Unknown infection, blocks executables

[JonTom]

Hello chrisbattista03

Go ahead and update Java, then run the Online scan.

Post the log in your next reply and describe how your machine is behaving now.

 

[chrisbattista03]

When i click on UPDATE NOW in the java program nothing seems to happen. it is even set to auto update. I tried 3 times and let it sit for 10 minutes and nothing happened.

I also tried to run a program I have called Secunia PSI (it looks for programs that are out of date and updates them) and Secunia would not get passed the stage of "verifying network connection"

I didn't know if i should run Kapersky without doing the java update so i haven't done it yet.

 

[JonTom]

Hello chrisbattista03

I didn't know if i should run Kapersky without doing the java update

The scan may work with the old Java you have, but it is much better to have the latest version as outdated versions of Java can be exploited by malware. If the automatic Java update is being problematic, we can update it manually:

1. Please update your Java
   
   
   • Click on "Start", then on "Control Panel".
   • Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find.
   • Reboot your computer.
   • Next, download the latest version of Java by clicking here
   • Scroll down the page until you reach "Java Platform Standard Edition".
   • Beneath this and to the right, you will see a red button marked "Download JRE".
   • Click the "Download JRE" button.
   • Select the platform (Windows, in your case), multi language.
   • Accept the license agreement and click on "Continue".
   • You do not have to register if you do not want to (the registration step is optional).
   • Scroll down and click on the file called jre-6u20-windows-i586.exe located under "Windows Offline Installation".
   • Save the file to your desktop.
   • Do not select Run.
   • Double click on the saved file (jre-6u20-windows-i586.exe) to install the update.
   • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
   
   Try the online scan now. If you run into any problems, come back and let me know.
   

 

[JonTom]

Did you manage to run the scan?

 

[chrisbattista03]

sorry, java updated successfully. during uninstalation of JRE i got this error notification:

java.lang.nullpointerException

there was more info, but i couldn't copy any of it, java seemed to uninstall fine otherwise, and re-installation was smoothe with no reboot. I am starting the Kapersky scan now log will follow.

 

[chrisbattista03]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 25, 2010 20:58:02
Records in database: 4298362
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 188551
Threats found: 5
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 04:00:22


File name / Threat / Threats count
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ql10wnt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_peehmji_.sys.zip Infected: Rootkit.Win32.Agent.bert 1
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: Rootkit.Win32.Agent.bert 1
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: Backdoor.Win32.TDSS.ro 4
C:\Qoobox\Quarantine\[4]-Submit_2010-06-10_12.02.58.zip Infected: not-a-virus:AdWare.Win32.RON.dvc 1
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0001232.sys Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.

 

[JonTom]

Hello chrisbattista03

We are almost there. The Kaspersky Scan has detected an infected file and some items that we will take care of when CF is uninstalled. We'll take care of the file first:

1. Please download OTM
   
   
   • Please download OTM by OldTimer by clicking here.
   • Save the file (called OTM.exe) to your desktop.
   • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
   • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
   
   
   

   :Processes 
   explorer.exe
   
   :Files
   C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml
   
   :Commands
   [Purity]
   [EmptyTemp]
   [Start Explorer]
   [Reboot]

   
   
   
   
   • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
   • Click the Moveit! button.
   • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
   • Close OTM.
   • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
   
   
   In your next post, please provide the OTM log and a fresh DDS scan of your machine.
   
   Also, please describe how your machine is behaving now.

 

[chrisbattista03]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Cubase LE
->Temp folder emptied: 3881 bytes
->Temporary Internet Files folder emptied: 276019 bytes
->Java cache emptied: 12184207 bytes
->FireFox cache emptied: 62244507 bytes
->Flash cache emptied: 19986 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Heather
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 11090635 bytes
->FireFox cache emptied: 8706445 bytes
->Flash cache emptied: 5795 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 767 bytes

User: Owner

User: Owner.YOUR-92C8B56D4E
->Temp folder emptied: 115887703 bytes
->Temporary Internet Files folder emptied: 6398019 bytes
->Java cache emptied: 16920147 bytes
->FireFox cache emptied: 31090746 bytes
->Flash cache emptied: 57511 bytes

User: OWNER~1~YOU

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3515178 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42206802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 16295712 bytes

Total Files Cleaned = 312.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 07022010_014837

Files moved on Reboot...

Registry entries deleted on Reboot...

.....................................................................................


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 1:59:09.53 on Fri 07/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.517 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GmoteServer\GmoteServer.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner.YOUR-92C8B56D4E\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-5-7 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-5-7 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-5-7 151297]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-15 14976]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-5-7 52056]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-7-5 18432]

=============== Created Last 30 ================

2010-07-02 05:48:37 0 d-----w- C:\_OTM
2010-06-26 01:46:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-26 01:46:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 05:14:16 0 d-----w- C:\Rooter$
2010-06-19 12:15:02 0 d-----w- c:\docume~1\owner~1.you\applic~1\SUPERAntiSpyware.com
2010-06-19 12:15:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-19 12:14:54 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 01:57:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 01:57:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 01:49:12 0 d-----w- C:\53d6fe556a3c2073a1b0bc57
2010-06-12 04:00:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 18:36:21 77312 ----a-w- c:\windows\MBR.exe
2010-06-03 13:22:24 98816 ----a-w- c:\windows\sed.exe
2010-06-03 13:22:24 256512 ----a-w- c:\windows\PEV.exe
2010-06-03 13:22:24 161792 ----a-w- c:\windows\SWREG.exe
2010-06-03 13:21:14 0 d-----w- C:\ComboFix
2010-06-03 12:03:02 0 d-----w- C:\28342

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-12-01 09:54:32 626688 ----a-w- c:\program files\common files\MSVCR80.dll

============= FINISH: 1:59:56.43 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2008 7:27:19 PM
System Uptime: 7/2/2010 1:56:26 AM (0 hours ago)

Motherboard: Winfast | | NF4(X)K8MC
Processor: AMD Athlon(tm) 64 Processor 4000+ | Socket 939 | 2412/194mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 182 GiB total, 32.094 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.435 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA(R) nForce(TM) Audio Codec Interface
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Manufacturer: NVIDIA Corporation
Name: NVIDIA(R) nForce(TM) Audio Codec Interface
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_0CA4105B&REV_A2\3&2411E6FE&0&20
Service: nvax

==== System Restore Points ===================

RP1: 6/1/2010 2:14:38 AM - System Checkpoint
RP2: 6/3/2010 9:22:59 AM - ComboFix created restore point
RP3: 6/8/2010 12:38:34 AM - System Checkpoint
RP4: 6/10/2010 11:59:29 AM - ComboFix created restore point
RP5: 6/11/2010 11:54:31 PM - Software Distribution Service 3.0
RP6: 6/12/2010 9:48:25 PM - Software Distribution Service 3.0
RP7: 6/13/2010 11:37:24 AM - Software Distribution Service 3.0
RP8: 6/15/2010 3:29:12 AM - System Checkpoint
RP9: 6/16/2010 3:49:32 AM - System Checkpoint
RP10: 6/17/2010 4:06:37 AM - System Checkpoint
RP11: 6/18/2010 4:25:38 AM - System Checkpoint
RP12: 6/19/2010 5:24:56 AM - System Checkpoint
RP13: 6/20/2010 5:25:37 AM - System Checkpoint
RP14: 6/21/2010 5:53:05 AM - System Checkpoint
RP15: 6/22/2010 7:11:29 AM - System Checkpoint
RP16: 6/23/2010 8:38:45 PM - System Checkpoint
RP17: 6/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP18: 6/25/2010 9:30:33 PM - Removed Java(TM) 6 Update 7
RP19: 6/25/2010 9:31:28 PM - Removed Java(TM) 6 Update 13
RP20: 6/25/2010 9:34:36 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP21: 6/25/2010 9:45:39 PM - Installed Java(TM) 6 Update 20
RP22: 6/27/2010 11:54:23 AM - System Checkpoint
RP23: 6/28/2010 12:27:17 PM - System Checkpoint
RP24: 6/29/2010 12:27:27 PM - System Checkpoint
RP25: 6/30/2010 1:36:24 PM - System Checkpoint
RP26: 7/1/2010 2:27:34 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI-SV92PP Soft Modem
Alesis io|2 ASIO Driver
Amazon MP3 Downloader 1.0.5
America Online (Choose which version to remove)
ANIO Service
ANIWZCS2 Service
Any Video Converter 3.0.5
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
AT&T Yahoo! Internet Mail
Athlon 64 Processor Driver
AVI DivX to DVD SVCD VCD Converter 4.0.0322
Avira AntiVir Personal - Free Antivirus
Bonjour
Browser Address Error Redirector
Connect
ConvertXtoDVD 3.5.1.135
Critical Update for Windows Media Player 11 (KB959772)
DebugMode Wax 2.0
Digital Media Reader
DVD Solution
EAX4 Unified Redist
GmoteServer
GTK+ Runtime 2.12.8 rev a (remove only)
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.0
HP Software Update
iTunes
Java Auto Updater
Java(TM) 6 Update 20
kuler
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
Napster Burn Engine
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NvMixer
OpenOffice.org 3.0
Overland
PDF Settings CS4
Photoshop Camera Raw
Photosmart 320,370,7400,8100,8400 Series
Pidgin
Pixel Bender Toolkit
Power2Go 4.0
PowerDVD
PS8100
PSPrinters06
Pure Networks Port Magic
QFolder
QuickTime
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Encoders
Steinberg Cubase LE 4
Suite Shared Configuration CS4
SUPERAntiSpyware
Syncrosoft License Control
Tom Clancy's Splinter Cell Double Agent
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoCam Suite 2.0
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Wireless G WUA-1340
WIZ1x0_105SR Configtool
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

7/2/2010 1:48:39 AM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:38 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7034] - The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).
7/2/2010 1:48:37 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/25/2010 9:38:11 PM, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 00195B7E149F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/25/2010 9:23:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/25/2010 9:23:24 PM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 00195B7E149F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

[JonTom]

Hello chrisbattista03

Thank you for the log.

It looks as though you have picked up that bad proxy again.

Please do the following:

1. Please work through the following steps
   
   
   • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
     
   • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
     
   • Copy and Paste the text in the quotebox below into the open Notepad window:
     
     

     DDS::
     uInternet Settings,ProxyServer = http=127.0.0.1:5555
     uInternet Settings,ProxyOverride = <local>
     IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

     
     
   • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
     
   • Close any open browsers.
     
   • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
   • Refering to the picture below, drag CFScript.txt into ComboFix.exe
     
     
     
     
     
     
   • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
   • Once the log is produced, re-engage your resident anti virus.
   
   
2. MBAM
   
   
   • Please run MBAM again and post the log created.
   
   
3. Security Check
   
   
   • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
   • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
   • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
   
   Please provide the ComboFix log, the MBAM log and the Security Check log in your next reply.
   
   Also, please let me know if you are experiencing any problems with your machine.

 

[chrisbattista03]

I'm sorry about the delay, i will have these 3 logs for you in the next day.

 

[JonTom]

:bigthumb:

 

[chrisbattista03]

ComboFix 10-07-07.02 - Owner 07/08/2010 21:02:59.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.660 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\chrisbatista.exe
Command switches used :: c:\documents and settings\Owner.YOUR-92C8B56D4E\Desktop\CFScript
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\jna6351437922827452541.tmp
c:\documents and settings\Owner.YOUR-92C8B56D4E\Local Settings\temp\jna6351437922827452541.tmp
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-02 05:48 . 2010-07-02 05:48 -------- d-----w- C:\_OTM
2010-06-26 01:46 . 2010-06-26 01:46 -------- d-----w- c:\program files\Common Files\Java
2010-06-26 01:46 . 2010-06-26 01:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-21 05:14 . 2010-06-21 05:14 -------- d-----w- C:\Rooter$
2010-06-19 12:15 . 2010-06-19 12:15 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com
2010-06-19 12:15 . 2010-06-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 12:14 . 2010-06-19 12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 01:57 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-13 01:57 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 01:49 . 2010-06-13 01:49 -------- d-----w- C:\53d6fe556a3c2073a1b0bc57
2010-06-12 04:00 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 03:59 . 2010-06-12 03:59 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 01:13 . 2009-10-07 04:12 -------- d-----w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Gmote
2010-06-26 01:46 . 2010-06-26 01:46 503808 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\msvcp71.dll
2010-06-26 01:46 . 2010-06-26 01:46 499712 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\jmc.dll
2010-06-26 01:46 . 2010-06-26 01:46 348160 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-473b721b-n\msvcr71.dll
2010-06-26 01:46 . 2010-06-26 01:46 61440 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2391829c-n\decora-sse.dll
2010-06-26 01:46 . 2010-06-26 01:46 12800 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2391829c-n\decora-d3d.dll
2010-06-19 12:15 . 2010-06-19 12:15 63488 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 12:15 . 2010-06-19 12:15 52224 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 12:15 . 2010-06-19 12:15 117760 ----a-w- c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-13 01:58 . 2009-04-19 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 16:05 . 2009-02-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2010-06-09 18:56 . 2010-06-01 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-01 06:58 . 2010-06-01 06:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATTTOOLBAR
2010-05-22 05:01 . 2010-05-22 05:01 -------- d-----w- c:\program files\Video Converter
2010-05-10 05:01 . 2010-05-10 05:01 -------- d-----w- c:\program files\DebugMode
2010-05-06 10:41 . 2006-07-16 04:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2006-07-16 04:22 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2006-07-16 04:19 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-12-01 09:54 . 2009-07-15 01:19 626688 ----a-w- c:\program files\Common Files\MSVCR80.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\
GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2009-10-7 451584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-92C8B56D4E^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner.YOUR-92C8B56D4E\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 14:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-07-19 07:02 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-12-09 00:57 550912 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 16:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 00:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1210028400\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 05:09 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 05:09 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 05:09 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 12:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 21:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-10-07 22:53 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 01:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 00:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 17:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1210028400\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\GmoteServer\\GmoteServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"8889:TCP"= 8889:TCP:gmote

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/15/2009 12:29 PM 14976]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/24/2009 7:03 AM 7808]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [7/5/2009 10:05 PM 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-09 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2009-09-21 05:09]

2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{E34E5590-8C9C-42F3-BC91-59BF3E840393}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-92C8B56D4E\Application Data\Mozilla\Firefox\Profiles\scmk6iki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101020100&s=.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 21:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3171649797-3824822186-616433660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,88,2d,03,2f,8a,15,1b,76,b4,15,18,ff,c0,64,ff,1a,bc,ec,cd,ed,0b,c1,
f5,bd,4f,8a,bb,3a,38,30,2e,e7,ef,17,e8,21,c4,c6,14,53,07,06,6b,4a,2a,c7,76,\
"??"=hex:1d,14,7d,cb,f4,2d,95,98,8e,a0,bb,e4,ae,71,f6,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-07-08 21:23:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-09 01:22
ComboFix2.txt 2010-06-10 16:23
ComboFix3.txt 2010-06-09 19:00
ComboFix4.txt 2010-06-03 13:33
ComboFix5.txt 2010-07-09 00:59

Pre-Run: 33,369,489,408 bytes free
Post-Run: 33,615,454,208 bytes free

- - End Of File - - 0FD244EC13DF6B1992816643F35007A6




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/9/2010 1:30:15 AM
mbam-log-2010-07-09 (01-30-15).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 324700
Time elapsed: 3 hour(s), 59 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------------------------




Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 20
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[JonTom]

Hello chrisbattista03

Thank you for the log.

You have bad proxy on board that refuses to leave. Every time we remove it, it manages to find its way back onto your system.

Is this a networked machine?

 

[chrisbattista03]

Yes. in 2 cases.

On MY home network which i was using when the infection first showed up, the wifi is WEP key and i have my desktop, laptop, PS3, satellite box, TiVo and G1 cellphone accessing the network.

my internet was shut off last week when I went AWOL on you. for the last 4 days i have been using a neighbors open wifi. I own a desktop and a laptop that connect to it.. I couldn't tell you what else is on this particular network as I don't know whose it is and I can't find any other devices connected to it.

 

[JonTom]

Hello chrisbattista03

for the last 4 days i have been using a neighbors open wifi

I couldn't tell you what else is on this particular network as I don't know whose it is and I can't find any other devices connected to it.

Not only did you have cracked/keygened files on your system, but you now freely admit to using someone elses network without knowing who it belongs to.

Since you do not know who is actually paying for this network it is my belief that you did not seek permission to use it.

Furthermore, since you connected your infected systems to this (unknown) network, the chances are very high that you have transferred your infections to the machines owned by the person who you "do not know".


For these reasons I cannot continue assisting you.

This thread is now closed.