View Full Version : pretty sure this is swp2009's doing
Hazeleye
2009-12-02, 03:40
Hello, I'm pretty sure I've been infected with swp2009 since when I startup it's in my taskbar until I mouse over it. Symptoms include snail paced computer with countless IE popups even though I'm an avid Chrome user and Google redirect. I already scanned with Avast! and am hesitant to trust Malewarebytes again because it couldn't detect viruses that Avast! has in the past. Avast! removed something, but not the problem. I will try again with Malewarebytes if asked, though. This is the only reliable source on the web >.<
Please help. Here's my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:05 PM, on 12/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Rhiannon's Test\My Documents\HijackThis.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6BB205DE-B01A-40EF-8180-0161596FB491} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [kftrbpuo] C:\Documents and Settings\jo\Local Settings\Application Data\scnvix\ddgssysguard.exe
O4 - HKLM\..\Run: [redirapew] Rundll32.exe "c:\windows\system32\tijamuse.dll",a
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f8ce36799427495cb338f8811884c04c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f8ce36799427495cb338f8811884c04c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rhiannon\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9CAAE97-26E2-4688-B98F-DD817A07F87A}: NameServer = 83.149.115.182
O20 - AppInit_DLLs: c:\windows\system32\tijamuse.dll,seyamoyu.dll
O21 - SSODL: pejesejow - {13839d0a-a0eb-42ee-995a-2d8e37af6cb2} - c:\windows\system32\tijamuse.dll
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {13839d0a-a0eb-42ee-995a-2d8e37af6cb2} - c:\windows\system32\tijamuse.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 15793 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Hazeleye
2009-12-08, 15:18
Ok, here's the two logs from the DDS. As for the GMER, it hasn't had a chance to run on my computer yet. I'll get it up as soon as possible.
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2007 4:33:59 PM
System Uptime: 12/7/2009 4:22:01 PM (0 hours ago)
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2 | 1803/199mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 104 GiB total, 46.084 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.509 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP837: 9/9/2009 5:52:54 AM - System Checkpoint
RP838: 9/10/2009 12:49:44 AM - Installed Windows KB954550-v5.
RP839: 9/10/2009 12:50:04 AM - Printer Driver Microsoft XPS Document Writer Installed
RP840: 9/10/2009 1:04:22 AM - Installed Windows XP KB942288-v3.
RP841: 9/10/2009 7:15:14 AM - Printer Driver Microsoft XPS Document Writer Installed
RP842: 9/11/2009 7:18:17 AM - System Checkpoint
RP843: 9/12/2009 8:19:22 AM - System Checkpoint
RP844: 9/13/2009 8:45:24 AM - System Checkpoint
RP845: 9/13/2009 11:12:10 PM - Removed Microsoft Sync Framework Services Native v1.0 (x86)
RP846: 9/15/2009 2:41:49 AM - System Checkpoint
RP847: 9/16/2009 7:39:49 AM - System Checkpoint
RP848: 9/17/2009 8:07:28 AM - System Checkpoint
RP849: 9/18/2009 8:07:51 AM - System Checkpoint
RP850: 9/19/2009 8:36:41 AM - System Checkpoint
RP851: 9/20/2009 9:05:57 AM - System Checkpoint
RP852: 9/21/2009 9:13:32 PM - System Checkpoint
RP853: 9/22/2009 10:16:18 PM - System Checkpoint
RP854: 9/23/2009 8:18:00 PM - Installed TURBOFloorPlan3D Home & Landscape PRO
RP855: 9/25/2009 3:01:10 AM - System Checkpoint
RP856: 9/26/2009 3:10:24 AM - System Checkpoint
RP857: 9/27/2009 4:10:02 AM - System Checkpoint
RP858: 9/28/2009 4:10:44 AM - System Checkpoint
RP859: 9/29/2009 7:41:07 AM - System Checkpoint
RP860: 9/30/2009 7:41:28 AM - System Checkpoint
RP861: 10/1/2009 7:43:26 AM - System Checkpoint
RP862: 10/2/2009 8:28:16 AM - System Checkpoint
RP863: 10/3/2009 9:32:04 AM - System Checkpoint
RP864: 10/4/2009 11:21:30 AM - System Checkpoint
RP865: 10/5/2009 11:41:17 AM - System Checkpoint
RP866: 10/6/2009 12:28:17 PM - System Checkpoint
RP867: 10/7/2009 12:38:21 PM - System Checkpoint
RP868: 10/8/2009 1:30:35 PM - System Checkpoint
RP869: 10/9/2009 2:30:37 PM - System Checkpoint
RP870: 10/10/2009 5:37:51 PM - System Checkpoint
RP871: 10/11/2009 6:30:38 PM - System Checkpoint
RP872: 10/13/2009 2:02:11 AM - System Checkpoint
RP873: 10/14/2009 2:29:58 AM - System Checkpoint
RP874: 10/15/2009 2:30:56 AM - System Checkpoint
RP875: 10/16/2009 3:30:55 AM - System Checkpoint
RP876: 10/17/2009 4:30:55 AM - System Checkpoint
RP877: 10/18/2009 5:30:55 AM - System Checkpoint
RP878: 10/19/2009 7:26:51 AM - System Checkpoint
RP879: 10/20/2009 7:42:46 AM - System Checkpoint
RP880: 10/21/2009 7:53:29 AM - System Checkpoint
RP881: 10/22/2009 8:55:50 AM - System Checkpoint
RP882: 10/23/2009 9:27:07 AM - System Checkpoint
RP883: 10/24/2009 10:47:06 AM - System Checkpoint
RP884: 10/25/2009 11:04:55 AM - System Checkpoint
RP885: 10/26/2009 11:07:32 AM - System Checkpoint
RP886: 10/27/2009 12:07:31 PM - System Checkpoint
RP887: 10/28/2009 1:07:30 PM - System Checkpoint
RP888: 10/29/2009 1:20:24 PM - System Checkpoint
RP889: 10/30/2009 2:20:22 PM - System Checkpoint
RP890: 10/31/2009 3:09:36 PM - System Checkpoint
RP891: 11/1/2009 6:23:11 PM - System Checkpoint
RP892: 11/2/2009 11:19:34 PM - System Checkpoint
RP893: 11/4/2009 12:04:38 AM - System Checkpoint
RP894: 11/5/2009 1:04:38 AM - System Checkpoint
RP895: 11/6/2009 2:04:38 AM - System Checkpoint
RP896: 11/7/2009 3:04:37 AM - System Checkpoint
RP897: 11/8/2009 3:04:39 AM - System Checkpoint
RP898: 11/9/2009 4:04:40 AM - System Checkpoint
RP899: 11/10/2009 5:04:40 AM - System Checkpoint
RP900: 11/11/2009 6:18:08 AM - System Checkpoint
RP901: 11/12/2009 7:04:38 AM - System Checkpoint
RP902: 11/13/2009 7:49:08 AM - System Checkpoint
RP903: 11/14/2009 8:04:39 AM - System Checkpoint
RP904: 11/15/2009 11:26:32 AM - System Checkpoint
RP905: 11/16/2009 11:38:53 AM - System Checkpoint
RP906: 11/17/2009 11:39:27 AM - System Checkpoint
RP907: 11/18/2009 12:48:38 PM - System Checkpoint
RP908: 11/19/2009 1:39:26 PM - System Checkpoint
RP909: 11/20/2009 2:39:29 PM - System Checkpoint
RP910: 11/21/2009 3:39:27 PM - System Checkpoint
RP911: 11/22/2009 7:00:21 PM - System Checkpoint
RP912: 11/23/2009 10:34:49 PM - System Checkpoint
RP913: 11/25/2009 12:35:01 AM - System Checkpoint
RP914: 11/26/2009 1:26:53 AM - System Checkpoint
RP915: 11/27/2009 3:27:15 AM - System Checkpoint
RP916: 11/28/2009 3:49:53 AM - System Checkpoint
RP917: 11/29/2009 4:49:54 AM - System Checkpoint
RP918: 11/30/2009 5:02:51 AM - System Checkpoint
RP919: 11/30/2009 7:32:08 PM - Removed OpenOffice.org 3.0
RP920: 11/30/2009 7:39:54 PM - Configured VeohTV BETA
RP921: 11/30/2009 7:58:36 PM - Uniblue RegistryBooster 2009
RP922: 12/2/2009 1:40:49 AM - System Checkpoint
RP923: 12/3/2009 2:31:02 AM - System Checkpoint
RP924: 12/4/2009 2:35:19 AM - System Checkpoint
RP925: 12/5/2009 12:36:11 PM - System Checkpoint
RP926: 12/5/2009 4:42:32 PM - System Checkpoint
RP927: 12/6/2009 5:00:44 PM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Anime Studio 5.5
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.4 (Unicode)
AutoUpdate
avast! Antivirus
Avidemux 2.5
AviSynth 2.5
Azkend
BitZipper 5.1
Bonjour
Browser Defender 2.0.6.11
Cake Mania(TM) 3
Cucusoft YouTube Mate 7.12
Data Fax SoftModem with SmartCP
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ERUNT 1.1j
Fable - The Lost Chapters
FATE
Firebird SQL Server - MAGIX Edition
Form Fill (Windows Live Toolbar)
GIMP 2.4.5
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP DVD Play 2.1
HP Software Update
HP Support Overview
HpSdpAppCoreApp
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 7
Junk Mail filter update
LiveUpdate Notice (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
Mabinogi
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft Works 6-9 Converter
Mozilla Firefox (3.0.13)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Mysteryville 2
Netflix Movie Viewer
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
PC-Doctor 5 for Windows
Popup Blocker (Windows Live Toolbar)
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Rhiannon: Curse of the Four Branches
Samsung ML-2510 Series
Sandlot Games Client Services
SBC Self Support Tool
SBC Yahoo! Applications
Security Task Manager 1.7h
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Segoe UI
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
Spyware Doctor 7.0
SQL Server System CLR Types
Tabbed Browsing (Windows Live Toolbar)
Text-To-Speech-Runtime
TURBOFloorPlan3D Home & Landscape PRO
Ulead COOL 360 1.0
Ulead Photo Explorer 6.0
Uniblue RegistryBooster 2009
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
UTAU ???????
Videora iPod touch Converter 4.04
WebFldrs XP
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Search Protection
Yahoo! Toolbar
YouTube Downloader App 1.01
==== Event Viewer Messages From Past Week ========
12/5/2009 12:36:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'LEXC0.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/2/2009 8:09:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
12/2/2009 8:09:38 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/2/2009 8:09:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
12/2/2009 8:09:24 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/2/2009 8:09:24 PM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.
12/2/2009 7:56:14 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2009 7:55:20 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2009 6:08:56 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/2/2009 6:05:18 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\drivers\http.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 1.4.0.0, the version of the system file is 5.1.2600.2869.
12/2/2009 4:45:45 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f7948577, parameter3 b8d17874, parameter4 00000000.
12/2/2009 11:30:53 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user COMPAC\jo SID (S-1-5-21-1636695841-3115978214-2530557645-1013). This security permission can be modified using the Component Services administrative tool.
11/30/2009 7:38:34 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/30/2009 7:27:47 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/30/2009 7:01:13 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2009 5:40:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Yahoo!\Common\yiesrvc.dll. Reference error message: Error Message is unavailable .
11/30/2009 5:20:41 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
11/30/2009 5:17:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\cryptui.dll. Reference error message: The operation completed successfully. .
11/30/2009 5:16:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: Error Message is unavailable .
11/30/2009 5:12:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
11/30/2009 5:12:16 PM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Rhiannon's Test at 16:48:41.90 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.5.0_06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.58 [GMT -6:00]
AV: avast! antivirus 4.8.1229 [VPS 091031-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Rhiannon's Test\My Documents\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Rhiannon's Test\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: Shell=Explorer.exe logon.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
{6bb205de-b01a-40ef-8180-0161596fb491}
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Google Update] "c:\documents and settings\rhiannon's test\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Framework Windows] frmwrk32.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [kftrbpuo] c:\documents and settings\jo\local settings\application data\scnvix\ddgssysguard.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [redirapew] Rundll32.exe "c:\windows\system32\koligize.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc lightspeed self support tool\bin\matcli.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f8ce36799427495cb338f8811884c04c
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f8ce36799427495cb338f8811884c04c
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rhiannon\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v47/wwspades/wwspades.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {A9CAAE97-26E2-4688-B98F-DD817A07F87A} = 83.149.115.182
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
AppInit_DLLs: seyamoyu.dll c:\windows\system32\koligize.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: denizubor - {38b56731-8dc0-444f-87be-2b8af428803d} - No File
SSODL: zotiguvas - {0587af97-e021-46fc-9459-311bf1c00600} - No File
SSODL: mefufevon - {e787dc79-0860-43cf-b69d-d6bdb5f379f8} - No File
SSODL: kewazoluz - {fadb3b2d-a359-4584-83ff-b9d5d1596ea3} - No File
SSODL: rahelegal - {0a8b7d0e-922f-4118-af59-1ffe32326bf3} - c:\windows\system32\koligize.dll
STS: {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - No File
STS: {38b56731-8dc0-444f-87be-2b8af428803d} - No File
STS: {0587af97-e021-46fc-9459-311bf1c00600} - No File
STS: {e787dc79-0860-43cf-b69d-d6bdb5f379f8} - No File
STS: {fadb3b2d-a359-4584-83ff-b9d5d1596ea3} - No File
STS: tokatiluy: {0a8b7d0e-922f-4118-af59-1ffe32326bf3} - c:\windows\system32\koligize.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll
LSA: Notification Packages = scecli ninezoni.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rhiann~1\applic~1\mozilla\firefox\profiles\ununt94c.default\
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\josh\my documents\rhiannon\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\documents and settings\josh\my documents\rhiannon\divx\divx web player\npdivx32.dll
FF - plugin: c:\documents and settings\rhiannon's test\my documents\plugins\npraclient.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-1 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-10 147640]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-1 112592]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-1 1141712]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-10 250040]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-10 348344]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-8-14 1527900]
S3 SM_sugo3_FUService;sugo3 Status Monitor Service;"c:\program files\samsung\samsung ml-2510 series\spanel\ssmsrvc /service --> c:\program files\samsung\samsung ml-2510 series\spanel\ssmsrvc [?]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\3294e28.dll
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\281288d8.dll
2009-12-03 03:43:04 82944 ---h-tw- c:\windows\system32\2e6b606e.dll
2009-12-03 03:43:03 82944 ---h-tw- c:\windows\system32\19eca5c8.dll
2009-12-03 02:38:39 0 d-----w- c:\docume~1\rhiann~1\applic~1\Xfire
2009-12-02 01:12:44 0 d-----w- C:\ERUNT
2009-12-02 00:15:55 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-02 00:15:54 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-02 00:15:54 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-02 00:15:53 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-02 00:15:53 131 ----a-w- c:\windows\IDB.zip
2009-12-02 00:15:53 1152444 ----a-w- c:\windows\UDB.zip
2009-12-02 00:15:52 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-02 00:15:52 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-02 00:11:04 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-02 00:11:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-02 00:10:44 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-02 00:10:44 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-02 00:10:44 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-02 00:10:44 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-02 00:10:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-02 00:10:14 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-02 00:09:45 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 00:09:43 0 d-----w- c:\program files\Spyware Doctor
2009-12-02 00:09:43 0 d-----w- c:\docume~1\rhiann~1\applic~1\PC Tools
2009-12-02 00:09:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-01 01:56:49 0 d-----w- c:\docume~1\rhiann~1\applic~1\Uniblue
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\19c34b88.dll
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\1820ab60.dll
2009-12-01 00:55:20 82944 ---h-tw- c:\windows\system32\19bd9f53.dll
2009-12-01 00:55:19 82944 ---h-tw- c:\windows\system32\8998cfe.dll
2009-11-30 19:37:34 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 03:24:08 82944 ---h-tw- c:\windows\system32\ba2f48a.dll
2009-11-30 03:24:07 82944 ---h-tw- c:\windows\system32\667f24c.dll
2009-11-30 02:42:38 0 d-----w- c:\docume~1\rhiann~1\applic~1\Malwarebytes
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\aa08cac.dll
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\17634dce.dll
2009-11-28 16:48:11 82944 ---h-tw- c:\windows\system32\4844424.dll
2009-11-28 16:48:10 82944 ---h-tw- c:\windows\system32\498b8e6.dll
2009-11-28 16:38:18 82944 ---h-tw- c:\windows\system32\56c6b64.dll
2009-11-28 16:38:17 82944 ---h-tw- c:\windows\system32\3c24c93.dll
2009-11-26 22:42:25 82944 ---h-tw- c:\windows\system32\64e600.dll
2009-11-26 22:42:25 82944 ---h-tw- c:\windows\system32\243ef28c.dll
2009-11-26 17:26:32 1 --sh--w- c:\windows\system32\nejifayo.dll
2009-11-25 22:20:15 0 d-----w- c:\docume~1\rhiann~1\applic~1\HPQ
2009-11-25 05:20:34 18948 ----a-w- c:\windows\system32\logon.exe
==================== Find3M ====================
2009-11-19 02:35:34 4 ----a-w- c:\documents and settings\rhiannon's test\version.dat
2009-11-18 00:01:12 4876 ----a-w- c:\documents and settings\rhiannon's test\vacache.dat
2009-11-18 00:01:12 4876 ----a-w- c:\documents and settings\rhiannon's test\va.dat
2009-11-17 15:54:48 3348624 ----a-w- c:\documents and settings\rhiannon's test\Renderer2.dll
2009-11-17 15:54:48 180508 ----a-w- c:\documents and settings\rhiannon's test\Client.exe
2009-11-17 15:54:46 1816422 ----a-w- c:\documents and settings\rhiannon's test\Skill.dll
2009-11-17 15:54:44 7601946 ----a-w- c:\documents and settings\rhiannon's test\Pleione.dll
2009-11-17 15:54:36 632408 ----a-w- c:\documents and settings\rhiannon's test\Oasis.dll
2009-11-17 15:54:34 3607076 ----a-w- c:\documents and settings\rhiannon's test\Standard.dll
2009-11-17 15:54:34 1059440 ----a-w- c:\documents and settings\rhiannon's test\Mint.dll
2009-11-17 15:44:36 888832 ----a-w- c:\documents and settings\rhiannon's test\EXL.dll
2009-11-17 15:44:14 1110016 ----a-w- c:\documents and settings\rhiannon's test\ESL.dll
2009-08-27 05:25:47 38400 --sha-w- c:\windows\system32\bibegipe.dll
2009-08-28 05:26:10 38400 --sha-w- c:\windows\system32\bigupavi.dll
2009-08-26 05:25:36 61440 --sha-w- c:\windows\system32\deniyiri.dll
2009-09-06 17:30:27 91648 --sha-w- c:\windows\system32\dubolaho.dll
2009-09-03 17:28:47 39424 --sha-w- c:\windows\system32\dujewora.dll
2009-09-01 05:28:07 92672 --sha-w- c:\windows\system32\dukeyiwa.dll
2009-08-26 05:25:36 52224 --sha-w- c:\windows\system32\duzileru.dll
2009-09-06 17:30:27 38912 --sha-w- c:\windows\system32\fazotapa.dll
2009-08-27 17:25:52 38400 --sha-w- c:\windows\system32\fesejami.dll
2009-08-26 05:25:36 38400 --sha-w- c:\windows\system32\gemidesu.dll
2009-08-28 17:26:23 38400 --sha-w- c:\windows\system32\godohavu.dll
2009-08-26 17:25:45 1 -csha-w- c:\windows\system32\gozomeji.dll
2009-09-03 05:28:35 38400 --sha-w- c:\windows\system32\gupuvefa.dll
2009-09-04 05:29:27 92672 --sha-w- c:\windows\system32\haferabo.dll
2009-08-26 05:26:12 52224 --sha-w- c:\windows\system32\hepoyaba.dll
2009-08-26 17:25:45 91648 --sha-w- c:\windows\system32\heyuyale.dll
2009-08-25 17:25:11 52224 --sha-w- c:\windows\system32\johazaka.dll
2009-08-26 05:25:36 91648 --sha-w- c:\windows\system32\jumowedu.dll
2009-09-05 17:29:42 92672 --sha-w- c:\windows\system32\kihebete.dll
2009-08-26 17:25:45 39424 --sha-w- c:\windows\system32\kodusagi.dll
2009-09-05 05:29:33 38400 --sha-w- c:\windows\system32\kokiguto.dll
2009-09-07 17:30:42 91648 --sha-w- c:\windows\system32\koligize.dll
2009-08-25 05:25:18 39424 --sha-w- c:\windows\system32\kotajime.dll
2009-08-29 17:26:44 92672 --sha-w- c:\windows\system32\lehazapi.dll
2009-08-27 05:25:47 92672 --sha-w- c:\windows\system32\lovebudo.dll
2009-08-30 17:27:14 92672 --sha-w- c:\windows\system32\makorofi.dll
2009-09-01 05:28:07 38400 --sha-w- c:\windows\system32\meroyete.dll
2009-09-06 05:30:08 38400 --sha-w- c:\windows\system32\nafugizu.dll
2009-08-26 05:26:12 52224 --sha-w- c:\windows\system32\ninezoni.dll
2009-09-02 17:28:10 92160 --sha-w- c:\windows\system32\nuzevuzi.dll
2009-09-01 17:27:44 38400 --sha-w- c:\windows\system32\patayaru.dll
2009-08-27 17:25:52 92160 --sha-w- c:\windows\system32\pilopume.dll
2009-09-05 17:29:42 39424 --sha-w- c:\windows\system32\potumene.dll
2009-09-07 05:30:39 38912 --sha-w- c:\windows\system32\ravufoza.dll
2009-08-30 05:26:52 38912 --sha-w- c:\windows\system32\renavozi.dll
2009-08-28 17:26:23 92160 --sha-w- c:\windows\system32\rujisovo.dll
2009-09-03 17:28:47 92160 --sha-w- c:\windows\system32\ruzosewu.dll
2009-09-02 17:28:10 38912 --sha-w- c:\windows\system32\savogiju.dll
2009-08-26 05:26:12 52224 --sha-w- c:\windows\system32\seyamoyu.dll
2009-09-06 05:30:08 92160 --sha-w- c:\windows\system32\sihiyadu.dll
2009-08-29 05:26:33 92672 --sha-w- c:\windows\system32\tajuzufo.dll
2009-08-25 17:25:11 39424 --sha-w- c:\windows\system32\vemopado.dll
2009-08-28 05:26:10 92160 --sha-w- c:\windows\system32\vesetoni.dll
2009-08-30 05:26:52 92672 --sha-w- c:\windows\system32\vilibosi.dll
2009-08-25 05:25:18 45056 --sha-w- c:\windows\system32\virurire.dll
2009-08-25 17:25:11 94208 --sha-w- c:\windows\system32\wahojawi.dll
2009-09-07 17:30:42 38912 --sha-w- c:\windows\system32\worayewu.dll
2009-09-02 05:27:56 92160 --sha-w- c:\windows\system32\wuyofage.dll
2009-09-04 05:29:27 39424 --sha-w- c:\windows\system32\yilative.dll
2009-08-29 17:26:44 38912 --sha-w- c:\windows\system32\yutehale.dll
2009-08-30 17:27:14 39424 --sha-w- c:\windows\system32\zafusiyo.dll
2009-08-29 05:26:33 38912 --sha-w- c:\windows\system32\zefozawu.dll
2009-09-02 05:27:56 38400 --sha-w- c:\windows\system32\zugowuva.dll
2009-09-04 17:29:13 38912 --sha-w- c:\windows\system32\zuterolo.dll
============= FINISH: 16:51:43.84 ===============
Once again, I'll get the GMER log up as soon as possible. Question, though, I am doing a full scan, right?
Hi,
When you start GMER, go to rootkit tab, click scan there and wait until it has finished. If the resultant log is very long then archive it into a zip file and attach to your reply :)
Hazeleye
2009-12-15, 00:13
Well...it ended up way shorter than expected o-o So here:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 16:05:10
Windows 5.1.2600 Service Pack 2
Running: kcyo33zs.exe; Driver: C:\DOCUME~1\RHIANN~1\LOCALS~1\Temp\kxldqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3494618]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72CAD60]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF68D1360, 0x20574D, 0xE8000020]
.text aec.sys F79FE380 19 Bytes [8B, 54, 24, 04, 83, EC, 20, ...]
.text aec.sys F79FE394 22 Bytes CALL 2B978383
.text aec.sys F79FE3AB 18 Bytes [C1, 83, C4, 20, C2, 04, 00, ...] {ROL DWORD [EBX+0x4c220c4], 0x0; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 }
.text aec.sys F79FE3C0 2 Bytes [53, 55] {PUSH EBX; PUSH EBP}
.text aec.sys F79FE3C3 4 Bytes [6C, 24, 0C, 56] {INSB ; AND AL, 0xc; PUSH ESI}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2492] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\aec.sys[HAL.dll!KeQueryPerformanceCounter] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinGetAvailableByteCount] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinRegisterIrpCompletionCallback] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsFilterAttemptProcessing] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsFilterAcquireProcessingMutex] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsFilterReleaseProcessingMutex] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinGetConnectedPinDeviceObject] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinGetConnectedPinFileObject] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsGetObjectFromFileObject] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinGetParentFilter] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsGetPinFromIrp] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!_KsEdit] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsStreamPointerClone] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsProcessPinUpdate] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsPinGetConnectedPinInterface] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsStreamPointerGetIrp] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsStreamPointerDelete] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsReleaseControl] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsAcquireControl] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsInitializeDriver] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsFilterGetFirstChildPin] 00000000
IAT \SystemRoot\system32\drivers\aec.sys[ks.sys!KsGetFilterFromIrp] 00000000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2380] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SOFTWARE\Classes\CLSID\{64B1178F-F5CE-25A8-5940-F0ECB8D5EAE7}\InprocServer32@ c:\Program Files\RealArcade\RAComponents.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{64B1178F-F5CE-25A8-5940-F0ECB8D5EAE7}\InprocServer32@ThreadingModel both
Reg HKLM\SOFTWARE\Classes\CLSID\{64B1178F-F5CE-25A8-5940-F0ECB8D5EAE7}\ProgID@ RAComponents.RAAncillaryGameDataMap.1
Reg HKLM\SOFTWARE\Classes\CLSID\{64B1178F-F5CE-25A8-5940-F0ECB8D5EAE7}\TypeLib@ {C9BCE66F-FB3A-4985-9A96-DEDED07CF78D}
Reg HKLM\SOFTWARE\Classes\CLSID\{64B1178F-F5CE-25A8-5940-F0ECB8D5EAE7}\VersionIndependentProgID@ RAComponents.RAAncillaryGameDataMap
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32@Class Microsoft.Vbe.Interop.WindowsClass
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32@Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32\11.0.0.0@Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{F67F7191-1A7D-9D1F-BF8A-6C674E9C393B}\InprocServer32\11.0.0.0@Class Microsoft.Vbe.Interop.WindowsClass
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected
---- EOF - GMER 1.0.15 ----
Hi,
1. Download the file TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract it into a folder on desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Attach that report, please.
Hazeleye
2009-12-16, 06:04
22:2:37:247 4524 ForceUnloadDriver: NtUnloadDriver error 2
22:2:37:278 4524 ForceUnloadDriver: NtUnloadDriver error 2
22:2:37:278 4524 ForceUnloadDriver: NtUnloadDriver error 2
22:2:37:294 4524 main: Driver KLMD successfully dropped
22:2:37:622 4524 main: Driver KLMD successfully loaded
22:2:37:622 4524
Scanning Registry ...
22:2:37:685 4524 ScanServices: Searching service UACd.sys
22:2:37:685 4524 ScanServices: Open/Create key error 2
22:2:37:685 4524 ScanServices: Searching service TDSSserv.sys
22:2:37:685 4524 ScanServices: Open/Create key error 2
22:2:37:685 4524 ScanServices: Searching service gaopdxserv.sys
22:2:37:685 4524 ScanServices: Open/Create key error 2
22:2:37:685 4524 ScanServices: Searching service gxvxcserv.sys
22:2:37:685 4524 ScanServices: Open/Create key error 2
22:2:37:685 4524 ScanServices: Searching service MSIVXserv.sys
22:2:37:685 4524 ScanServices: Open/Create key error 2
22:2:37:732 4524 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
22:2:38:216 4524 UnhookRegistry: Kernel local addr: A40000
22:2:38:232 4524 UnhookRegistry: KeServiceDescriptorTable addr: ABB380
22:2:38:341 4524 UnhookRegistry: KiServiceTable addr: A6A1FC
22:2:38:341 4524 UnhookRegistry: NtEnumerateKey service number (local): 47
22:2:38:341 4524 UnhookRegistry: NtEnumerateKey local addr: B826C6
22:2:38:341 4524 KLMD_OpenDevice: Trying to open KLMD device
22:2:38:341 4524 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
22:2:38:341 4524 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x804FD9CD[0x4]
22:2:38:341 4524 UnhookRegistry: NtEnumerateKey service number (kernel): 47
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x80501318[0x4]
22:2:38:341 4524 UnhookRegistry: NtEnumerateKey real addr: 806196C6
22:2:38:341 4524 UnhookRegistry: NtEnumerateKey calc addr: 806196C6
22:2:38:341 4524 UnhookRegistry: No SDT hooks found on NtEnumerateKey
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x806196C6[0xA]
22:2:38:341 4524 UnhookRegistry: No splicing found on NtEnumerateKey
22:2:38:341 4524
Scanning Kernel memory ...
22:2:38:341 4524 KLMD_OpenDevice: Trying to open KLMD device
22:2:38:341 4524 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
22:2:38:341 4524 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
22:2:38:341 4524 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 851682C8
22:2:38:341 4524 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
22:2:38:341 4524 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 851CC9F0
22:2:38:341 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851CC9F0
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x851CC9F0[0x38]
22:2:38:341 4524 DetectCureTDL3: DRIVER_OBJECT addr: 851682C8
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x851682C8[0xA8]
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0xE1BF2030[0x208]
22:2:38:341 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:2:38:341 4524 DetectCureTDL3: IrpHandler (0) addr: F7522C30
22:2:38:341 4524 DetectCureTDL3: IrpHandler (1) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (2) addr: F7522C30
22:2:38:341 4524 DetectCureTDL3: IrpHandler (3) addr: F751CD9B
22:2:38:341 4524 DetectCureTDL3: IrpHandler (4) addr: F751CD9B
22:2:38:341 4524 DetectCureTDL3: IrpHandler (5) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (6) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (7) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (8) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (9) addr: F751D366
22:2:38:341 4524 DetectCureTDL3: IrpHandler (10) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (11) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (12) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (13) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (14) addr: F751D44D
22:2:38:341 4524 DetectCureTDL3: IrpHandler (15) addr: F7520FC3
22:2:38:341 4524 DetectCureTDL3: IrpHandler (16) addr: F751D366
22:2:38:341 4524 DetectCureTDL3: IrpHandler (17) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (18) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (19) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (20) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (21) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (22) addr: F751EEF3
22:2:38:341 4524 DetectCureTDL3: IrpHandler (23) addr: F7523A24
22:2:38:341 4524 DetectCureTDL3: IrpHandler (24) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (25) addr: 804F33F8
22:2:38:341 4524 DetectCureTDL3: IrpHandler (26) addr: 804F33F8
22:2:38:341 4524 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
22:2:38:341 4524 KLMD_ReadMem: DeviceIoControl error 1
22:2:38:341 4524 TDL3_StartIoHookDetect: Unable to get StartIo handler code
22:2:38:341 4524 TDL3_FileDetect: Processing driver: Disk
22:2:38:341 4524 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
22:2:38:341 4524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
22:2:38:341 4524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
22:2:38:388 4524 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 851CC030
22:2:38:388 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851CC030
22:2:38:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x851CC030[0x38]
22:2:38:388 4524 DetectCureTDL3: DRIVER_OBJECT addr: 851682C8
22:2:38:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x851682C8[0xA8]
22:2:38:388 4524 KLMD_ReadMem: Trying to ReadMemory 0xE1BF2030[0x208]
22:2:38:388 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:2:38:388 4524 DetectCureTDL3: IrpHandler (0) addr: F7522C30
22:2:38:388 4524 DetectCureTDL3: IrpHandler (1) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (2) addr: F7522C30
22:2:38:388 4524 DetectCureTDL3: IrpHandler (3) addr: F751CD9B
22:2:38:388 4524 DetectCureTDL3: IrpHandler (4) addr: F751CD9B
22:2:38:388 4524 DetectCureTDL3: IrpHandler (5) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (6) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (7) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (8) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (9) addr: F751D366
22:2:38:388 4524 DetectCureTDL3: IrpHandler (10) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (11) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (12) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (13) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (14) addr: F751D44D
22:2:38:388 4524 DetectCureTDL3: IrpHandler (15) addr: F7520FC3
22:2:38:388 4524 DetectCureTDL3: IrpHandler (16) addr: F751D366
22:2:38:388 4524 DetectCureTDL3: IrpHandler (17) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (18) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (19) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (20) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (21) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (22) addr: F751EEF3
22:2:38:388 4524 DetectCureTDL3: IrpHandler (23) addr: F7523A24
22:2:38:388 4524 DetectCureTDL3: IrpHandler (24) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (25) addr: 804F33F8
22:2:38:388 4524 DetectCureTDL3: IrpHandler (26) addr: 804F33F8
22:2:38:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
22:2:38:388 4524 KLMD_ReadMem: DeviceIoControl error 1
22:2:38:388 4524 TDL3_StartIoHookDetect: Unable to get StartIo handler code
22:2:38:388 4524 TDL3_FileDetect: Processing driver: Disk
22:2:38:388 4524 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
22:2:38:388 4524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
22:2:38:388 4524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
22:2:38:403 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8502D5A8
22:2:38:403 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8502D5A8
22:2:38:403 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 851CFA28
22:2:38:403 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851CFA28
22:2:38:403 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 85051F18
22:2:38:403 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85051F18
22:2:38:403 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8502EB28
22:2:38:403 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8502EB28
22:2:38:403 4524 KLMD_ReadMem: Trying to ReadMemory 0x8502EB28[0x38]
22:2:38:403 4524 DetectCureTDL3: DRIVER_OBJECT addr: 851684D0
22:2:38:403 4524 KLMD_ReadMem: Trying to ReadMemory 0x851684D0[0xA8]
22:2:38:403 4524 KLMD_ReadMem: Trying to ReadMemory 0xE1BEBE20[0x208]
22:2:38:403 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
22:2:38:403 4524 DetectCureTDL3: IrpHandler (0) addr: F734F572
22:2:38:403 4524 DetectCureTDL3: IrpHandler (1) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (2) addr: F734F572
22:2:38:403 4524 DetectCureTDL3: IrpHandler (3) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (4) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (5) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (6) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (7) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (8) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (9) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (10) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (11) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (12) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (13) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (14) addr: F734F592
22:2:38:403 4524 DetectCureTDL3: IrpHandler (15) addr: F734B7B4
22:2:38:403 4524 DetectCureTDL3: IrpHandler (16) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (17) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (18) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (19) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (20) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (21) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (22) addr: F734F5BC
22:2:38:403 4524 DetectCureTDL3: IrpHandler (23) addr: F7356164
22:2:38:403 4524 DetectCureTDL3: IrpHandler (24) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (25) addr: 804F33F8
22:2:38:403 4524 DetectCureTDL3: IrpHandler (26) addr: 804F33F8
22:2:38:403 4524 KLMD_ReadMem: Trying to ReadMemory 0xF734C7C6[0x400]
22:2:38:403 4524 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 229, 0
22:2:38:403 4524 TDL3_FileDetect: Processing driver: atapi
22:2:38:403 4524 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
22:2:38:403 4524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
22:2:38:403 4524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
22:2:38:466 4524
Completed
Results:
22:2:38:466 4524 Infected objects in memory: 0
22:2:38:466 4524 Cured objects in memory: 0
22:2:38:466 4524 Infected objects on disk: 0
22:2:38:466 4524 Objects on disk cured on reboot: 0
22:2:38:466 4524 Objects on disk deleted on reboot: 0
22:2:38:466 4524 Registry nodes deleted on reboot: 0
22:2:38:466 4524
Hi,
Go to update tab in MBAM and check for updates. When the latest definitions have been downloaded, run a quick scan and let MBAM delete its findings. Post back the report.
Hazeleye
2009-12-21, 16:15
Ummm... o-o Did it not update right or something?
Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 2
8:11:57 AM 12/21/2009
mbam-log-12-21-2009 (08-11-57).txt
Scan type: Quick Scan
Objects scanned: 71239
Time elapsed: 33 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
No it didn't. Uninstall your outdated MBAM version. Then download a fresh one here (http://malwarebytes.org/). Install it and let it update itself. Then run a quick scan (letting the bad items be removed) and post back the report.
Hazeleye
2009-12-29, 02:59
Yes. I'm sorry, the holidays just ate up at time. I'll be installing malewarebytes again now.
Hazeleye
2009-12-29, 03:10
Ok, I went to download malewarebytes, but every time I try running it, it can't find mbam.exe. I went to go run it, but it doesn't appear to have been downloaded in the setup.
Hi,
Let's try other method.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hazeleye
2009-12-29, 16:19
I see something about avast! in the log. I couldn't disable the scan before combofix ran. At least it didn't harm the computer as far as I can see right now.
ComboFix 09-12-28.05 - Rhiannon's Test 12/29/2009 7:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.222 [GMT -6:00]
Running from: c:\documents and settings\Rhiannon's Test\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 091031-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\PersonalAV
c:\documents and settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk
c:\documents and settings\All Users\Start Menu\PersonalAV\Uninstall.lnk
c:\documents and settings\jo\Desktop\Personal Antivirus.lnk
c:\documents and settings\josh\Application Data\Adobe\crc.dat
c:\documents and settings\josh\Application Data\FunWebProducts
c:\documents and settings\josh\Application Data\FunWebProducts\Data\josh\avatar.dat
c:\documents and settings\josh\Application Data\FunWebProducts\Data\josh\register.dat
c:\documents and settings\josh\Application Data\FunWebProducts\Data\josh\zbucks.dat
c:\documents and settings\josh\Favorites\Download programs.url
c:\documents and settings\josh\Favorites\Games.url
c:\documents and settings\josh\Favorites\Translator.url
c:\documents and settings\josh\Favorites\Videos.url
c:\documents and settings\Rhiannon's Test\Client.exe
c:\documents and settings\Rhiannon's Test\Mint.dll
c:\documents and settings\Rhiannon's Test\Oasis.dll
c:\documents and settings\Rhiannon's Test\Pleione.dll
c:\documents and settings\Rhiannon's Test\Renderer2.dll
c:\documents and settings\Rhiannon's Test\Skill.dll
c:\documents and settings\Rhiannon's Test\Standard.dll
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\11465116.dll
c:\windows\system32\29647480.dll
c:\windows\system32\3302715.dll
c:\windows\system32\4844424.dll
c:\windows\system32\bavugiba.dll
c:\windows\system32\bemadoko.dll
c:\windows\system32\beromavu.dll
c:\windows\system32\bibegipe.dll
c:\windows\system32\bigupavi.dll
c:\windows\system32\bipeyewu.dll
c:\windows\system32\biteketi.dll.tmp
c:\windows\system32\bupufana.dll
c:\windows\system32\conpuhdf.ini
c:\windows\system32\deniyiri.dll
c:\windows\system32\divhlykf.ini
c:\windows\system32\dizagiji.dll
c:\windows\system32\djhipidp.ini
c:\windows\system32\dokajihe.dll
c:\windows\system32\dplkssje.ini
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\dubolaho.dll
c:\windows\system32\dujewora.dll
c:\windows\system32\dukeyiwa.dll
c:\windows\system32\dunahewa.dll.tmp
c:\windows\system32\duzileru.dll
c:\windows\system32\fazotapa.dll
c:\windows\system32\fesejami.dll
c:\windows\system32\fokegame.dll
c:\windows\system32\gamuhabo.dll
c:\windows\system32\gelarijo.dll
c:\windows\system32\gemidesu.dll
c:\windows\system32\gnmenwqe.ini
c:\windows\system32\godohavu.dll
c:\windows\system32\gozayiwo.dll.tmp
c:\windows\system32\gozomeji.dll
c:\windows\system32\gupuvefa.dll
c:\windows\system32\guserohu.dll
c:\windows\system32\habanuvo.dll
c:\windows\system32\haferabo.dll
c:\windows\system32\hahahewe.dll
c:\windows\system32\hahonuhe.dll
c:\windows\system32\hajigira.dll
c:\windows\system32\hatajude.dll.tmp
c:\windows\system32\hatufuto.dll.tmp
c:\windows\system32\hatutiza.dll
c:\windows\system32\havuwawo.dll
c:\windows\system32\hekajezo.dll
c:\windows\system32\hepoyaba.dll.tmp
c:\windows\system32\heyuyale.dll
c:\windows\system32\hinebume.dll
c:\windows\system32\hiniripa.dll
c:\windows\system32\hofalobu.dll
c:\windows\system32\jalopeya.dll
c:\windows\system32\jawehuvi.dll
c:\windows\system32\jepafuzi.dll
c:\windows\system32\jijoseyi.dll
c:\windows\system32\johazaka.dll
c:\windows\system32\jumowedu.dll
c:\windows\system32\katunapi.dll
c:\windows\system32\kebegehu.dll
c:\windows\system32\kegayezu.dll
c:\windows\system32\kegebovo.dll
c:\windows\system32\kegosipi.dll
c:\windows\system32\kihebete.dll
c:\windows\system32\kivukedo.dll
c:\windows\system32\kivuvira.dll.tmp
c:\windows\system32\kodusagi.dll
c:\windows\system32\kokiguto.dll
c:\windows\system32\koligize.dll
c:\windows\system32\kotafeka.dll
c:\windows\system32\kotajime.dll
c:\windows\system32\kstryswf.ini
c:\windows\system32\kuwotevi.dll
c:\windows\system32\lehazapi.dll
c:\windows\system32\lepefihi.dll
c:\windows\system32\lilatawi.dll
c:\windows\system32\liwoduki.dll
c:\windows\system32\lizofeje.dll
c:\windows\system32\loburako.dll
c:\windows\system32\logon.exe
c:\windows\system32\lovebudo.dll
c:\windows\system32\lulapifi.dll
c:\windows\system32\makorofi.dll
c:\windows\system32\mazileve.dll
c:\windows\system32\meroyete.dll
c:\windows\system32\mobahibe.dll
c:\windows\system32\monetehe.dll.tmp
c:\windows\system32\msxmlm.dll.tmp
c:\windows\system32\nafugizu.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\nejifayo.dll
c:\windows\system32\nenunizo.dll
c:\windows\system32\nfr.assembly
c:\windows\system32\ninezoni.dll.tmp
c:\windows\system32\nugebini.dll
c:\windows\system32\nuzevuzi.dll
c:\windows\system32\pafuzaji.dll
c:\windows\system32\papewohu.dll
c:\windows\system32\parahuri.dll
c:\windows\system32\patayaru.dll
c:\windows\system32\pehirema.dll
c:\windows\system32\pilopume.dll
c:\windows\system32\piralume.dll
c:\windows\system32\piyudijo.dll
c:\windows\system32\potumene.dll
c:\windows\system32\ragatusi.dll
c:\windows\system32\ranusanu.dll.tmp
c:\windows\system32\ravufoza.dll
c:\windows\system32\renavozi.dll
c:\windows\system32\rjnrpkml.ini
c:\windows\system32\rujisovo.dll
c:\windows\system32\ruzosewu.dll
c:\windows\system32\savogiju.dll
c:\windows\system32\sebenefi.dll
c:\windows\system32\segudedu.dll
c:\windows\system32\seyamoyu.dll.tmp
c:\windows\system32\sihiyadu.dll
c:\windows\system32\tahisepi.dll
c:\windows\system32\tajuzufo.dll
c:\windows\system32\tapeyaki.dll
c:\windows\system32\tevajeke.dll
c:\windows\system32\tfybpwmr.ini
c:\windows\system32\tomutote.dll
c:\windows\system32\tufemivu.dll
c:\windows\system32\ubthltcx.ini
c:\windows\system32\uumfpvqb.ini
c:\windows\system32\vafubamu.dll
c:\windows\system32\vagazodi.dll
c:\windows\system32\vebimayo.dll
c:\windows\system32\vemopado.dll
c:\windows\system32\vesetoni.dll
c:\windows\system32\vilibosi.dll
c:\windows\system32\virurire.dll
c:\windows\system32\vohetufa.dll
c:\windows\system32\vsbtcanl.ini
c:\windows\system32\wahojawi.dll
c:\windows\system32\worayewu.dll
c:\windows\system32\wunugivi.dll
c:\windows\system32\wuyofage.dll
c:\windows\system32\xwkmlsln.ini
c:\windows\system32\yajavibe.dll
c:\windows\system32\yilative.dll
c:\windows\system32\yisiwusu.dll
c:\windows\system32\yosinege.dll
c:\windows\system32\yoyawuzo.dll.tmp
c:\windows\system32\yuligugu.dll
c:\windows\system32\yutehale.dll
c:\windows\system32\zafusiyo.dll
c:\windows\system32\zanelupo.dll
c:\windows\system32\zefozawu.dll
c:\windows\system32\zehuzumo.dll
c:\windows\system32\zijigegu.dll
c:\windows\system32\zofepaso.dll
c:\windows\system32\zofitemi.dll
c:\windows\system32\zoroviro.dll
c:\windows\system32\zugowuva.dll
c:\windows\system32\zuterolo.dll
c:\windows\Tasks\kpdtysws.job
c:\windows\unins000.dat
c:\windows\unins000.exe
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://82.98.235.39
hxxp://82.98.235.34
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-03 02:40 . 2009-12-03 02:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-12-03 02:38 . 2009-12-04 13:37 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\Xfire
2009-12-01 01:56 . 2009-12-01 01:56 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\Uniblue
2009-11-30 02:42 . 2009-11-30 02:42 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 01:02 . 2008-09-02 04:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 19:01 . 2009-04-26 04:01 4 ----a-w- c:\documents and settings\Rhiannon's Test\version.dat
2009-12-24 18:58 . 2008-04-09 00:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 18:58 . 2009-12-02 00:09 -------- d-----w- c:\program files\Spyware Doctor
2009-12-24 18:58 . 2009-12-02 00:09 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-23 15:47 . 2009-04-16 22:27 1578 ----a-w- c:\documents and settings\jo\Application Data\wklnhst.dat
2009-12-21 15:17 . 2009-07-23 18:57 5776 ----a-w- c:\documents and settings\Rhiannon's Test\va.dat
2009-12-21 15:17 . 2009-04-26 05:03 5776 ----a-w- c:\documents and settings\Rhiannon's Test\vacache.dat
2009-12-16 13:09 . 2009-03-15 02:41 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\Audacity
2009-12-15 12:53 . 2009-12-15 12:53 -------- d-----w- c:\program files\Audacity
2009-12-13 01:18 . 2009-04-26 04:01 1141496 ----a-w- c:\documents and settings\Rhiannon's Test\Mabinogi.exe
2009-12-10 01:39 . 2009-08-20 19:41 -------- d-----w- c:\program files\Avidemux 2.5
2009-12-09 16:02 . 2007-01-25 03:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-07 15:14 . 2009-07-23 18:57 888832 ----a-w- c:\documents and settings\Rhiannon's Test\EXL.dll
2009-12-07 15:14 . 2009-07-23 18:57 1110016 ----a-w- c:\documents and settings\Rhiannon's Test\ESL.dll
2009-12-03 22:14 . 2009-12-29 01:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-12-29 01:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 22:50 . 2009-12-02 22:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-01 16:11 . 2009-08-05 21:15 -------- d-----w- c:\program files\PersonalAV
2009-12-01 01:35 . 2009-03-14 04:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-01 01:29 . 2009-04-25 06:47 -------- d-----w- c:\program files\Pando Networks
2009-12-01 01:28 . 2007-05-19 21:12 -------- d-----w- c:\program files\Google
2009-11-30 21:20 . 2006-08-01 18:39 -------- d-----w- c:\program files\Real
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-25 22:20 . 2009-11-25 22:20 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\HPQ
2009-11-15 00:30 . 2009-04-10 01:32 -------- d-----w- c:\program files\Windows Live
2009-11-12 13:37 . 2009-04-05 22:37 -------- d-----w- c:\documents and settings\Rhiannon's Test\Application Data\U3
2009-09-16 04:42 . 2009-09-16 04:42 92160 --sha-w- c:\windows\system32\bigivete.dll
2009-09-11 16:52 . 2009-09-11 16:52 92160 --sha-w- c:\windows\system32\danujave.dll
2009-09-17 04:43 . 2009-09-17 04:43 92160 --sha-w- c:\windows\system32\fatopoze.dll
2009-09-19 04:43 . 2009-09-19 04:43 92160 --sha-w- c:\windows\system32\fuhubuga.dll
2009-09-13 16:41 . 2009-09-13 16:41 92160 --sha-w- c:\windows\system32\gazonima.dll
2009-09-27 04:48 . 2009-09-27 04:48 92672 --sha-w- c:\windows\system32\hosavuzu.dll
2009-09-27 16:48 . 2009-09-27 16:48 92672 --sha-w- c:\windows\system32\hulifofa.dll
2009-09-20 04:44 . 2009-09-20 04:44 92160 --sha-w- c:\windows\system32\kaputigu.dll
2009-09-20 16:44 . 2009-09-20 16:44 92672 --sha-w- c:\windows\system32\laninejo.dll
2009-09-26 16:48 . 2009-09-26 16:48 91648 --sha-w- c:\windows\system32\likulida.dll
2009-09-16 16:43 . 2009-09-16 16:43 91648 --sha-w- c:\windows\system32\nijonina.dll
2009-09-23 16:46 . 2009-09-23 16:46 92160 --sha-w- c:\windows\system32\nipedehu.dll
2009-09-26 04:48 . 2009-09-26 04:48 92672 --sha-w- c:\windows\system32\nipujija.dll
2009-09-21 16:45 . 2009-09-21 16:45 92672 --sha-w- c:\windows\system32\nohutabo.dll
2009-09-14 04:41 . 2009-09-14 04:41 91648 --sha-w- c:\windows\system32\noyahopi.dll
2009-09-24 04:46 . 2009-09-24 04:46 92160 --sha-w- c:\windows\system32\pavoleva.dll
2009-09-12 16:41 . 2009-09-12 16:41 92672 --sha-w- c:\windows\system32\povehana.dll
2009-09-18 04:43 . 2009-09-18 04:43 92160 --sha-w- c:\windows\system32\sikemaha.dll
2009-09-24 16:46 . 2009-09-24 16:46 92672 --sha-w- c:\windows\system32\sufasisa.dll
2009-09-25 04:47 . 2009-09-25 04:47 92672 --sha-w- c:\windows\system32\tewujizi.dll
2009-09-28 16:48 . 2009-09-28 16:48 92672 --sha-w- c:\windows\system32\tizojipi.dll
2009-09-28 04:48 . 2009-09-28 04:48 91648 --sha-w- c:\windows\system32\vukahesu.dll
2009-09-22 04:45 . 2009-09-22 04:45 92160 --sha-w- c:\windows\system32\wahewuvu.dll
2009-09-23 04:46 . 2009-09-23 04:46 92160 --sha-w- c:\windows\system32\wowafuha.dll
2009-09-22 16:45 . 2009-09-22 16:45 92672 --sha-w- c:\windows\system32\yegegeyo.dll
2009-09-18 16:43 . 2009-09-18 16:43 92160 --sha-w- c:\windows\system32\yevilido.dll
2009-09-19 16:43 . 2009-09-19 16:43 92672 --sha-w- c:\windows\system32\yonevena.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 0B788EE2A876D7B31DF840C13F08CD2B . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-14 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz"="nwiz.exe" [2006-05-09 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - c:\program files\SBC LightSpeed Self Support Tool\bin\matcli.exe [2007-2-13 217088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Rhiannon's Test\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=
"c:\\users\\Xfire\\xfire.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/10/2009 7:55 AM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/10/2009 7:55 AM 20560]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/14/2008 11:47 AM 1527900]
S3 SM_sugo3_FUService;sugo3 Status Monitor Service;"c:\program files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc /Service --> c:\program files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f8ce36799427495cb338f8811884c04c
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f8ce36799427495cb338f8811884c04c
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rhiannon\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {A9CAAE97-26E2-4688-B98F-DD817A07F87A} = 83.149.115.182
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
FF - ProfilePath - c:\documents and settings\Rhiannon's Test\Application Data\Mozilla\Firefox\Profiles\ununt94c.default\
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\josh\My Documents\rhiannon\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\documents and settings\josh\My Documents\rhiannon\DivX\DivX Web Player\npdivx32.dll
FF - plugin: c:\documents and settings\Rhiannon's Test\My Documents\plugins\npraclient.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{41308349-428d-4fde-9f9b-2686ab1c0283} - jalopeya.dll
BHO-{6BB205DE-B01A-40EF-8180-0161596FB491} - (no file)
HKLM-Run-kftrbpuo - c:\documents and settings\jo\Local Settings\Application Data\scnvix\ddgssysguard.exe
HKLM-Run-redirapew - c:\windows\system32\hahahewe.dll
HKLM-Run-jewofobaga - beromavu.dll
SharedTaskScheduler-{38b56731-8dc0-444f-87be-2b8af428803d} - (no file)
SharedTaskScheduler-{0587af97-e021-46fc-9459-311bf1c00600} - (no file)
SharedTaskScheduler-{e787dc79-0860-43cf-b69d-d6bdb5f379f8} - (no file)
SharedTaskScheduler-{fadb3b2d-a359-4584-83ff-b9d5d1596ea3} - (no file)
SharedTaskScheduler-{a57ecf26-e466-4c19-af5e-ca099a1539e4} - c:\windows\system32\hiniripa.dll
SharedTaskScheduler-{e8d0b91e-ac54-45ad-9c03-a041dbd3a113} - c:\windows\system32\hiniripa.dll
SharedTaskScheduler-{1b98fed0-a587-4c52-b3b4-c7e0791f8539} - c:\windows\system32\hiniripa.dll
SharedTaskScheduler-{16922b17-570b-4734-868d-f143e570aafe} - (no file)
SharedTaskScheduler-{24578b25-61fa-42a1-9d44-c350e1887a49} - (no file)
SharedTaskScheduler-{a6e7a09d-e7ef-4168-9510-dceb57dc9a9c} - (no file)
SharedTaskScheduler-{a7ea85ad-2cda-4410-8a9d-4be8b88e6966} - (no file)
SharedTaskScheduler-{f3069fac-109e-463f-9672-2fe032352f33} - (no file)
SharedTaskScheduler-{f53210fb-d84f-42ea-97f8-f87d4451634d} - (no file)
SharedTaskScheduler-{9d60566f-3dec-4cf1-94fe-8b7c87c1751f} - (no file)
SharedTaskScheduler-{140ae5d0-957f-4f18-a7a1-774274f50dc8} - (no file)
SharedTaskScheduler-{ef44365b-aa01-4b5b-812c-810a631465c1} - c:\windows\system32\hahahewe.dll
SSODL-denizubor-{38b56731-8dc0-444f-87be-2b8af428803d} - (no file)
SSODL-zotiguvas-{0587af97-e021-46fc-9459-311bf1c00600} - (no file)
SSODL-mefufevon-{e787dc79-0860-43cf-b69d-d6bdb5f379f8} - (no file)
SSODL-kewazoluz-{fadb3b2d-a359-4584-83ff-b9d5d1596ea3} - (no file)
SSODL-fupayuzil-{a57ecf26-e466-4c19-af5e-ca099a1539e4} - c:\windows\system32\hiniripa.dll
SSODL-wuyakidos-{e8d0b91e-ac54-45ad-9c03-a041dbd3a113} - c:\windows\system32\hiniripa.dll
SSODL-sasisufek-{1b98fed0-a587-4c52-b3b4-c7e0791f8539} - c:\windows\system32\hiniripa.dll
SSODL-dafohidop-{16922b17-570b-4734-868d-f143e570aafe} - (no file)
SSODL-vilanewil-{24578b25-61fa-42a1-9d44-c350e1887a49} - (no file)
SSODL-sobosofiy-{a6e7a09d-e7ef-4168-9510-dceb57dc9a9c} - (no file)
SSODL-vasevujom-{a7ea85ad-2cda-4410-8a9d-4be8b88e6966} - (no file)
SSODL-buwaparon-{f3069fac-109e-463f-9672-2fe032352f33} - (no file)
SSODL-fekevamej-{f53210fb-d84f-42ea-97f8-f87d4451634d} - (no file)
SSODL-laheduret-{9d60566f-3dec-4cf1-94fe-8b7c87c1751f} - (no file)
SSODL-zukajavaw-{140ae5d0-957f-4f18-a7a1-774274f50dc8} - (no file)
SSODL-meturakut-{ef44365b-aa01-4b5b-812c-810a631465c1} - c:\windows\system32\hahahewe.dll
AddRemove-{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1 - c:\windows\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 07:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SM_sugo3_FUService]
"ImagePath"="\"c:\program files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc /Service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,03,c2,cc,c0,5b,c0,44,a2,40,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,03,c2,cc,c0,5b,c0,44,a2,40,12,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3300)
c:\progra~1\SBCLIG~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\documents and settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-12-29 08:06:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-29 14:06
Pre-Run: 51,869,327,360 bytes free
Post-Run: 52,585,488,384 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BBCBEFF051D458EFB2008AD226A883BE
When you say new dds log, is that that tddskiller.exe from before?
Hi,
DDS log is the one instructed here (http://forums.spybot.info/showpost.php?p=350085&postcount=2) :)
Is D: drive recovery partition?
Hazeleye
2009-12-29, 16:43
DDS Log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Rhiannon's Test at 8:36:42.50 on Tue 12/29/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.5.0_06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.104 [GMT -6:00]
AV: avast! antivirus 4.8.1229 [VPS 091031-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\rhiannon's test\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc lightspeed self support tool\bin\matcli.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f8ce36799427495cb338f8811884c04c
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f8ce36799427495cb338f8811884c04c
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rhiannon\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v47/wwspades/wwspades.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {A9CAAE97-26E2-4688-B98F-DD817A07F87A} = 83.149.115.182
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rhiann~1\applic~1\mozilla\firefox\profiles\ununt94c.default\
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-10 147640]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-10 250040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-10 348344]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-8-14 1527900]
=============== Created Last 30 ================
2009-12-29 13:15:59 0 d-sha-r- C:\cmdcons
2009-12-29 13:14:00 98816 ----a-w- c:\windows\sed.exe
2009-12-29 13:14:00 77312 ----a-w- c:\windows\MBR.exe
2009-12-29 13:14:00 261632 ----a-w- c:\windows\PEV.exe
2009-12-29 13:14:00 161792 ----a-w- c:\windows\SWREG.exe
2009-12-29 01:08:19 0 d-----w- c:\windows\Malwarebytes' Anti-Malware
2009-12-29 01:01:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 01:01:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 00:13:31 82944 ---h-tw- c:\windows\system32\1a9e40b8.dll
2009-12-19 16:25:52 82944 ---h-tw- c:\windows\system32\114a2f0.dll
2009-12-19 16:25:51 82944 ---h-tw- c:\windows\system32\e917a30.dll
2009-12-19 01:56:52 82944 ---h-tw- c:\windows\system32\50fd348.dll
2009-12-19 01:56:51 82944 ---h-tw- c:\windows\system32\18a19c04.dll
2009-12-15 12:53:30 0 d-----w- c:\program files\Audacity
2009-12-14 02:00:03 82944 ---h-tw- c:\windows\system32\81cf513.dll
2009-12-14 02:00:03 82944 ---h-tw- c:\windows\system32\17d97602.dll
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\3294e28.dll
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\281288d8.dll
2009-12-03 03:43:04 82944 ---h-tw- c:\windows\system32\2e6b606e.dll
2009-12-03 03:43:03 82944 ---h-tw- c:\windows\system32\19eca5c8.dll
2009-12-03 02:38:39 0 d-----w- c:\docume~1\rhiann~1\applic~1\Xfire
2009-12-02 01:12:44 0 d-----w- C:\ERUNT
2009-12-02 00:09:45 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 00:09:43 0 d-----w- c:\program files\Spyware Doctor
2009-12-01 01:56:49 0 d-----w- c:\docume~1\rhiann~1\applic~1\Uniblue
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\19c34b88.dll
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\1820ab60.dll
2009-12-01 00:55:20 82944 ---h-tw- c:\windows\system32\19bd9f53.dll
2009-12-01 00:55:19 82944 ---h-tw- c:\windows\system32\8998cfe.dll
2009-11-30 19:37:34 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 03:24:08 82944 ---h-tw- c:\windows\system32\ba2f48a.dll
2009-11-30 03:24:07 82944 ---h-tw- c:\windows\system32\667f24c.dll
2009-11-30 02:42:38 0 d-----w- c:\docume~1\rhiann~1\applic~1\Malwarebytes
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\aa08cac.dll
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\17634dce.dll
==================== Find3M ====================
2009-12-24 19:01:21 4 ----a-w- c:\documents and settings\rhiannon's test\version.dat
2009-12-21 15:17:22 5776 ----a-w- c:\documents and settings\rhiannon's test\vacache.dat
2009-12-21 15:17:22 5776 ----a-w- c:\documents and settings\rhiannon's test\va.dat
2009-12-13 01:18:20 1141496 ----a-w- c:\documents and settings\rhiannon's test\Mabinogi.exe
2009-12-07 15:14:50 888832 ----a-w- c:\documents and settings\rhiannon's test\EXL.dll
2009-12-07 15:14:32 1110016 ----a-w- c:\documents and settings\rhiannon's test\ESL.dll
2009-09-16 04:42:34 92160 --sha-w- c:\windows\system32\bigivete.dll
2009-09-11 16:52:22 92160 --sha-w- c:\windows\system32\danujave.dll
2009-09-17 04:43:07 92160 --sha-w- c:\windows\system32\fatopoze.dll
2009-09-19 04:43:43 92160 --sha-w- c:\windows\system32\fuhubuga.dll
2009-09-13 16:41:49 92160 --sha-w- c:\windows\system32\gazonima.dll
2009-09-27 04:48:13 92672 --sha-w- c:\windows\system32\hosavuzu.dll
2009-09-27 16:48:21 92672 --sha-w- c:\windows\system32\hulifofa.dll
2009-09-20 04:44:24 92160 --sha-w- c:\windows\system32\kaputigu.dll
2009-09-20 16:44:23 92672 --sha-w- c:\windows\system32\laninejo.dll
2009-09-26 16:48:09 91648 --sha-w- c:\windows\system32\likulida.dll
2009-09-16 16:43:00 91648 --sha-w- c:\windows\system32\nijonina.dll
2009-09-23 16:46:18 92160 --sha-w- c:\windows\system32\nipedehu.dll
2009-09-26 04:48:02 92672 --sha-w- c:\windows\system32\nipujija.dll
2009-09-21 16:45:15 92672 --sha-w- c:\windows\system32\nohutabo.dll
2009-09-14 04:41:56 91648 --sha-w- c:\windows\system32\noyahopi.dll
2009-09-24 04:46:27 92160 --sha-w- c:\windows\system32\pavoleva.dll
2009-09-12 16:41:20 92672 --sha-w- c:\windows\system32\povehana.dll
2009-09-18 04:43:45 92160 --sha-w- c:\windows\system32\sikemaha.dll
2009-09-24 16:46:55 92672 --sha-w- c:\windows\system32\sufasisa.dll
2009-09-25 04:47:22 92672 --sha-w- c:\windows\system32\tewujizi.dll
2009-09-28 16:48:32 92672 --sha-w- c:\windows\system32\tizojipi.dll
2009-09-28 04:48:31 91648 --sha-w- c:\windows\system32\vukahesu.dll
2009-09-22 04:45:28 92160 --sha-w- c:\windows\system32\wahewuvu.dll
2009-09-23 04:46:01 92160 --sha-w- c:\windows\system32\wowafuha.dll
2009-09-22 16:45:45 92672 --sha-w- c:\windows\system32\yegegeyo.dll
2009-09-18 16:43:41 92160 --sha-w- c:\windows\system32\yevilido.dll
2009-09-19 16:43:59 92672 --sha-w- c:\windows\system32\yonevena.dll
============= FINISH: 8:37:55.46 ===============
Should I include the attact.txt?
And if by recovery partition you mean the D: drive that's always 100% filled, then yes. Otherwise, I don't know what you're talking about ._.;;
Please see if MBAM can be installed now. Update the definitions and run a quick scan, and post back the report.
And if by recovery partition you mean the D: drive that's always 100% filled, then yes.
Yes, that's what I meant :)
Hazeleye
2009-12-29, 18:20
Malwarebytes' Anti-Malware 1.42
Database version: 3449
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372
12/29/2009 10:17:37 AM
mbam-log-2009-12-29 (10-17-23).txt
Scan type: Quick Scan
Objects scanned: 145356
Time elapsed: 40 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a9caae97-26e2-4688-b98f-dd817a07f87a}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.182 -> No action taken.
Folders Infected:
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.
Files Infected:
C:\WINDOWS\system32\bigivete.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\danujave.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fatopoze.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fuhubuga.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gazonima.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hosavuzu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hulifofa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kaputigu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\laninejo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\likulida.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nijonina.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nipedehu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nipujija.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nohutabo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\noyahopi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pavoleva.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\povehana.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sikemaha.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sufasisa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tewujizi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tizojipi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vukahesu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wahewuvu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wowafuha.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yegegeyo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yevilido.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yonevena.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\9gdfgjf23 (Worm.KoobFace) -> No action taken.
C:\WINDOWS\t55ft3518f44.dat (Worm.KoobFace) -> No action taken.
I didn't close the mbam window, so should I click remove selected?
Let MBAM remove its findings. Reboot the system if MBAM doesn't do it and post a fresh dds.txt log after that.
Hazeleye
2009-12-29, 19:58
New log:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Rhiannon's Test at 11:50:10.76 on Tue 12/29/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.5.0_06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.43 [GMT -6:00]
AV: avast! antivirus 4.8.1229 [VPS 091031-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Rhiannon's Test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rhiannon's Test\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\rhiannon's test\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc lightspeed self support tool\bin\matcli.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?f8ce36799427495cb338f8811884c04c
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?f8ce36799427495cb338f8811884c04c
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\rhiannon\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v47/wwspades/wwspades.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rhiann~1\applic~1\mozilla\firefox\profiles\ununt94c.default\
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-10 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-10 20560]
=============== Created Last 30 ================
2009-12-29 13:15:59 0 d-sha-r- C:\cmdcons
2009-12-29 13:14:00 98816 ----a-w- c:\windows\sed.exe
2009-12-29 13:14:00 77312 ----a-w- c:\windows\MBR.exe
2009-12-29 13:14:00 261632 ----a-w- c:\windows\PEV.exe
2009-12-29 13:14:00 161792 ----a-w- c:\windows\SWREG.exe
2009-12-29 01:08:19 0 d-----w- c:\windows\Malwarebytes' Anti-Malware
2009-12-29 01:01:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 01:01:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 00:13:31 82944 ---h-tw- c:\windows\system32\1a9e40b8.dll
2009-12-19 16:25:52 82944 ---h-tw- c:\windows\system32\114a2f0.dll
2009-12-19 16:25:51 82944 ---h-tw- c:\windows\system32\e917a30.dll
2009-12-19 01:56:52 82944 ---h-tw- c:\windows\system32\50fd348.dll
2009-12-19 01:56:51 82944 ---h-tw- c:\windows\system32\18a19c04.dll
2009-12-15 12:53:30 0 d-----w- c:\program files\Audacity
2009-12-14 02:00:03 82944 ---h-tw- c:\windows\system32\81cf513.dll
2009-12-14 02:00:03 82944 ---h-tw- c:\windows\system32\17d97602.dll
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\3294e28.dll
2009-12-04 04:48:50 82944 ---h-tw- c:\windows\system32\281288d8.dll
2009-12-03 03:43:04 82944 ---h-tw- c:\windows\system32\2e6b606e.dll
2009-12-03 03:43:03 82944 ---h-tw- c:\windows\system32\19eca5c8.dll
2009-12-03 02:38:39 0 d-----w- c:\docume~1\rhiann~1\applic~1\Xfire
2009-12-02 01:12:44 0 d-----w- C:\ERUNT
2009-12-02 00:09:45 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 00:09:43 0 d-----w- c:\program files\Spyware Doctor
2009-12-01 01:56:49 0 d-----w- c:\docume~1\rhiann~1\applic~1\Uniblue
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\19c34b88.dll
2009-12-01 00:56:52 82944 ---h-tw- c:\windows\system32\1820ab60.dll
2009-12-01 00:55:20 82944 ---h-tw- c:\windows\system32\19bd9f53.dll
2009-12-01 00:55:19 82944 ---h-tw- c:\windows\system32\8998cfe.dll
2009-11-30 19:37:34 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-30 03:24:08 82944 ---h-tw- c:\windows\system32\ba2f48a.dll
2009-11-30 03:24:07 82944 ---h-tw- c:\windows\system32\667f24c.dll
2009-11-30 02:42:38 0 d-----w- c:\docume~1\rhiann~1\applic~1\Malwarebytes
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\aa08cac.dll
2009-11-29 19:47:25 82944 ---h-tw- c:\windows\system32\17634dce.dll
==================== Find3M ====================
2009-12-24 19:01:21 4 ----a-w- c:\documents and settings\rhiannon's test\version.dat
2009-12-21 15:17:22 5776 ----a-w- c:\documents and settings\rhiannon's test\vacache.dat
2009-12-21 15:17:22 5776 ----a-w- c:\documents and settings\rhiannon's test\va.dat
2009-12-13 01:18:20 1141496 ----a-w- c:\documents and settings\rhiannon's test\Mabinogi.exe
2009-12-07 15:14:50 888832 ----a-w- c:\documents and settings\rhiannon's test\EXL.dll
2009-12-07 15:14:32 1110016 ----a-w- c:\documents and settings\rhiannon's test\ESL.dll
============= FINISH: 11:56:03.04 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
FileLook::
c:\documents and settings\Rhiannon's Test\version.dat
c:\documents and settings\Rhiannon's Test\va.dat
c:\documents and settings\Rhiannon's Test\vacache.dat
Folder::
c:\Program Files\DNA
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
File::
c:\windows\system32\1a9e40b8.dll
c:\windows\system32\114a2f0.dll
c:\windows\system32\e917a30.dll
c:\windows\system32\50fd348.dll
c:\windows\system32\18a19c04.dll
c:\windows\system32\81cf513.dll
c:\windows\system32\17d97602.dll
c:\windows\system32\3294e28.dll
c:\windows\system32\281288d8.dll
c:\windows\system32\2e6b606e.dll
c:\windows\system32\19eca5c8.dll
c:\windows\system32\19c34b88.dll
c:\windows\system32\1820ab60.dll
c:\windows\system32\19bd9f53.dll
c:\windows\system32\8998cfe.dll
c:\windows\system32\ba2f48a.dll
c:\windows\system32\667f24c.dll
c:\windows\system32\aa08cac.dll
c:\windows\system32\17634dce.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Hazeleye
2010-01-05, 04:33
Ok. I'm still here. Thank you for not moving the thread. Haven't been home in days is all due to New Years. I have everything on there done but the Kaspersky scanner. Will do that now.
Ok. Thanks for the heads up.
Hazeleye
2010-01-07, 08:30
Hello again. A family death occurred and I'm leaving the country for two weeks at the least.
What I can say, though, is that the Kapersky online scanner was interrupted and paused flat at 49%. It detected some infection, but it took up so much memory that I could not use the computer at all. I had to turn off via power button and lost that data.
The google redirect and pop ups are gone, thank goodness, though. If this thread is going to be moved to archive in my absence, then I'd like to thank you ^^
I'm very sorry to hear about these sad news :sad:
I'll archive this topic now. If the original symptoms return we can continue when you get back.