScan? I ask because, as you know, this is a school computer that I use from home and I don't have the password to unload OfficeScan and uninstall it.
pskelley
2009-04-30, 02:12
If this program offers antivirus protection, you do not need another one.
http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/
Guilty Sp4rk
2009-04-30, 02:24
Ok, thank you. I'll keep COMODO on and I'll scan a few times a week with Spybot and Malwarebytes (for my own sanity) to be sure I'm clean:) Thank you for all your great help, it's truly priceless. I'm gonna get back to my Algebra now :sad: Wait.. Unless you have a magical way of taking care of that too >.>