View Full Version : Infected PC and brower
camp28ct
2009-06-13, 02:42
I'm not sure what all I have been infected with. I think Firefox has been hijacked. Can you please help. Thanks!
Here is my log........
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:53 PM, on 6/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\A8GSdsApp\AGSeiApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CORELDRW.EXE
C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07}: NameServer = 192.168.0.1,205.171.32.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 10114 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
camp28ct
2009-06-14, 02:34
Here are my logs.....
dds.txt
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 18:22:50.29 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.164 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\A8GSdsApp\AGSeiApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [A8GSdsApp] c:\program files\a8gsdsapp\AGSeiApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 900 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07} = 192.168.0.1,205.171.32.5
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9j7c84gx.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
=============== Created Last 30 ================
2009-06-12 17:48 299,552 a------- c:\windows\wmsysprx.prx
2009-06-12 17:46 <DIR> --d----- c:\docume~1\owner\applic~1\Acoustica
2009-06-12 17:45 <DIR> --d----- c:\program files\Acoustica CD Label Maker
2009-06-12 11:24 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 09:54 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-12 09:54 1,409 a------- c:\windows\QTFont.for
2009-06-11 15:42 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 15:42 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-06-07 22:27 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-06-07 22:27 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-07 22:27 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-06-07 22:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-07 22:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-07 22:27 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-07 22:27 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-07 22:27 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-07 22:27 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-07 22:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-07 22:27 <DIR> --d----- c:\program files\VSO
2009-06-06 05:27 <DIR> --d----- c:\docume~1\owner\applic~1\Fabulous Finds
2009-06-06 05:26 <DIR> --d----- c:\program files\Shockwave.com
2009-06-06 02:16 <DIR> --d----- c:\docume~1\owner\applic~1\Playrix Entertainment
2009-06-06 00:59 <DIR> --d----- c:\program files\MSN Games
2009-06-04 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-04 19:15 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-04 19:03 <DIR> --d----- c:\program files\VS Revo Group
2009-05-25 22:27 48,668 a------- c:\windows\system32\%LocalXml%
2009-05-25 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-23 23:55 <DIR> --d----- c:\program files\Zuma Deluxe
2009-05-22 23:28 <DIR> --d----- c:\program files\common files\EasyInfo
2009-05-21 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-05-21 09:34 0 a------- c:\windows\popcreg.dat
2009-05-21 05:00 37 a------- c:\windows\popcinfot.dat
2009-05-21 04:59 <DIR> --d----- c:\docume~1\owner\applic~1\PopCapv1002
2009-05-21 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-05-21 04:59 <DIR> --d----- c:\program files\PopCap Games
2009-05-19 13:10 <DIR> --d----- c:\program files\PrivacyEraser Computing
==================== Find3M ====================
2009-06-12 18:24 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-01 17:49 16,483,459 a------- c:\program files\PROCESSLIST.DB
2009-06-01 17:49 1,167,453 a------- c:\program files\PROCESSLISTRELATED.DB
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-02 01:28 73 ---sh--- c:\documents and settings\owner\MediaTubeCodec_ver1.1463.0.exe
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 23:39 19,791 a------- c:\windows\HPHins02.dat
2009-03-23 18:05 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-27 03:12 32 a----r-- c:\documents and settings\all users\hash.dat
============= FINISH: 18:24:48.43 ===============
attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2009 2:41:08 PM
System Uptime: 6/12/2009 5:05:23 AM (37 hours ago)
Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | J2E1 | 2800/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 108.967 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.645 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8100C4D223C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8100C4D223C01
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\87FE07111100
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\87FE07111100
Service: NIC1394
==== System Restore Points ===================
RP1: 3/21/2009 2:41:12 PM - System Checkpoint
RP2: 3/21/2009 5:29:47 PM - Installed hp psc 900 series
RP3: 3/22/2009 1:32:19 AM - Installed Java(TM) 6 Update 12
RP4: 3/22/2009 4:00:13 AM - Software Distribution Service 3.0
RP5: 3/22/2009 8:04:03 PM - Removed hp psc 900 series
RP6: 3/22/2009 8:06:53 PM - Installed hp psc 900 series
RP7: 3/22/2009 8:11:46 PM - Printer Driver hp psc 900 series fax Installed
RP8: 3/22/2009 9:14:15 PM - Installed CorelDRAW Graphics Suite X3
RP9: 3/23/2009 4:00:17 AM - Software Distribution Service 3.0
RP10: 3/23/2009 7:15:51 PM - Software Distribution Service 3.0
RP11: 3/23/2009 5:42:34 PM - Software Distribution Service 3.0
RP12: 3/23/2009 6:51:47 PM - Installed Office 2003 Setup Files
RP13: 3/23/2009 6:59:52 PM - Installed Office 2003 Setup Files
RP14: 3/23/2009 7:01:15 PM - Installed Microsoft Office Basic Edition 2003
RP15: 3/23/2009 11:30:22 PM - Software Distribution Service 3.0
RP16: 3/23/2009 11:32:27 PM - Software Distribution Service 3.0
RP17: 3/23/2009 11:53:44 PM - Software Distribution Service 3.0
RP18: 3/25/2009 12:06:32 AM - System Checkpoint
RP19: 3/26/2009 12:41:05 AM - System Checkpoint
RP20: 3/27/2009 1:21:29 AM - System Checkpoint
RP21: 3/28/2009 1:33:29 AM - System Checkpoint
RP22: 3/28/2009 9:10:11 PM - Installed MSN Toolbar
RP23: 3/28/2009 9:11:38 PM - Installed Windows Internet Explorer 8.
RP24: 3/28/2009 9:12:22 PM - Software Distribution Service 3.0
RP25: 3/29/2009 9:58:49 PM - System Checkpoint
RP26: 3/30/2009 10:21:52 PM - System Checkpoint
RP27: 3/31/2009 12:54:11 AM - Installed Windows XP KB954708.
RP28: 3/31/2009 12:54:26 AM - Installed DirectX
RP29: 3/31/2009 10:48:12 PM - Removed Norton WMI Update
RP30: 4/1/2009 3:00:16 AM - Software Distribution Service 3.0
RP31: 4/2/2009 3:00:36 AM - Software Distribution Service 3.0
RP32: 4/3/2009 3:02:11 AM - System Checkpoint
RP33: 4/3/2009 1:39:56 PM - Installed eMachines Bay Reader
RP34: 4/4/2009 2:12:32 PM - System Checkpoint
RP35: 4/5/2009 2:58:51 PM - System Checkpoint
RP36: 4/6/2009 3:57:20 PM - System Checkpoint
RP37: 4/7/2009 5:28:05 PM - System Checkpoint
RP38: 4/8/2009 6:56:41 PM - System Checkpoint
RP39: 4/8/2009 9:44:14 PM - Installed QuickTime
RP40: 4/8/2009 9:45:01 PM - Installed Bonjour
RP41: 4/9/2009 2:01:18 AM - Installed Windows XP KB932716-v2.
RP42: 4/9/2009 2:01:44 AM - Installed Windows XP KB945060-v3.
RP43: 4/9/2009 2:06:13 AM - Installed Print Creations
RP44: 4/9/2009 2:07:35 AM - Installed Connect Service
RP45: 4/10/2009 6:26:32 AM - System Checkpoint
RP46: 4/11/2009 7:14:27 AM - System Checkpoint
RP47: 4/12/2009 8:14:27 AM - System Checkpoint
RP48: 4/13/2009 8:15:30 AM - System Checkpoint
RP49: 4/14/2009 9:31:53 AM - System Checkpoint
RP50: 4/15/2009 3:00:21 AM - Software Distribution Service 3.0
RP51: 4/16/2009 3:13:46 AM - System Checkpoint
RP52: 4/17/2009 3:14:51 AM - System Checkpoint
RP53: 4/18/2009 4:28:20 AM - System Checkpoint
RP54: 4/19/2009 2:18:58 AM - Installed Windows Media Player 11
RP55: 4/19/2009 2:22:00 AM - Software Distribution Service 3.0
RP56: 4/19/2009 3:00:18 AM - Software Distribution Service 3.0
RP57: 4/20/2009 3:00:15 AM - Software Distribution Service 3.0
RP58: 4/21/2009 4:35:01 AM - System Checkpoint
RP59: 4/22/2009 12:42:22 AM - Installed Driver Detective
RP60: 4/22/2009 9:34:45 PM - Restore Operation
RP61: 4/22/2009 9:41:01 PM - Restore Operation
RP62: 4/23/2009 2:13:10 AM - Installed Java(TM) 6 Update 13
RP63: 4/23/2009 3:00:21 AM - Software Distribution Service 3.0
RP64: 4/24/2009 3:13:29 AM - System Checkpoint
RP65: 4/25/2009 4:51:54 AM - System Checkpoint
RP66: 4/26/2009 5:13:30 AM - System Checkpoint
RP67: 4/27/2009 5:46:18 AM - System Checkpoint
RP68: 4/28/2009 6:04:20 AM - System Checkpoint
RP69: 4/29/2009 3:00:21 AM - Software Distribution Service 3.0
RP70: 4/30/2009 3:11:16 AM - System Checkpoint
RP71: 5/1/2009 3:23:45 AM - System Checkpoint
RP72: 5/2/2009 2:01:50 AM - Removed Windows Live Sync
RP73: 5/2/2009 2:16:33 AM - Installed DirectX
RP74: 5/2/2009 2:18:40 AM - Installed Nero 8
RP75: 5/3/2009 2:28:27 AM - System Checkpoint
RP76: 5/3/2009 3:00:14 AM - Software Distribution Service 3.0
RP77: 5/4/2009 5:01:32 AM - System Checkpoint
RP78: 5/5/2009 8:49:26 AM - Restore Operation
RP79: 5/6/2009 8:55:38 AM - System Checkpoint
RP80: 5/6/2009 9:54:46 AM - Installed Connect Service
RP81: 5/7/2009 10:13:37 AM - System Checkpoint
RP82: 5/8/2009 11:11:33 AM - System Checkpoint
RP83: 5/9/2009 12:01:37 PM - System Checkpoint
RP84: 5/10/2009 3:44:25 PM - System Checkpoint
RP85: 5/11/2009 4:01:37 PM - System Checkpoint
RP86: 5/12/2009 5:18:47 PM - System Checkpoint
RP87: 5/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP88: 5/14/2009 3:01:10 AM - System Checkpoint
RP89: 5/15/2009 3:52:36 AM - System Checkpoint
RP90: 5/16/2009 3:53:16 AM - System Checkpoint
RP91: 5/17/2009 4:53:17 AM - System Checkpoint
RP92: 5/18/2009 5:02:00 AM - System Checkpoint
RP93: 5/19/2009 6:02:00 AM - System Checkpoint
RP94: 5/20/2009 6:15:16 AM - System Checkpoint
RP95: 5/21/2009 2:09:13 PM - System Checkpoint
RP96: 5/22/2009 3:45:29 PM - System Checkpoint
RP97: 5/23/2009 4:37:47 PM - System Checkpoint
RP98: 5/24/2009 5:10:58 PM - System Checkpoint
RP99: 5/25/2009 8:03:57 PM - System Checkpoint
RP100: 5/25/2009 10:04:21 PM - Installed Kaspersky Internet Security 2009.
RP101: 5/26/2009 7:03:37 PM - Removed Kaspersky Internet Security 2009.
RP102: 5/27/2009 3:00:18 AM - Software Distribution Service 3.0
RP103: 5/28/2009 3:11:25 AM - System Checkpoint
RP104: 5/29/2009 3:46:20 AM - System Checkpoint
RP105: 5/30/2009 5:34:21 AM - System Checkpoint
RP106: 5/31/2009 7:34:21 AM - System Checkpoint
RP107: 6/1/2009 3:24:10 PM - System Checkpoint
RP108: 6/2/2009 3:34:21 PM - System Checkpoint
RP109: 6/3/2009 4:56:05 PM - System Checkpoint
RP110: 6/4/2009 5:09:10 PM - System Checkpoint
RP111: 6/4/2009 7:15:56 PM - Installed SUPERAntiSpyware Professional
RP112: 6/4/2009 8:20:58 PM - Revo Uninstaller's restore point - Adventures of Robinson Crusoe
RP113: 6/4/2009 8:23:49 PM - Revo Uninstaller's restore point - Adventures of Robinson Crusoe
RP114: 6/4/2009 8:26:09 PM - Revo Uninstaller's restore point - Dream Chronicles 3
RP115: 6/4/2009 8:27:14 PM - Revo Uninstaller's restore point - Escape Rosecliff Island 1.0.0.2
RP116: 6/4/2009 8:28:03 PM - Revo Uninstaller's restore point - Escape Rosecliff Island 1.0.0.2
RP117: 6/4/2009 8:29:09 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
RP118: 6/4/2009 8:30:04 PM - Revo Uninstaller's restore point - History Sweeper 3.03
RP119: 6/4/2009 8:31:00 PM - Revo Uninstaller's restore point - LiveUpdate 1.90 (Symantec Corporation)
RP120: 6/4/2009 8:32:20 PM - Revo Uninstaller's restore point - Mystery P.I. - The Lottery Ticket 1.0.0.5
RP121: 6/4/2009 8:33:18 PM - Revo Uninstaller's restore point - NokiaFREE Unlock Codes Calculator
RP122: 6/4/2009 8:34:01 PM - Revo Uninstaller's restore point - Paradise Quest
RP123: 6/4/2009 8:35:03 PM - Revo Uninstaller's restore point - The Poppit! Show
RP124: 6/5/2009 9:40:52 PM - System Checkpoint
RP125: 6/6/2009 10:15:18 PM - System Checkpoint
RP126: 6/7/2009 11:38:13 PM - System Checkpoint
RP127: 6/9/2009 12:16:29 AM - System Checkpoint
RP128: 6/10/2009 1:25:17 AM - System Checkpoint
RP129: 6/12/2009 3:00:28 AM - Software Distribution Service 3.0
RP130: 6/13/2009 3:59:35 AM - System Checkpoint
==== Installed Programs ======================
Acoustica CD/DVD Label Maker
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Shockwave Player 11.5
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Display Driver
Bonjour
Cate West The Velvet Keys
CCScore
Choice Guard
ConvertXtoDVD 3.6.4.158
CorelDRAW Graphics Suite X3
Creative Driver
DFX for Windows Media Player
DIGOpt
DIGReqEx
Do More
Dream Day Wedding Viva Las Vegas
eMachines Bay Reader
EN
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Fabulous Finds
Fishdom H20 - Hidden Oddysey
FontNav
Free Internet Eraser 2.50
GameHouse
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
hp psc 900 series
HP Software Update
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 13
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Little Shop - Memories
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.106
MathPlayer
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 8
netbrdg
Office 2003 Setup Files
OfotoXMI
Photosmart 140,240,7200,7600,7700,7900 Series
PopCap Browser Plugin
PowerDVD
Privacy Eraser Pro
PS140
PSShortcutsP
PSUsage
QFolder
QuickTime
Real Crimes Unicorn
Revo Uninstaller 1.83
Scattergories
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
staticcr
SUPERAntiSpyware Professional
tooltips
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Manager
VBA
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
Zuma Deluxe
Zuma Deluxe RA
==== Event Viewer Messages From Past Week ========
6/7/2009 12:01:13 PM, error: Service Control Manager [7022] - The Bonjour Service service hung on starting.
6/12/2009 3:04:49 AM, error: Print [22] - Failed to ugrade printer settings for printer Microsoft Office Document Image Writer,0 driver Microsoft Office Document Image Writer Driver error 1801.
6/11/2009 1:41:04 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
6/10/2009 8:42:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/10/2009 8:41:57 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1950000, parameter2 00000002, parameter3 00000000, parameter4 ee848e85.
6/10/2009 8:36:16 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1613000, parameter2 00000002, parameter3 00000000, parameter4 ba4dbe85.
==== End Of File ===========================
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Please download GooredFix (http://jpshortstuff.247fixes.com/GooredFix.exe) and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.
camp28ct
2009-06-14, 12:58
Here are the logs you requested...
ComboFix 09-06-13.09 - Owner 06/14/2009 4:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.231 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\MediaTubeCodec_ver1.1463.0.exe
c:\windows\system32\drivers\SKYNETudebfnvg.sys
c:\windows\system32\SKYNETncxeusbi.dat
c:\windows\system32\SKYNETqmildwrv.dll
c:\windows\system32\SKYNETuelranfw.dll
c:\windows\system32\SKYNETuxrmysix.dat
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETxniogema
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-12 22:46 . 2009-06-12 22:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Acoustica
2009-06-12 22:45 . 2009-06-12 22:56 -------- d-----w- c:\program files\Acoustica CD Label Maker
2009-06-12 16:24 . 2009-06-12 16:24 -------- d-----w- c:\program files\Trend Micro
2009-06-12 10:08 . 2009-06-12 10:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 20:42 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 20:42 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 06:33 . 2009-06-11 06:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-06-09 19:56 . 2009-06-09 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-06-09 16:36 . 2009-06-09 16:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Gamenauts
2009-06-08 03:27 . 2009-06-08 03:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-08 03:27 . 2009-06-08 03:27 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-06-08 03:27 . 2009-06-10 09:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-06-08 03:27 . 2007-03-19 02:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-08 03:27 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-08 03:27 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-08 03:27 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-08 03:27 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-08 03:27 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-08 03:27 . 2002-12-10 08:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-----w- c:\program files\VSO
2009-06-06 10:27 . 2009-06-06 10:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Fabulous Finds
2009-06-06 10:26 . 2009-06-09 19:55 -------- d-----w- c:\program files\Shockwave.com
2009-06-06 07:16 . 2009-06-06 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Playrix Entertainment
2009-06-06 05:59 . 2009-06-09 16:36 -------- d-----w- c:\program files\MSN Games
2009-06-05 00:16 . 2009-06-14 09:33 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 00:16 . 2009-06-05 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-05 00:15 . 2009-06-05 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 00:15 . 2009-06-05 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-05 00:15 . 2009-06-05 00:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 00:03 . 2009-06-05 00:03 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 03:03 . 2009-05-26 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-24 04:55 . 2009-06-12 23:09 -------- d-----w- c:\program files\Zuma Deluxe
2009-05-23 04:28 . 2009-05-23 04:28 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-05-22 03:18 . 2009-06-12 02:41 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-05-22 03:18 . 2009-06-12 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-21 14:34 . 2009-05-21 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-05-21 14:34 . 2009-05-21 14:34 0 ----a-w- c:\windows\popcreg.dat
2009-05-21 10:00 . 2009-05-21 15:34 37 ----a-w- c:\windows\popcinfot.dat
2009-05-21 09:59 . 2009-05-21 09:59 -------- d-----w- c:\documents and settings\Owner\Application Data\PopCapv1002
2009-05-21 09:59 . 2009-05-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-21 09:59 . 2009-06-05 01:32 -------- d-----w- c:\program files\PopCap Games
2009-05-20 18:46 . 2009-05-20 18:46 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2009-05-19 18:10 . 2009-05-20 00:20 -------- d-----w- c:\program files\PrivacyEraser Computing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:33 . 2009-04-09 07:06 248 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-06-14 09:32 . 2009-03-21 19:34 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000006-00000000-00000000-00001102-00000004-20041102}.dat
2009-06-14 09:32 . 2009-03-21 19:34 384 ----a-w- c:\windows\system32\DVCState-{00000006-00000000-00000000-00001102-00000004-20041102}.dat
2009-06-13 15:18 . 2009-04-10 07:30 10 ----a-w- c:\windows\popcinfo.dat
2009-06-13 03:44 . 2009-03-24 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-06-12 23:24 . 2009-03-23 02:13 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-12 16:32 . 2009-04-05 07:30 -------- d-----w- c:\program files\BitComet
2009-06-12 02:44 . 2009-04-04 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-12 02:38 . 2009-04-04 00:32 -------- d-----w- c:\program files\Oberon Media
2009-06-08 11:04 . 2009-03-24 13:22 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-06-05 01:23 . 2009-05-13 06:20 -------- d-----w- c:\program files\RealArcade
2009-06-01 22:49 . 2009-06-05 00:12 16483459 ----a-w- c:\program files\PROCESSLIST.DB
2009-06-01 22:49 . 2009-06-05 00:12 1167453 ----a-w- c:\program files\PROCESSLISTRELATED.DB
2009-05-26 03:17 . 2009-04-14 04:04 -------- d-----w- c:\program files\A8GSdsApp
2009-05-16 19:04 . 2009-05-13 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\RobinsonCrusoeGH
2009-05-13 05:15 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 00:34 . 2009-05-10 00:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Pogo Games
2009-05-08 01:32 . 2009-05-05 13:56 -------- d-----w- c:\program files\Games
2009-05-07 15:32 . 2004-08-26 16:11 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 14:54 . 2009-03-21 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-05 13:56 . 2009-05-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-05 13:50 . 2009-05-05 11:51 -------- d-----w- c:\program files\Gold Miner Special Edition
2009-05-05 13:50 . 2009-05-05 09:51 -------- d-----w- c:\program files\Mahjong Escape
2009-05-05 13:40 . 2009-05-05 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-05 09:52 . 2009-04-04 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-05-05 09:50 . 2009-05-05 09:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-05-05 08:31 . 2009-05-05 05:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Flood Light Games
2009-05-05 06:08 . 2009-05-05 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-05-05 05:51 . 2009-05-05 05:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Anabel
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\program files\DFX
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\program files\Common Files\DFX
2009-05-02 07:21 . 2009-05-02 07:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-05-02 07:20 . 2009-05-02 07:18 -------- d-----w- c:\program files\Common Files\Nero
2009-05-02 07:18 . 2009-05-02 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-02 07:18 . 2009-05-02 07:18 -------- d-----w- c:\program files\Nero
2009-05-02 07:11 . 2009-03-21 19:27 -------- d-----w- c:\program files\Ahead
2009-05-02 07:01 . 2009-03-31 05:52 -------- d-----w- c:\program files\Windows Live
2009-05-02 07:01 . 2009-03-27 21:32 -------- d-----w- c:\program files\MySpace
2009-05-02 06:39 . 2009-05-02 06:39 -------- d-----w- c:\program files\MagicDisc
2009-05-02 06:29 . 2009-05-02 06:29 -------- d-----w- c:\program files\MagicISO
2009-05-02 03:18 . 2009-05-02 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-04-30 06:40 . 2009-04-30 06:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Coyotes Tale
2009-04-27 09:10 . 2009-04-27 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-27 01:09 . 2009-03-23 02:15 24120 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 05:55 . 2009-04-25 05:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberonv1002
2009-04-23 07:13 . 2009-03-22 06:32 -------- d-----w- c:\program files\Java
2009-04-23 07:12 . 2009-04-23 07:12 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-23 02:43 . 2009-04-14 04:02 -------- d-----w- c:\program files\RarZilla Free Unrar
2009-04-23 02:42 . 2009-04-19 07:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-22 05:42 . 2009-04-22 05:42 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-04-22 05:42 . 2009-04-22 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-04-22 02:16 . 2009-04-22 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\SoundSpectrum
2009-04-22 01:44 . 2009-04-22 01:44 -------- d-----w- c:\program files\SoundSpectrum
2009-04-17 12:26 . 2004-08-26 16:12 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-26 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 06:55 . 2009-04-09 02:41 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\bindbins\bindbins.exe
2009-04-09 06:55 . 2009-04-09 06:55 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-04-09 06:55 . 2009-04-09 06:55 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-04-09 06:49 . 2009-04-09 06:49 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\update.exe
2009-04-09 06:49 . 2009-04-09 06:49 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2009-04-09 06:48 . 2009-04-09 06:48 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-04-09 06:48 . 2009-04-09 06:48 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_dbda49\EasyShrx.Dll
2009-04-09 06:48 . 2009-04-09 06:48 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-04-09 02:41 . 2009-04-09 02:41 14813832 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe
2009-04-09 02:41 . 2009-04-09 02:41 102400 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\procheck.exe
2009-04-09 02:41 . 2009-04-09 02:41 21249848 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-04-09 02:41 . 2009-04-09 02:41 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
2009-04-09 02:40 . 2009-04-09 02:40 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-04-09 02:39 . 2009-04-09 02:39 983040 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_167c3182\EasyShrx.Dll
2009-04-05 00:20 . 2009-04-04 04:38 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-04-04 04:39 . 2009-04-04 04:34 19791 ----a-w- c:\windows\HPHins02.dat
2009-03-28 08:13 . 2009-03-28 08:13 103936 ----a-w- c:\documents and settings\Owner\Application Data\yoclient\native\OpenAL32.dll
2009-03-28 08:13 . 2009-03-28 08:13 153600 ----a-w- c:\documents and settings\Owner\Application Data\yoclient\native\lwjgl.dll
2009-03-27 21:32 . 2009-03-27 21:31 7040776 ----a-w- c:\documents and settings\Owner\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-03-25 10:25 . 2009-03-25 10:25 221 ----a-w- c:\windows\PowerReg.dat
2009-03-23 23:05 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 02:15 . 2009-03-23 02:15 65536 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-03-23 02:15 . 2009-03-23 02:15 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-03-23 01:53 . 2009-03-23 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\msvcp71.dll
2009-03-23 01:53 . 2009-03-23 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\jmc.dll
2009-03-23 01:53 . 2009-03-23 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\msvcr71.dll
2009-03-22 06:32 . 2009-03-22 06:31 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-21 19:33 . 2009-03-21 19:33 335 ----a-w- c:\windows\nsreg.dat
2009-03-21 19:22 . 2009-03-21 19:22 60 ----a-w- c:\windows\system32\SYSDRV.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-09 155648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"A8GSdsApp"="c:\program files\A8GSdsApp\AGSeiApp.exe" [2006-11-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-03-11 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2003-06-20 49152]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-2 576000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp psc 900 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe [2002-9-26 487484]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27192:TCP"= 27192:TCP:BitComet 27192 TCP
"27192:UDP"= 27192:UDP:BitComet 27192 UDP
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/31/2009 12:58 AM 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-04-04 04:55]
2009-06-14 c:\windows\Tasks\User_Feed_Synchronization-{79A52C34-DC00-4BA2-AA33-295E0CB70207}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07} = 192.168.0.1,205.171.32.5
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 04:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-06-14 4:41
ComboFix-quarantined-files.txt 2009-06-14 09:41
Pre-Run: 116,491,112,448 bytes free
Post-Run: 119,505,903,616 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
252 --- E O F --- 2009-06-12 08:05
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 4:53:32.17 on Sun 06/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.198 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\dds.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [A8GSdsApp] c:\program files\a8gsdsapp\AGSeiApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 900 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07} = 192.168.0.1,205.171.32.5
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9j7c84gx.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
=============== Created Last 30 ================
2009-06-14 04:27 <DIR> a-dshr-- C:\cmdcons
2009-06-14 04:25 161,792 a------- c:\windows\SWREG.exe
2009-06-14 04:25 155,136 a------- c:\windows\PEV.exe
2009-06-14 04:25 98,816 a------- c:\windows\sed.exe
2009-06-14 04:24 <DIR> --ds---- C:\ComboFix
2009-06-12 17:48 299,552 a------- c:\windows\wmsysprx.prx
2009-06-12 17:46 <DIR> --d----- c:\docume~1\owner\applic~1\Acoustica
2009-06-12 17:45 <DIR> --d----- c:\program files\Acoustica CD Label Maker
2009-06-12 11:24 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 09:54 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-12 09:54 1,409 a------- c:\windows\QTFont.for
2009-06-11 15:42 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 15:42 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-06-07 22:27 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-07 22:27 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-06-07 22:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-07 22:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-07 22:27 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-07 22:27 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-07 22:27 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-07 22:27 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-07 22:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-07 22:27 <DIR> --d----- c:\program files\VSO
2009-06-06 05:27 <DIR> --d----- c:\docume~1\owner\applic~1\Fabulous Finds
2009-06-06 05:26 <DIR> --d----- c:\program files\Shockwave.com
2009-06-06 02:16 <DIR> --d----- c:\docume~1\owner\applic~1\Playrix Entertainment
2009-06-06 00:59 <DIR> --d----- c:\program files\MSN Games
2009-06-04 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-04 19:15 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-04 19:03 <DIR> --d----- c:\program files\VS Revo Group
2009-05-25 22:27 48,668 a------- c:\windows\system32\%LocalXml%
2009-05-25 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-23 23:55 <DIR> --d----- c:\program files\Zuma Deluxe
2009-05-22 23:28 <DIR> --d----- c:\program files\common files\EasyInfo
2009-05-21 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-05-21 09:34 0 a------- c:\windows\popcreg.dat
2009-05-21 05:00 37 a------- c:\windows\popcinfot.dat
2009-05-21 04:59 <DIR> --d----- c:\docume~1\owner\applic~1\PopCapv1002
2009-05-21 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-05-21 04:59 <DIR> --d----- c:\program files\PopCap Games
2009-05-19 13:10 <DIR> --d----- c:\program files\PrivacyEraser Computing
==================== Find3M ====================
2009-06-12 18:24 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-01 17:49 16,483,459 a------- c:\program files\PROCESSLIST.DB
2009-06-01 17:49 1,167,453 a------- c:\program files\PROCESSLISTRELATED.DB
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 23:39 19,791 a------- c:\windows\HPHins02.dat
2009-03-23 18:05 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-27 03:12 32 a----r-- c:\documents and settings\all users\hash.dat
============= FINISH: 4:53:41.10 ===============
GooredFix v1.92 by jpshortstuff
Log created at 04:52 on 14/06/2009 running Option #1 (Owner)
Firefox version 3.0.11 (en-US)
=====Suspect Goored Entries=====
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitComet
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red), if still listed.
After that:
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\program files\BitComet
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27192:TCP"=-
"27192:UDP"=-
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
camp28ct
2009-06-15, 04:43
Here are the logs as you requested.....Thanks!
ComboFix 09-06-13.09 - Owner 06/14/2009 15:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.290 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BitComet
c:\program files\BitComet\archive\0b933978e2b85df85ccbfb3720be42270e4cc508.torrent
c:\program files\BitComet\archive\161272cf15c98e374786735393c3b1702b195eaf.torrent
c:\program files\BitComet\archive\20551189e915a172e227db8959300ddfdad45ba5.torrent
c:\program files\BitComet\archive\42ec30aeb99d20cb51569ae058393362f6929592.torrent
c:\program files\BitComet\archive\4a38303b32ecd4b065fb054127278791d2d2d074.torrent
c:\program files\BitComet\archive\4a6e307994244eaf15c24d2aeca833fc1c3b4f40.torrent
c:\program files\BitComet\archive\668efbd92fa79c70d0adf52001c76176706fb19e.torrent
c:\program files\BitComet\archive\68b4d4a6b9e5203b602b20350872a1dc1fd05b97.torrent
c:\program files\BitComet\archive\749fca12953c99d86bb2249211aee9f7ac5d9634.torrent
c:\program files\BitComet\archive\779ef6edafb18c8208c3b5c14ddf3c0c82c1858b.torrent
c:\program files\BitComet\archive\77bb223c1cd120c61e707b3bacd1c1fe00b9aa61.torrent
c:\program files\BitComet\archive\7b7b3cd8ffc6e856cf15c23bbcd94d586e28d2aa.torrent
c:\program files\BitComet\archive\8af483ef4ce670cec079a8732bc196c4538c6bea.torrent
c:\program files\BitComet\archive\93e91a3066cd21881667b238838527011391e3de.torrent
c:\program files\BitComet\archive\9ae450e2a29a7587ddb16b5a58d6f90c7bf963b0.torrent
c:\program files\BitComet\archive\9e5a56ec7c004cb089be8d39c4625f92edd5f3cd.torrent
c:\program files\BitComet\archive\a8855ed0811c09ba01c8bbac6a3383107159fb0e.torrent
c:\program files\BitComet\archive\b1b2a1f823c6713521a30a014de22c58ff712f3b.torrent
c:\program files\BitComet\archive\bb5c67edc0d7f3b253037ae609b63c0706ca891d.torrent
c:\program files\BitComet\archive\bd4e3a77f81905b677b99cfd4e99531937b6fe72.torrent
c:\program files\BitComet\archive\c461e3fb935bb39c54c7dc485b7f99dc73c1225b.torrent
c:\program files\BitComet\archive\c4a9e9ffc8c0f8d2fe83d48960001d758d036205.torrent
c:\program files\BitComet\archive\f49e6ac0072d6a2950c7e44348f8da9054e10446.torrent
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\torrents\[PC Game] Zuma deluxe FULL Game + Crack (GREAT solitaire game).zip.torrent
c:\program files\BitComet\torrents\A Summer Place (1959) DVDRip (SiRiUs sHaRe).torrent
c:\program files\BitComet\torrents\A Summer Place (1959) DVDRip (SiRiUs sHaRe).xml
c:\program files\BitComet\torrents\ConvertXtoDVD 3.3.4.106e And Keygen [1337x].torrent
c:\program files\BitComet\torrents\ConvertXtoDVD 3.3.4.106e And Keygen [1337x].xml
c:\program files\BitComet\torrents\InstallLittleShopMemories.exe.xml
c:\program files\BitComet\torrents\Last Chance Harvey[2008]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\torrents\Last Chance Harvey[2008]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\torrents\Magic ISO Maker 5.4 with serial.rar.torrent
c:\program files\BitComet\torrents\Magic ISO Maker 5.4 with serial.rar.xml
c:\program files\BitComet\torrents\Magic ISO Maker Version 5.5 Full + Crack.rar.torrent
c:\program files\BitComet\torrents\Magic ISO Maker Version 5.5 Full + Crack.rar.xml
c:\program files\BitComet\torrents\Marley & Me[2008]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\torrents\Marley & Me[2008]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\torrents\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent
c:\program files\BitComet\torrents\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.xml
c:\program files\BitComet\torrents\rDkb0xoX_Microsoft Publisher 2007.rar.torrent
c:\program files\BitComet\torrents\rDkb0xoX_Microsoft Publisher 2007.rar.xml
c:\program files\BitComet\torrents\Revolutionary Road[2008]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\torrents\Revolutionary Road[2008]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\torrents\Seven.Pounds[2008]DvDrip-aXXo.torrent
c:\program files\BitComet\torrents\Seven.Pounds[2008]DvDrip-aXXo.xml
c:\program files\BitComet\torrents\Soulja Boy Feat.EXE.torrent
c:\program files\BitComet\torrents\Soulja_Boy-iSouljaBoyTellem-(RapGodFathers.com).torrent
c:\program files\BitComet\torrents\The Curious Case of Benjamin Button.avi.torrent
c:\program files\BitComet\torrents\The Reader 2008 DVDScr H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\program files\BitComet\torrents\The Reader 2008 DVDScr H264 AAC-SecretMyth (Kingdom-Release).xml
c:\program files\BitComet\torrents\What Doesn't Kill You[2008]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.torrent
c:\program files\BitComet\torrents\What Doesn't Kill You[2008]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.xml
c:\program files\BitComet\torrents\Yes.Man.2008.DvDRip-FxM.torrent
c:\program files\BitComet\torrents\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\program files\BitComet\torrents\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.xml
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-12 22:46 . 2009-06-12 22:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Acoustica
2009-06-12 22:45 . 2009-06-12 22:56 -------- d-----w- c:\program files\Acoustica CD Label Maker
2009-06-12 16:24 . 2009-06-12 16:24 -------- d-----w- c:\program files\Trend Micro
2009-06-12 10:08 . 2009-06-12 10:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 20:42 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 20:42 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 06:33 . 2009-06-11 06:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-06-09 19:56 . 2009-06-09 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-06-09 16:36 . 2009-06-09 16:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Gamenauts
2009-06-08 03:27 . 2009-06-08 03:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-08 03:27 . 2009-06-08 03:27 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-06-08 03:27 . 2009-06-10 09:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-06-08 03:27 . 2007-03-19 02:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-08 03:27 . 2006-09-29 18:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-08 03:27 . 2006-09-29 18:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-08 03:27 . 2006-09-29 18:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-08 03:27 . 2006-05-20 22:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-08 03:27 . 2006-05-12 01:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-08 03:27 . 2002-12-10 08:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-08 03:27 . 2009-06-08 03:27 -------- d-----w- c:\program files\VSO
2009-06-06 10:27 . 2009-06-06 10:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Fabulous Finds
2009-06-06 10:26 . 2009-06-09 19:55 -------- d-----w- c:\program files\Shockwave.com
2009-06-06 07:16 . 2009-06-06 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Playrix Entertainment
2009-06-06 05:59 . 2009-06-09 16:36 -------- d-----w- c:\program files\MSN Games
2009-06-05 00:16 . 2009-06-14 09:33 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-05 00:16 . 2009-06-05 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-05 00:15 . 2009-06-05 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 00:15 . 2009-06-05 00:15 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-05 00:15 . 2009-06-05 00:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-05 00:03 . 2009-06-05 00:03 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 03:03 . 2009-05-26 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-24 04:55 . 2009-06-12 23:09 -------- d-----w- c:\program files\Zuma Deluxe
2009-05-23 04:28 . 2009-05-23 04:28 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-05-22 03:18 . 2009-06-12 02:41 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-05-22 03:18 . 2009-06-12 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-21 14:34 . 2009-05-21 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-05-21 14:34 . 2009-05-21 14:34 0 ----a-w- c:\windows\popcreg.dat
2009-05-21 10:00 . 2009-05-21 15:34 37 ----a-w- c:\windows\popcinfot.dat
2009-05-21 09:59 . 2009-05-21 09:59 -------- d-----w- c:\documents and settings\Owner\Application Data\PopCapv1002
2009-05-21 09:59 . 2009-05-21 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-21 09:59 . 2009-06-05 01:32 -------- d-----w- c:\program files\PopCap Games
2009-05-20 18:46 . 2009-05-20 18:46 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2009-05-19 18:10 . 2009-05-20 00:20 -------- d-----w- c:\program files\PrivacyEraser Computing
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 20:31 . 2009-03-24 13:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-14 17:27 . 2009-03-24 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-06-14 09:33 . 2009-04-09 07:06 248 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-06-14 09:32 . 2009-03-21 19:34 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000006-00000000-00000000-00001102-00000004-20041102}.dat
2009-06-14 09:32 . 2009-03-21 19:34 384 ----a-w- c:\windows\system32\DVCState-{00000006-00000000-00000000-00001102-00000004-20041102}.dat
2009-06-13 15:18 . 2009-04-10 07:30 10 ----a-w- c:\windows\popcinfo.dat
2009-06-12 23:24 . 2009-03-23 02:13 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-12 02:44 . 2009-04-04 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-12 02:38 . 2009-04-04 00:32 -------- d-----w- c:\program files\Oberon Media
2009-06-08 11:04 . 2009-03-24 13:22 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2009-06-05 01:23 . 2009-05-13 06:20 -------- d-----w- c:\program files\RealArcade
2009-06-01 22:49 . 2009-06-05 00:12 16483459 ----a-w- c:\program files\PROCESSLIST.DB
2009-06-01 22:49 . 2009-06-05 00:12 1167453 ----a-w- c:\program files\PROCESSLISTRELATED.DB
2009-05-26 03:17 . 2009-04-14 04:04 -------- d-----w- c:\program files\A8GSdsApp
2009-05-16 19:04 . 2009-05-13 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\RobinsonCrusoeGH
2009-05-13 05:15 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 00:34 . 2009-05-10 00:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Pogo Games
2009-05-08 01:32 . 2009-05-05 13:56 -------- d-----w- c:\program files\Games
2009-05-07 15:32 . 2004-08-26 16:11 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 14:54 . 2009-03-21 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-05 13:56 . 2009-05-05 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-05 13:50 . 2009-05-05 11:51 -------- d-----w- c:\program files\Gold Miner Special Edition
2009-05-05 13:50 . 2009-05-05 09:51 -------- d-----w- c:\program files\Mahjong Escape
2009-05-05 13:40 . 2009-05-05 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-05 09:52 . 2009-04-04 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-05-05 09:50 . 2009-05-05 09:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-05-05 08:31 . 2009-05-05 05:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Flood Light Games
2009-05-05 06:08 . 2009-05-05 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-05-05 05:51 . 2009-05-05 05:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Anabel
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\program files\DFX
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2009-05-02 19:39 . 2009-05-02 19:39 -------- d-----w- c:\program files\Common Files\DFX
2009-05-02 07:21 . 2009-05-02 07:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-05-02 07:20 . 2009-05-02 07:18 -------- d-----w- c:\program files\Common Files\Nero
2009-05-02 07:18 . 2009-05-02 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-02 07:18 . 2009-05-02 07:18 -------- d-----w- c:\program files\Nero
2009-05-02 07:11 . 2009-03-21 19:27 -------- d-----w- c:\program files\Ahead
2009-05-02 07:01 . 2009-03-31 05:52 -------- d-----w- c:\program files\Windows Live
2009-05-02 07:01 . 2009-03-27 21:32 -------- d-----w- c:\program files\MySpace
2009-05-02 06:39 . 2009-05-02 06:39 -------- d-----w- c:\program files\MagicDisc
2009-05-02 06:29 . 2009-05-02 06:29 -------- d-----w- c:\program files\MagicISO
2009-05-02 03:18 . 2009-05-02 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-04-30 06:40 . 2009-04-30 06:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Coyotes Tale
2009-04-27 09:10 . 2009-04-27 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-27 01:09 . 2009-03-23 02:15 24120 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 05:55 . 2009-04-25 05:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Oberonv1002
2009-04-23 07:13 . 2009-03-22 06:32 -------- d-----w- c:\program files\Java
2009-04-23 07:12 . 2009-04-23 07:12 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-23 02:43 . 2009-04-14 04:02 -------- d-----w- c:\program files\RarZilla Free Unrar
2009-04-23 02:42 . 2009-04-19 07:24 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-22 05:42 . 2009-04-22 05:42 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-04-22 05:42 . 2009-04-22 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-04-22 02:16 . 2009-04-22 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\SoundSpectrum
2009-04-22 01:44 . 2009-04-22 01:44 -------- d-----w- c:\program files\SoundSpectrum
2009-04-17 12:26 . 2004-08-26 16:12 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-26 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 06:55 . 2009-04-09 02:41 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\bindbins\bindbins.exe
2009-04-09 06:55 . 2009-04-09 06:55 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-04-09 06:55 . 2009-04-09 06:55 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-04-09 06:49 . 2009-04-09 06:49 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\update.exe
2009-04-09 06:49 . 2009-04-09 06:49 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2009-04-09 06:48 . 2009-04-09 06:48 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-04-09 06:48 . 2009-04-09 06:48 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_dbda49\EasyShrx.Dll
2009-04-09 06:48 . 2009-04-09 06:48 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-04-09 02:41 . 2009-04-09 02:41 14813832 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe
2009-04-09 02:41 . 2009-04-09 02:41 102400 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\procheck.exe
2009-04-09 02:41 . 2009-04-09 02:41 21249848 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-04-09 02:41 . 2009-04-09 02:41 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
2009-04-09 02:40 . 2009-04-09 02:40 167936 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
2009-04-09 02:39 . 2009-04-09 02:39 983040 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_167c3182\EasyShrx.Dll
2009-04-05 00:20 . 2009-04-04 04:38 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-04-04 04:39 . 2009-04-04 04:34 19791 ----a-w- c:\windows\HPHins02.dat
2009-03-28 08:13 . 2009-03-28 08:13 103936 ----a-w- c:\documents and settings\Owner\Application Data\yoclient\native\OpenAL32.dll
2009-03-28 08:13 . 2009-03-28 08:13 153600 ----a-w- c:\documents and settings\Owner\Application Data\yoclient\native\lwjgl.dll
2009-03-27 21:32 . 2009-03-27 21:31 7040776 ----a-w- c:\documents and settings\Owner\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
2009-03-25 10:25 . 2009-03-25 10:25 221 ----a-w- c:\windows\PowerReg.dat
2009-03-23 23:05 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-23 02:15 . 2009-03-23 02:15 65536 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-03-23 02:15 . 2009-03-23 02:15 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-03-23 01:53 . 2009-03-23 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\msvcp71.dll
2009-03-23 01:53 . 2009-03-23 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\jmc.dll
2009-03-23 01:53 . 2009-03-23 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-7a8272d1-n\msvcr71.dll
2009-03-22 06:32 . 2009-03-22 06:31 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-21 19:33 . 2009-03-21 19:33 335 ----a-w- c:\windows\nsreg.dat
2009-03-21 19:22 . 2009-03-21 19:22 60 ----a-w- c:\windows\system32\SYSDRV.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-09 155648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"A8GSdsApp"="c:\program files\A8GSdsApp\AGSeiApp.exe" [2006-11-06 970752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-03-11 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2003-06-20 49152]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-2 576000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp psc 900 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe [2002-9-26 487484]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/31/2009 12:58 AM 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-14 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-04-04 04:55]
2009-06-14 c:\windows\Tasks\User_Feed_Synchronization-{79A52C34-DC00-4BA2-AA33-295E0CB70207}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07} = 192.168.0.1,205.171.32.5
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 15:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-06-14 15:42
ComboFix-quarantined-files.txt 2009-06-14 20:42
ComboFix2.txt 2009-06-14 09:41
Pre-Run: 119,216,394,240 bytes free
Post-Run: 119,203,868,672 bytes free
295 --- E O F --- 2009-06-12 08:05
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 14, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, June 14, 2009 22:35:16
Records in database: 2343792
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: no
Scan mail databases: no
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 100583
Threat name: 5
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 01:20:35
File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\setup.exe Infected: Trojan-Downloader.Win32.FraudLoad.eki 1
C:\Program Files\A8GSdsApp\AGSeiApp.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETqmildwrv.dll.vir Infected: Trojan.Win32.Small.bzc 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP131\A0022070.dll Infected: Trojan.Win32.Small.bzc 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP61\A0010908.dll Infected: Trojan.Win32.Hooker.j 1
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP61\A0010914.exe Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP131\A0022096.com Infected: Trojan.Win32.Tdss.uij 1
D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP131\A0022097.com Infected: Trojan.Win32.Tdss.uij 1
D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP131\A0022098.com Infected: Trojan.Win32.Tdss.uij 1
D:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP131\A0022099.com Infected: Trojan.Win32.Tdss.uij 1
The selected area was scanned.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 20:41:34.10 on Sun 06/14/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.213 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunKistEM] c:\program files\emachines bay reader\shwiconem.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [A8GSdsApp] c:\program files\a8gsdsapp\AGSeiApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [SetDefaultMidi] MIDIDEF.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp psc 900 series\bin\hpobrt07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {B7C53A7E-B6D0-48FB-A3B0-C961F2AEAE07} = 192.168.0.1,205.171.32.5
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9j7c84gx.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\9j7c84gx.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-31 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
=============== Created Last 30 ================
2009-06-14 15:35 <DIR> --ds---- C:\ComboFix
2009-06-14 04:27 <DIR> a-dshr-- C:\cmdcons
2009-06-14 04:25 161,792 a------- c:\windows\SWREG.exe
2009-06-14 04:25 155,136 a------- c:\windows\PEV.exe
2009-06-14 04:25 98,816 a------- c:\windows\sed.exe
2009-06-12 17:48 299,552 a------- c:\windows\wmsysprx.prx
2009-06-12 17:46 <DIR> --d----- c:\docume~1\owner\applic~1\Acoustica
2009-06-12 17:45 <DIR> --d----- c:\program files\Acoustica CD Label Maker
2009-06-12 11:24 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 09:54 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-12 09:54 1,409 a------- c:\windows\QTFont.for
2009-06-11 15:42 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 15:42 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-09 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-06-07 22:27 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-07 22:27 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys
2009-06-07 22:27 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-07 22:27 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-07 22:27 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-07 22:27 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-07 22:27 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-07 22:27 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-07 22:27 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-07 22:27 <DIR> --d----- c:\program files\VSO
2009-06-06 05:27 <DIR> --d----- c:\docume~1\owner\applic~1\Fabulous Finds
2009-06-06 05:26 <DIR> --d----- c:\program files\Shockwave.com
2009-06-06 02:16 <DIR> --d----- c:\docume~1\owner\applic~1\Playrix Entertainment
2009-06-06 00:59 <DIR> --d----- c:\program files\MSN Games
2009-06-04 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-04 19:15 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-06-04 19:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-04 19:03 <DIR> --d----- c:\program files\VS Revo Group
2009-05-25 22:27 48,668 a------- c:\windows\system32\%LocalXml%
2009-05-25 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-23 23:55 <DIR> --d----- c:\program files\Zuma Deluxe
2009-05-22 23:28 <DIR> --d----- c:\program files\common files\EasyInfo
2009-05-21 09:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-05-21 09:34 0 a------- c:\windows\popcreg.dat
2009-05-21 05:00 37 a------- c:\windows\popcinfot.dat
2009-05-21 04:59 <DIR> --d----- c:\docume~1\owner\applic~1\PopCapv1002
2009-05-21 04:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-05-21 04:59 <DIR> --d----- c:\program files\PopCap Games
2009-05-19 13:10 <DIR> --d----- c:\program files\PrivacyEraser Computing
==================== Find3M ====================
2009-06-12 18:24 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-01 17:49 16,483,459 a------- c:\program files\PROCESSLIST.DB
2009-06-01 17:49 1,167,453 a------- c:\program files\PROCESSLISTRELATED.DB
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 23:39 19,791 a------- c:\windows\HPHins02.dat
2009-03-23 18:05 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-27 03:12 32 a----r-- c:\documents and settings\all users\hash.dat
============= FINISH: 20:42:02.34 ===============
Hi,
Are you aware of Golden Eye keylogger presence in your system? If not, it's recommended you change all your online passwords thru other system. Let me also know and we'll remove it next if necessary.
camp28ct
2009-06-16, 00:33
Hello,
Yes, I am aware of Golden Eye. It does not need to be removed.
Ok. Then we'll leave the program there :)
Delete C:\Documents and Settings\Owner\Desktop\setup.exe file if found.
Reboot and post a fresh dds.txt log. How's the system running?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.