Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

So many problems dont know where to start!

3K views 29 replies 2 participants last post by  muppy03 
#1 ·
Beware Im a beginner and am new to the site.Ok It all started after a bad storm it cut my power off an on a couple times one of the times my computer was shut down i unplugged the power cord to my computer cause every time the power would come back on my computer would automatically turn on. Power was shut down for 3 hours. Once power was restored i plugged the computer back in after loading i discovered my USBs dont work. None of them.

Searching for a solution i somehow downladed a bunch of viruses that are seriously messing with me. Ok so computer is not slowed or crashing it froze up once after i got the virus but is running pretty normally but with a bunch of added annoyences.

I occasionally get redirected when searching in google.. Hearing a radio show or AD coming from the computer but i would have no programs running and internet off I dont think it is a radio signal ive had the same speakers an theyve never picked it up before an i have not moved.. I tried to install the programs you suggested but it would not run the installer after installation.. I use AVG and spybot.. Spybot will not open an is showing me the same registry entry:

8/22/2009 3:21:02 PM Denied (based on user decision) value "Windows System Recover!" (new data: "C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\notepad.exe")
8/22/2009 2:57:12 PM Denied (based on user decision) value "Windows System Recover!" (new data: "C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\debug.exe")
8/22/2009 2:57:01 PM Denied (based on user blacklist) value "Windows System Recover!" (new data: "C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\winamp.exe")
8/22/2009 2:53:48 PM Denied (based on user decision) value "Windows System Recover!" (new data: "C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\setup.exe")
8/22/2009 2:27:00 PM Denied (based on user blacklist) value "Windows System Recover!" (new data: "C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\spoolsv.exe")
it is running in my task bar but i can't open the main menu..I have not tried to uninstall im afraid what it might do..

AVG shows this list:

"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\smss.exe";"Trojan horse SHeur2.AVZS";"Reboot is required to finish the action"
"C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\smss.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\smss.exe (3208)";"Trojan horse SHeur2.AVZS";"Reboot is required to finish the action"
"C:\Documents and Settings\Main User\Local Settings\Temp\279111346.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\firefox.exe (3576)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1052)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1252)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1396)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1680)";"Virus found Win32/Cryptor";""
"C:\Documents and Settings\Main User\Local Settings\Temp\4143246546.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\csrss.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\install.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\mdm.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\setup.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\smss.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\spoolsv.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\svchost.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (848)";"Virus found Win32/Cryptor";""
"C:\Documents and Settings\Main User\Local Settings\Temp\taskmgr.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\winamp.exe";"Trojan horse SHeur2.AVZS";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\7M6QLPKY\155[1].net";"Trojan horse Generic14.NAR";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\7M6QLPKY\155[1].net:\$IB\WWShow\WWShow.dll";"Trojan horse Generic14.NAR";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\7M6QLPKY\163[1].net";"Trojan horse SHeur2.YOU";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\AR79PI3Q\zftxxb[1].htm";"Trojan horse Downloader.Zlob.AOGP";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\I897WLVR\152[1].net";"Trojan horse BHO.JID.dropper";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\I897WLVR\156[1].net";"Trojan horse Generic13.BNKD";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\I897WLVR\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e";"Trojan horse Downloader.Small.FMT";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (956)";"Virus found Win32/Cryptor";""

Seven were not removed or healed.. I ran AVG in safe mode an tried to start spybot from there but that didnt work either..

Not sure what all inofrmation you need since i cnt do a hijacker scan but heres what i know how to find..
Windows XP home Edition 2002
Service pack 3
Intel(R) Pentium(R) 4 CPU 3.00GHz 2.99GHz, 2.00GB of Ram

Any other information needed ill be more than eager to get i just might need step by step instructions on how to get it. Thanks for your attention
 
See less See more
#2 ·
24 Hour Update

AVG scan Log in safe mode:
AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.387
Virus Database: Version 270.13.64/2319 2009-08-22 (last night)

\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\svchost.exe (580) Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\debug.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
HKU\S-1-5-21-1060284298-1767777339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Recover! Found registry key with reference to infected file C:\DOCUME~1\MAINUS~1\LOCALS~1\Temp\debug.exe Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A4D95BB0-8F62-11DE-A6A0-F8C3A8D84B62}.dat Locked file. Not tested.
C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4D95BB1-8F62-11DE-A6A0-F8C3A8D84B62}.dat Locked file. Not tested.
C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Main User\Local Settings\Temp\1126357028.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Temp\notepad.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Temp\setup.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Temp\smss.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Temp\spoolsv.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\Local Settings\Temp\winamp.exe Trojan horse SHeur2.AVZS Object was moved to Virus Vault.
C:\Documents and Settings\Main User\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Main User\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 165494
Found infections : 9
Found PUPs : 0
Healed infections : 9
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

AVG scan log this morning in normal mode:

"Scan ""Scheduled scan"" was finished."
"Infections";"35";"29";"6"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Sunday, August 23, 2009, 12:00:00 PM"
"Scan finished:";"Sunday, August 23, 2009, 1:35:50 PM (1 hour(s) 35 minute(s) 49 second(s))"
"Total object scanned:";"371491"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACtjiydsdumt.dll";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\~.exe";"Trojan horse SHeur2.AYNK";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\csrss.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\Cache\507B7DC4d01";"Trojan horse Generic14.AASM";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (1064)";"Virus found Win32/Cryptor";""
"C:\Documents and Settings\Main User\Local Settings\Temp\1699529294.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (1248)";"Virus found Win32/Cryptor";""
"C:\Documents and Settings\Main User\Local Settings\Temp\185405032.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\2005942836.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\508232094.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (1456)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1688)";"Virus found Win32/Cryptor";""
"C:\Documents and Settings\Main User\Local Settings\Temp\debug.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\install.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\login.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\mdm.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\notepad.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\setup.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\spoolsv.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\svchost.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\system.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\win.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\winamp.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temp\winlogon.exe";"Trojan horse SHeur2.AYMO";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Local Settings\Temporary Internet Files\Content.IE5\1EVQCTH7\Install[1].exe";"Trojan horse Generic14.ABIJ";"Moved to Virus Vault"
"C:\WINDOWS\cru629.dat";"Virus found Small";"Moved to Virus Vault"
"C:\WINDOWS\system32\cru629.dat";"Virus found Small";"Moved to Virus Vault"
"C:\WINDOWS\system32\svchost.exe (856)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (968)";"Virus found Win32/Cryptor";""
"C:\WINDOWS\system32\wisdstr.exe";"Trojan horse Generic14.ABIJ";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite";"Found ";"Healed"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.44f92a69";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.557c9f74";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.71beeff9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.775ee79c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\adbrite.com.e1f04284";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\admarketplace.net.61a250a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\overture.com.8e32a996";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\perf.overture.com.610ef18d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\pro-market.net.266912e2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\realmedia.com.a2b49f1a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\pro-market.net.679dd108";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\pro-market.net.b51604f4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\realmedia.com.9514c147";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\realmedia.com.bf4a1fa7";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\realmedia.com.ef906bac";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\revsci.net.2df99d79";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\revsci.net.44927ec";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\revsci.net.55564293";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\smartadserver.com.c5827141";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.400f83f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tacoda.net.27341d57";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tacoda.net.4366831a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tacoda.net.5935e89";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tacoda.net.ed9c50d1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.5eef93d0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.7610f0e0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.8b22ad8c";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.9bc3e98f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\tribalfusion.com.ff8546b9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\cookies.sqlite:\yadro.ru.c77afad5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@247realmedia[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@247realmedia[1].txt:\247realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@advertising[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@advertising[2].txt:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@advertising[2].txt:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@advertising[2].txt:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@atdmt[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@atdmt[1].txt:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@bs.serving-sys[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.1773afc";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.2d37ad26";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.350339d4";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.8c65eddd";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@fastclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@fastclick[1].txt:\fastclick.net.57e8da10";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@fastclick[1].txt:\fastclick.net.6fd479aa";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@fastclick[1].txt:\fastclick.net.8a6435e9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@fastclick[1].txt:\fastclick.net.fac3d6f0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@questionmarket[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.400f83f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@yieldmanager[1].txt:\yieldmanager.com.d120a313";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.27f1639b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.14a38114";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.a5b6a132";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.c1dd09f2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.cef1c7af";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.dd15d628";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Main User\Cookies\main_user@zedo[1].txt:\zedo.com.f1d14556";"Found ";"Moved to Virus Vault"

AVG Alert at 4:30 8/23


Accessed file is infected

File name: antivirus-scannerv16.com/1/?sess=%3D2QwwjTxMSOyJmlwPTcxLjEMy4xNjAuMjM2JnRpbWU9MTI1ODAwOU0MaQ%3DN

Threat name:Exploit Rogue spyware scanner (type 805)

Process name; C:\Program Files\Internet Explorer\iexplore.exe
Process ID: 3432

Spybot Alert
8/23/2009 1:58:35 PM Encountered and terminated Fraud.AntiMalwares in C:\WINDOWS\system32\braviax.exe!

New changes(computer behaviour):
Constant pop ups even without having any programs running.
In AVG my email scanner which was active before is now not active
Froze up round 5:30pm
Got a RUNDLL it said:
Error loading C:\Program Files\Common Files\Paretologic\UUS2\UUS.dll
The specified module could not be found
 
#4 ·
Ok 1st this is my 2nd attempt to post hope it doesnt freeze up.. Sorry to be a pest but my computer has gotton pretty bad.. All the problems are creating pop ups.. Constantly so that its really hard not to freeze up.. The USB device unknown error pop up even though their are no USB devices plugged in.. The Backround sound Ads are alot more frequent they sound like podcasts or a radio show some kindve Ad.. Im pretty sure some bad software was downloaded but i went through everything and unistalled alot of programs along with anything else that looked fishy.. Im gettin at least one blue screen a day but got 3 just today.. froze up 5 times on me now.. Internet explorer is so slow its unusable.. Firefox is not sending me to some pages.. Spybot will stil not open and hijackthis still wil not istall after trying to rename the .exe file..
Good news is from reading other post in here i was able to instal and run Malwarebytes an it seems like it helps but that its not fixing the problem.. Im thinking of reinstalling my OS but havent cause i read it could just reinfected your computer anyway plus im not 100% sure how to do that.. Ive searched everything everywhere trying to fix it on my own but with no real perminate success.. Should i take it to a technician? im clueless at this point.. please anyone that can help
 
#5 ·
Hello and welcome to TSG

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop When saving rename to Combo-fix include the hyphen.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See if Hijackthis will run after you have run Combofix and post the log it produces along with and ininstall list.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please reply with:-
  • Combofix log
  • New HJT log
  • Uninstall list
 
#6 ·
Combofix did help me with hijack this so i am able to give all the info you needed..

Combofix Log:
ComboFix 09-08-28.05 - Main User 08/29/2009 9:03.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT -4:00]
Running from: c:\documents and settings\Main User\Desktop\Combo-fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MAINUS~1\APPLIC~1\inst.exe
c:\documents and settings\Main User\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Main User\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\nvorec.dll
c:\windows\system32\drivers\UACsvtioytpoa.sys
c:\windows\system32\resdll.dll
c:\windows\system32\UACfdcnddxcbi.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACowoojruetb.dll
c:\windows\system32\UACtjiydsdumt.dll
c:\windows\system32\UACtwdmelmdnx.dat
c:\windows\system32\UACynbforkcvn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-28 21:26 . 2009-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-28 21:24 . 2009-08-28 21:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-28 21:24 . 2009-08-28 21:24 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-28 21:24 . 2009-08-28 21:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-26 22:01 . 2009-08-26 22:02 -------- d-----w- c:\program files\LimeWire
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\iPod
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\iTunes
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Malwarebytes
2009-08-24 21:23 . 2009-08-24 21:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-24 20:53 . 2009-08-24 20:53 49048 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 19:12 . 2009-08-24 19:12 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:08 . 2009-08-25 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:08 . 2009-08-24 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 19:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 02:26 . 2009-08-25 03:20 120 ----a-w- c:\windows\Sfimisukinasul.dat
2009-08-24 02:15 . 2009-08-24 02:15 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}
2009-08-23 20:03 . 2009-08-23 20:03 27188 ---ha-w- c:\windows\system32\wildday.exe
2009-08-22 21:36 . 2009-08-24 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 04:45 . 2009-08-22 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-22 04:45 . 2009-08-22 04:48 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Uniblue
2009-08-22 02:17 . 2009-08-22 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-22 01:03 . 2009-08-22 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-08-21 23:03 . 2009-08-21 23:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 21:56 . 2009-08-21 21:56 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\DriverCure
2009-08-21 21:55 . 2009-08-21 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-08-21 21:55 . 2009-08-21 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-21 21:52 . 2009-08-21 21:52 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Blitware
2009-08-21 21:41 . 2009-08-21 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-21 15:27 . 2009-08-21 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia
2009-08-21 15:27 . 2009-08-21 15:27 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Ludia
2009-08-21 15:11 . 2009-08-21 15:11 -------- d-----w- c:\program files\Ubisoft
2009-08-21 05:24 . 2009-08-21 05:24 -------- d-----w- c:\program files\Hasbro
2009-08-21 03:04 . 2009-08-21 03:04 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\SupportSoft
2009-08-21 03:04 . 2009-08-21 03:04 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-20 08:25 . 2009-08-21 05:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 08:24 . 2009-08-20 08:24 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\SpinTop
2009-08-15 21:55 . 2009-08-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-14 07:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\program files\Datel
2009-08-13 21:58 . 2001-05-07 10:56 19805 ----a-r- c:\windows\system32\drivers\usbio.sys
2009-08-13 07:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 01:03 . 2009-08-13 01:03 -------- d-----w- c:\windows\Sun
2009-08-11 19:53 . 2009-08-11 19:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-11 19:53 . 2009-08-25 22:06 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Vso
2009-08-11 19:53 . 2007-03-19 00:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-11 19:53 . 2006-09-29 16:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-11 19:53 . 2006-09-29 16:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-11 19:53 . 2006-09-29 16:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-11 19:53 . 2002-12-10 06:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-11 19:53 . 2006-05-20 20:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-11 19:53 . 2006-05-11 23:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-11 19:53 . 2009-08-11 19:53 -------- d-----w- c:\program files\VSO
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 10:54 . 2009-07-19 01:12 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\IMVU
2009-08-29 10:28 . 2009-07-25 03:05 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\BitTorrent
2009-08-29 10:19 . 2009-07-19 17:33 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\gtk-2.0
2009-08-28 22:14 . 2009-07-16 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-28 17:48 . 2009-07-19 05:16 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\vlc
2009-08-28 14:28 . 2009-07-19 04:46 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-28 02:08 . 2009-07-19 01:07 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\IMVUClient
2009-08-26 22:15 . 2009-07-21 17:23 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\LimeWire
2009-08-25 20:38 . 2009-07-19 00:31 -------- d-----w- c:\program files\Canon
2009-08-24 21:03 . 2009-07-16 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-18 00:34 . 2009-07-19 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-08-15 20:32 . 2009-07-19 04:46 49048 ----a-w- c:\documents and settings\Main User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 19:53 . 2009-08-11 19:53 47360 ----a-w- c:\docume~1\MAINUS~1\APPLIC~1\pcouffin.sys
2009-08-10 20:58 . 2009-07-25 20:13 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-10 20:58 . 2009-07-25 20:13 -------- d-----w- c:\program files\Roxio
2009-08-10 20:57 . 2009-07-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-05 09:01 . 2004-08-12 14:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 18:54 . 2009-07-22 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-26 07:00 . 2009-07-26 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-07-25 22:08 . 2009-07-16 01:47 -------- d-----w- c:\program files\Ahead
2009-07-25 21:09 . 2009-07-25 21:05 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Roxio
2009-07-25 21:05 . 2009-07-25 21:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-07-25 20:16 . 2009-07-25 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-25 20:16 . 2009-07-25 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-07-25 20:16 . 2009-07-18 23:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-25 20:13 . 2009-07-16 00:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-22 18:38 . 2009-07-22 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-22 18:37 . 2009-07-22 18:36 -------- d-----w- c:\program files\Yahoo!
2009-07-22 18:37 . 2009-07-22 18:37 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Yahoo!
2009-07-21 18:20 . 2009-07-21 18:20 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Apple Computer
2009-07-21 18:20 . 2009-07-21 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 18:19 . 2009-07-21 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-21 18:19 . 2009-07-21 18:19 -------- d-----w- c:\program files\Bonjour
2009-07-21 18:19 . 2009-07-21 18:18 -------- d-----w- c:\program files\QuickTime
2009-07-21 18:18 . 2009-07-21 18:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-21 18:17 . 2009-07-21 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 22:47 . 2009-07-20 22:46 -------- d-----w- c:\program files\Super Mario World
2009-07-20 16:45 . 2009-07-18 23:00 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Ahead
2009-07-20 09:19 . 2009-07-20 09:19 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Windows Search
2009-07-19 21:54 . 2009-07-19 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-19 18:35 . 2009-07-19 18:35 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\IMVU Previewer
2009-07-19 05:15 . 2009-07-19 05:15 -------- d-----w- c:\program files\VideoLAN
2009-07-19 04:56 . 2009-07-19 04:56 -------- d-----w- c:\program files\Gimp-2.0
2009-07-19 04:37 . 2009-07-19 04:37 -------- d-----w- c:\program files\ImvuTools2
2009-07-19 00:29 . 2009-07-19 00:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-07-18 23:35 . 2009-07-18 23:35 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2009-07-18 22:23 . 2009-07-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-18 03:05 . 2009-07-18 03:05 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\OpenOffice.org
2009-07-18 02:56 . 2009-07-16 01:57 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:01 . 2004-08-12 13:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 02:07 . 2009-07-16 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 01:59 . 2009-07-16 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-16 01:57 . 2009-07-16 01:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-16 01:57 . 2009-07-16 01:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-16 01:57 . 2009-07-16 01:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-16 01:57 . 2009-07-16 01:57 -------- d-----w- c:\program files\AVG
2009-07-16 01:48 . 2009-07-16 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-16 01:48 . 2009-07-16 01:48 -------- d-----w- c:\program files\Common Files\Nero
2009-07-16 01:47 . 2009-07-16 01:47 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-16 01:46 . 2009-07-16 01:46 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\CyberLink
2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\program files\CyberLink
2009-07-16 01:45 . 2009-07-16 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 01:41 . 2009-07-16 01:41 -------- d-----w- c:\program files\JRE
2009-07-16 01:41 . 2009-07-16 01:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-16 01:41 . 2009-07-16 01:38 -------- d-----w- c:\program files\Java
2009-07-16 01:38 . 2009-07-16 01:38 0 ----a-w- c:\windows\nsreg.dat
2009-07-16 01:38 . 2009-07-16 01:38 -------- d-----w- c:\program files\Common Files\Java
2009-07-16 01:37 . 2009-07-16 01:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-16 01:31 . 2009-07-16 01:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 01:24 . 2009-07-16 01:24 -------- d-----w- c:\program files\MSBuild
2009-07-16 01:24 . 2009-07-16 01:24 -------- d-----w- c:\program files\Reference Assemblies
2009-07-16 01:22 . 2009-07-16 01:22 -------- d-----w- c:\docume~1\MAINUS~1\APPLIC~1\Windows Desktop Search
2009-07-16 01:21 . 2009-07-16 01:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 00:57 . 2009-07-16 00:27 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-16 00:39 . 2009-07-16 00:39 -------- d-----w- c:\program files\Broadcom
2009-07-16 00:38 . 2009-07-16 00:38 -------- d-----w- c:\program files\CONEXANT
2009-07-16 00:36 . 2009-07-16 00:36 -------- d-----w- c:\program files\Analog Devices
2009-07-16 00:28 . 2009-07-16 00:28 -------- d-----w- c:\program files\microsoft frontpage
2009-07-16 00:25 . 2009-07-16 00:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-14 03:43 . 2004-08-12 14:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-03 17:09 . 2004-08-12 14:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-12 14:08 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-12 14:04 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-12 14:04 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-12 13:59 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-12 13:58 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-12 13:57 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 20:07 . 2009-07-16 02:01 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 12:31 . 2004-08-12 14:07 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-12 13:55 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-07-16 00:24 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-12 14:09 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-12 14:03 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-16 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-16 01:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Main User\\Desktop\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\IMVUClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 9:57 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/15/2009 9:57 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/15/2009 9:57 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 9:57 PM 298776]
S2 assert update;assert update;c:\windows\system32\wildday.exe [8/23/2009 4:03 PM 27188]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\docume~1\MAINUS~1\APPLIC~1\Mozilla\Firefox\Profiles\7wucojqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.imvu.com/catalog/web_mypage.php?user=35573861
FF - HiddenExtension: XUL Cache: {8D21BD41-08CC-40F4-9328-48574E97D92A} - c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-29 9:09
ComboFix-quarantined-files.txt 2009-08-29 13:09

Pre-Run: 186,590,842,880 bytes free
Post-Run: 186,772,926,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

290 --- E O F --- 2009-08-26 21:49

Combofix uninstall list
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bonjour
Broadcom Gigabit Integrated Controller
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 3.3.4.106e
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Gimp 2.6.2 Debug
Hell's Kitchen 1.1.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
LimeWire 5.1.4
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Monopoly Here & Now Edition
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
NVIDIA Drivers
OpenOffice.org 3.0
PIXMA Extended Survey Program
PowerDVD
QuickTime
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spybot - Search & Destroy
Super Mario World
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.0.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

 
#7 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:42 AM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wupdmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247705005069
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: assert update - Unknown owner - C:\WINDOWS\system32\wildday.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6886 bytes
 
#9 ·
I enabled my antivirus right after completing all this forgetting AVG is scheduled to run a scan every day at 12pm.. So now AVG has run a scan.. is this a bad thing?
That’s ok.

P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
Limewire


References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

If you wish to keep them, please do not use them until your computer is cleaned.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
    c:\windows\Sfimisukinasul.dat
    
    Folder::
    c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}
    
    Collect::
    c:\windows\system32\wildday.exe
    
    Firefox::
    FF - HiddenExtension: XUL Cache: {8D21BD41-08CC-40F4-9328-48574E97D92A} - c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
 
#10 ·
I wasnt completely sure how to disable spybot.. I just exited out of it on my taskbar.. Heres the log..

ComboFix 09-08-30.01 - Main User 08/30/2009 15:13.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1253 [GMT -4:00]
Running from: c:\documents and settings\Main User\Desktop\Combo-fix.exe
Command switches used :: c:\documents and settings\Main User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Sfimisukinasul.dat"

file zipped: c:\windows\system32\wildday.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}
c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}\chrome.manifest
c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}\chrome\content\_cfg.js
c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}\chrome\content\overlay.xul
c:\documents and settings\Main User\Local Settings\Application Data\{8D21BD41-08CC-40F4-9328-48574E97D92A}\install.rdf
c:\windows\Sfimisukinasul.dat
c:\windows\system32\wildday.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_assert_update
-------\Service_assert update

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-28 21:27 . 2009-08-28 21:27 117760 ----a-w- c:\documents and settings\Main User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-28 21:26 . 2009-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-28 21:24 . 2009-08-28 21:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-28 21:24 . 2009-08-28 21:24 -------- d-----w- c:\documents and settings\Main User\Application Data\SUPERAntiSpyware.com
2009-08-28 21:24 . 2009-08-28 21:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-27 19:26 . 2009-08-27 19:26 92192 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\IMVUupdater.exe
2009-08-27 19:26 . 2009-08-27 19:26 52992 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\IMVUClient.exe
2009-08-27 19:26 . 2009-08-27 19:26 22272 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\imvuqualityagent.exe
2009-08-27 19:24 . 2009-08-27 19:24 12288 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2009-08-27 19:24 . 2009-08-27 19:24 1248768 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\SceneWindow.dll
2009-08-27 19:24 . 2009-08-27 19:24 15872 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\MemoryHook.dll
2009-08-27 19:23 . 2009-08-27 19:23 296960 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\cal3d.dll
2009-08-27 19:23 . 2009-08-27 19:23 190976 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\boost_python.dll
2009-08-27 19:23 . 2009-08-27 19:23 30720 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\CallStack.dll
2009-08-27 19:23 . 2009-08-27 19:23 257536 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\audiere.dll
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\iPod
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\iTunes
2009-08-25 21:31 . 2009-08-25 21:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 03:43 . 2009-08-25 03:43 -------- d-----w- c:\documents and settings\Main User\Application Data\Malwarebytes
2009-08-24 21:23 . 2009-08-24 21:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-24 20:53 . 2009-08-24 20:53 49048 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 19:12 . 2009-08-24 19:12 -------- d-----w- c:\program files\Trend Micro
2009-08-24 19:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 19:08 . 2009-08-25 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 19:08 . 2009-08-24 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 19:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 21:36 . 2009-08-24 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 04:45 . 2009-08-22 04:48 -------- d-----w- c:\documents and settings\Main User\Application Data\Uniblue
2009-08-22 04:45 . 2009-08-22 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-08-22 02:17 . 2009-08-22 02:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-22 01:03 . 2009-08-22 01:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-08-21 23:03 . 2009-08-21 23:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 21:56 . 2009-08-21 21:56 -------- d-----w- c:\documents and settings\Main User\Application Data\DriverCure
2009-08-21 21:55 . 2009-08-21 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-08-21 21:55 . 2009-08-21 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-21 21:52 . 2009-08-21 21:52 -------- d-----w- c:\documents and settings\Main User\Application Data\Blitware
2009-08-21 21:41 . 2009-08-21 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-21 15:27 . 2009-08-21 15:27 -------- d-----w- c:\documents and settings\Main User\Application Data\Ludia
2009-08-21 15:27 . 2009-08-21 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia
2009-08-21 15:11 . 2009-08-21 15:11 -------- d-----w- c:\program files\Ubisoft
2009-08-21 05:24 . 2009-08-21 05:24 -------- d-----w- c:\program files\Hasbro
2009-08-21 03:04 . 2009-08-21 03:04 -------- d-----w- c:\documents and settings\Main User\Local Settings\Application Data\SupportSoft
2009-08-21 03:04 . 2009-08-21 03:04 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-20 08:25 . 2009-08-21 05:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-20 08:24 . 2009-08-20 08:24 -------- d-----w- c:\documents and settings\Main User\Application Data\SpinTop
2009-08-15 21:55 . 2009-08-15 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-14 07:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\program files\Datel
2009-08-13 21:58 . 2001-05-07 10:56 19805 ----a-r- c:\windows\system32\drivers\usbio.sys
2009-08-13 07:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 01:03 . 2009-08-13 01:03 -------- d-----w- c:\windows\Sun
2009-08-11 19:53 . 2009-08-11 19:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-11 19:53 . 2009-08-11 19:53 47360 ----a-w- c:\documents and settings\Main User\Application Data\pcouffin.sys
2009-08-11 19:53 . 2009-08-25 22:06 -------- d-----w- c:\documents and settings\Main User\Application Data\Vso
2009-08-11 19:53 . 2007-03-19 00:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-08-11 19:53 . 2006-09-29 16:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-08-11 19:53 . 2006-09-29 16:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-08-11 19:53 . 2006-09-29 16:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-08-11 19:53 . 2002-12-10 06:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-08-11 19:53 . 2006-05-20 20:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-08-11 19:53 . 2006-05-11 23:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-08-11 19:53 . 2009-08-11 19:53 -------- d-----w- c:\program files\VSO
2009-08-06 17:45 . 2009-08-06 17:45 49664 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\w9xpopen.exe
2009-08-06 17:45 . 2009-08-06 17:45 353280 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\pythoncom26.dll
2009-08-06 17:45 . 2009-08-06 17:45 2251264 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\python26.dll
2009-08-06 17:45 . 2009-08-06 17:45 110080 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\pywintypes26.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 18:03 . 2009-07-19 05:16 -------- d-----w- c:\documents and settings\Main User\Application Data\vlc
2009-08-30 07:47 . 2009-07-19 01:12 -------- d-----w- c:\documents and settings\Main User\Application Data\IMVU
2009-08-30 04:58 . 2009-07-19 17:33 -------- d-----w- c:\documents and settings\Main User\Application Data\gtk-2.0
2009-08-29 19:27 . 2009-07-19 04:46 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-29 13:40 . 2009-07-16 01:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 13:40 . 2009-07-16 01:57 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 13:40 . 2009-07-16 01:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 22:14 . 2009-07-16 02:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-28 02:08 . 2009-07-19 01:11 82017 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\Uninstall.exe
2009-08-28 02:08 . 2009-07-19 01:07 -------- d-----w- c:\documents and settings\Main User\Application Data\IMVUClient
2009-08-28 02:08 . 2009-07-28 22:58 17729736 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-08-26 22:15 . 2009-07-21 17:23 -------- d-----w- c:\documents and settings\Main User\Application Data\LimeWire
2009-08-25 20:38 . 2009-07-19 00:31 -------- d-----w- c:\program files\Canon
2009-08-24 21:03 . 2009-07-16 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-18 00:34 . 2009-07-19 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-08-15 20:32 . 2009-07-19 04:46 49048 ----a-w- c:\documents and settings\Main User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 20:58 . 2009-07-25 20:13 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-10 20:58 . 2009-07-25 20:13 -------- d-----w- c:\program files\Roxio
2009-08-10 20:57 . 2009-07-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-05 09:01 . 2004-08-12 14:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 18:54 . 2009-07-22 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-26 07:00 . 2009-07-26 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-07-25 22:08 . 2009-07-16 01:47 -------- d-----w- c:\program files\Ahead
2009-07-25 21:09 . 2009-07-25 21:05 -------- d-----w- c:\documents and settings\Main User\Application Data\Roxio
2009-07-25 21:05 . 2009-07-25 21:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-07-25 20:16 . 2009-07-25 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-25 20:16 . 2009-07-25 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-07-25 20:16 . 2009-07-18 23:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-25 20:13 . 2009-07-16 00:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-22 18:38 . 2009-07-22 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-22 18:37 . 2009-07-22 18:36 -------- d-----w- c:\program files\Yahoo!
2009-07-22 18:37 . 2009-07-22 18:37 -------- d-----w- c:\documents and settings\Main User\Application Data\Yahoo!
2009-07-21 18:20 . 2009-07-21 18:20 -------- d-----w- c:\documents and settings\Main User\Application Data\Apple Computer
2009-07-21 18:20 . 2009-07-21 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 18:19 . 2009-07-21 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-21 18:19 . 2009-07-21 18:19 -------- d-----w- c:\program files\Bonjour
2009-07-21 18:19 . 2009-07-21 18:18 -------- d-----w- c:\program files\QuickTime
2009-07-21 18:18 . 2009-07-21 18:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-21 18:17 . 2009-07-21 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 22:47 . 2009-07-20 22:46 -------- d-----w- c:\program files\Super Mario World
2009-07-20 16:45 . 2009-07-18 23:00 -------- d-----w- c:\documents and settings\Main User\Application Data\Ahead
2009-07-20 09:19 . 2009-07-20 09:19 -------- d-----w- c:\documents and settings\Main User\Application Data\Windows Search
2009-07-19 21:54 . 2009-07-19 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-19 18:35 . 2009-07-19 18:35 -------- d-----w- c:\documents and settings\Main User\Application Data\IMVU Previewer
2009-07-19 18:34 . 2009-07-19 18:33 15890416 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-07-19 05:15 . 2009-07-19 05:15 -------- d-----w- c:\program files\VideoLAN
2009-07-19 04:56 . 2009-07-19 04:56 -------- d-----w- c:\program files\Gimp-2.0
2009-07-19 04:37 . 2009-07-19 04:37 -------- d-----w- c:\program files\ImvuTools2
2009-07-19 00:29 . 2009-07-19 00:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-07-18 23:35 . 2009-07-18 23:35 -------- d-----w- c:\program files\Memorex exPressit Label Design Studio
2009-07-18 22:23 . 2009-07-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-18 03:05 . 2009-07-18 03:05 -------- d-----w- c:\documents and settings\Main User\Application Data\OpenOffice.org
2009-07-17 19:01 . 2004-08-12 13:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 02:07 . 2009-07-16 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 01:59 . 2009-07-16 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-16 01:57 . 2009-07-16 01:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-16 01:57 . 2009-07-16 01:57 -------- d-----w- c:\program files\AVG
2009-07-16 01:48 . 2009-07-16 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-07-16 01:48 . 2009-07-16 01:48 -------- d-----w- c:\program files\Common Files\Nero
2009-07-16 01:47 . 2009-07-16 01:47 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-16 01:46 . 2009-07-16 01:46 -------- d-----w- c:\documents and settings\Main User\Application Data\CyberLink
2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\program files\CyberLink
2009-07-16 01:45 . 2009-07-16 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 01:41 . 2009-07-16 01:41 -------- d-----w- c:\program files\JRE
2009-07-16 01:41 . 2009-07-16 01:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-16 01:41 . 2009-07-16 01:38 -------- d-----w- c:\program files\Java
2009-07-16 01:38 . 2009-07-16 01:38 0 ----a-w- c:\windows\nsreg.dat
2009-07-16 01:38 . 2009-07-16 01:38 -------- d-----w- c:\program files\Common Files\Java
2009-07-16 01:37 . 2009-07-16 01:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-16 01:31 . 2009-07-16 01:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 01:24 . 2009-07-16 01:24 -------- d-----w- c:\program files\MSBuild
2009-07-16 01:24 . 2009-07-16 01:24 -------- d-----w- c:\program files\Reference Assemblies
2009-07-16 01:22 . 2009-07-16 01:22 -------- d-----w- c:\documents and settings\Main User\Application Data\Windows Desktop Search
2009-07-16 01:21 . 2009-07-16 01:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-16 00:57 . 2009-07-16 00:27 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-16 00:39 . 2009-07-16 00:39 -------- d-----w- c:\program files\Broadcom
2009-07-16 00:38 . 2009-07-16 00:38 -------- d-----w- c:\program files\CONEXANT
2009-07-16 00:36 . 2009-07-16 00:36 -------- d-----w- c:\program files\Analog Devices
2009-07-16 00:28 . 2009-07-16 00:28 -------- d-----w- c:\program files\microsoft frontpage
2009-07-16 00:25 . 2009-07-16 00:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-14 03:43 . 2004-08-12 14:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-03 17:09 . 2004-08-12 14:09 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-12 14:08 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-12 14:04 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-12 14:04 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-12 13:59 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-12 13:58 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-12 13:57 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 20:07 . 2009-07-16 02:01 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 12:31 . 2004-08-12 14:07 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 23:13 . 2009-06-11 23:13 3771296 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 14:13 . 2004-08-12 13:55 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-07-16 00:24 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-12 14:09 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Main User\Application Data\IMVUClient\MSVCR71.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-29_13.07.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 16:17 . 2009-08-30 16:17 16384 c:\windows\temp\Perflib_Perfdata_ec4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 13:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Main User\\Application Data\\IMVUClient\\IMVUClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 9:57 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/15/2009 9:57 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/15/2009 9:57 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/15/2009 9:57 PM 297752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\7wucojqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.imvu.com/catalog/web_mypage.php?user=35573861

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 15:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2284)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\system32\searchindexer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-08-30 15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 19:22
ComboFix2.txt 2009-08-29 13:09

Pre-Run: 186,753,523,712 bytes free
Post-Run: 186,633,216,000 bytes free

331 --- E O F --- 2009-08-26 21:49
 
#11 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:41 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247705005069
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7139 bytes
 
#12 ·
How is the computer running now?

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present


  • R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Once selected close all windows except HJT an click on Fix Checked

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report
  • New HJT log
  • update on how things are running
 
#13 ·
After doin the steps in your earlier post today i noticed a new internet explorer icon on my desktop..

The computer is running pretty good now.. i went around to different search engines typing in random questions actually trying to get redirected but they are all fixed.. Havent heard any of the backround ADs all day.. Havent gotten a blue screen all day.. i am however still getting like frozen moments, itll freeze up for a minute or two but come back.. im pretty sure this is related to the USB problem cause sometimes after the freeze the USB error bubble will pop up on the taskbar.. Spybot opens normally again.. But only have "File Shredder", "Tutorial", "Uninstall Spybot S&D" and "Update Spybot S&D".. shouldnt i have others in there?
 
#14 ·
The Kaspersky online scan report box was empty.. After it finished the scan I clicked the bottom 2nd option "View Report".. Nothing there..

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:12 AM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247705005069
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7222 bytes
 
#15 ·
Did you notice if Kaspersky had found anything? Do you mean empty as nothing was found?

As for the USB error, you might be able to find help in the general XP forum.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please reply with:-
  • MBAM log
  • New HJT log
 
#16 ·
Yes After I ran the scan and went to view report there was no writing at all in the box.. No files listed no information from the scan listed.. nothing in the box it was completely blank.. Im hoping i didnt do something wrong cause the scan took a long time.. Also after doing the directions last night i noticed it is taking a little longer for my computer to reboot and it goes to I guess a troubleshoot screen where i can pick an option or jus let it sit an it will run windows XP by itself.. Sorry I dont know what that screen is called but it comes up after the dell loading screen and before the windows XP loading screen..

Also I did the TFC cleaner just now and when it went to reboot the computer wouldnt shut down own its own I let it sit for a little over a half hour to see if it would do it on its own.. but it didnt an i had to press the power button to shut it down.. it rebooted the same way i mentioned before.. Is it still safe to go on? I havent done the malwarebytes scan yet thinking it might make me reboot again..
 
#17 ·
I guess ignore the thing in my before post about shutting down.. I manually restarted when i got home an it shut down fine but do still have that troubleshoot screen..

Ran Malwarebytes.. Im excited :) think im getting the "ALL CLEAN"

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/31/2009 11:16:47 PM
mbam-log-2009-08-31 (23-16-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134679
Time elapsed: 27 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:36 PM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Main User\Application Data\IMVUClient\imvuqualityagent.exe
C:\Documents and Settings\Main User\Application Data\IMVUClient\IMVUClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247705005069
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7488 bytes
 
#19 ·
I really apologise for leaving you in the lurch. Unfortunately it was unavoidable on my end. I am trying to catch up now.

Quick update..
Avg for the past 3 days has showed no infections but today 3 of them reappeared.. I have no clue as to what caused it to come back..
What has come back?

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

*********************************
Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present


  • R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file)

Once selected close all windows except HJT an click on Fix Checked

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • RSIT logs ( info.txt and log.txt)
  • Update of how things are running
 
#20 ·
Quite alright.. Hope all is well now.. Glad your back

AVG LOG YESTERDAY:

"C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACsvtioytpoa_.sys.zip";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACsvtioytpoa_.sys.zip:\UACsvtioytpoa.sys";"Virus found Win32/Cryptor";"Moved to Virus Vault"
"C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACsvtioytpoa.sys.vir";"Virus found Win32/Cryptor";"Moved to Virus Vault"

AVG TODAY:

"C:\Qoobox\Quarantine\C\WINDOWS\system32\resdll.dll.vir";"Trojan horse Generic14.AKJA";"Moved to Virus Vault"

AVG is Scheduled to run everyday.. before yesterday AVG showed 0infections and 0warnings..

Computer was running almost back to normal before i got reinfected.. Its not as bad as before tho.. im just freezing up.. No others annoyances to report at the moment.. but i did recieve this message this morning..

Microsoft Windows Search Indexer has encountered a problem and needs to close. We are sorry for the inconvenience.

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Main User at 2009-09-03 14:10:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 209 GB (68%) free of 305 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:55 PM, on 9/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Main User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Main User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Efficient Calendar Free.lnk = C:\Program Files\Efficient Calendar Free\EfficientCalendarFree.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Main User\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Burger%20Shop/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247705005069
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Burger%20Shop/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7174 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-01-27 1381376]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-29 2007832]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"EfficientCalendarFree"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Main User\Start Menu\Programs\Startup
Efficient Calendar Free.lnk - C:\Program Files\Efficient Calendar Free\EfficientCalendarFree.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Main User\Application Data\IMVUClient\IMVUClient.exe"="C:\Documents and Settings\Main User\Application Data\IMVUClient\IMVUClient.exe:*:Disabled:IMVUClient"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-03 14:10:49 ----D---- C:\rsit
2009-09-01 18:38:09 ----D---- C:\Documents and Settings\All Users\Application Data\GoBit Games
2009-09-01 05:14:29 ----D---- C:\Documents and Settings\Main User\Application Data\Efficient Calendar Free
2009-09-01 05:14:27 ----D---- C:\Program Files\Efficient Calendar Free
2009-09-01 05:08:50 ----A---- C:\WINDOWS\WORDWISE.INI
2009-09-01 05:03:15 ----D---- C:\Program Files\WordWise
2009-08-30 21:36:08 ----SHD---- C:\RECYCLER
2009-08-30 15:22:42 ----D---- C:\WINDOWS\temp
2009-08-30 15:22:41 ----A---- C:\ComboFix.txt
2009-08-29 08:51:13 ----A---- C:\Boot.bak
2009-08-29 08:51:09 ----RASHD---- C:\cmdcons
2009-08-29 08:47:02 ----A---- C:\WINDOWS\zip.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\SWSC.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\SWREG.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\sed.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\PEV.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-29 08:47:02 ----A---- C:\WINDOWS\grep.exe
2009-08-29 08:46:49 ----D---- C:\WINDOWS\ERDNT
2009-08-29 08:41:41 ----D---- C:\Qoobox
2009-08-28 17:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-28 17:24:24 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-28 17:24:24 ----D---- C:\Documents and Settings\Main User\Application Data\SUPERAntiSpyware.com
2009-08-28 17:24:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-26 17:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 17:31:29 ----D---- C:\Program Files\iPod
2009-08-25 17:31:27 ----D---- C:\Program Files\iTunes
2009-08-25 17:31:05 ----D---- C:\Program Files\Common Files\Apple
2009-08-25 17:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-24 23:43:15 ----D---- C:\Documents and Settings\Main User\Application Data\Malwarebytes
2009-08-24 15:12:53 ----D---- C:\Program Files\Trend Micro
2009-08-24 15:08:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-24 15:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-22 00:45:34 ----D---- C:\Documents and Settings\Main User\Application Data\Uniblue
2009-08-22 00:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-08-21 20:35:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-21 17:56:01 ----D---- C:\Documents and Settings\Main User\Application Data\DriverCure
2009-08-21 17:55:57 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-08-21 17:55:57 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-08-21 17:52:13 ----D---- C:\Documents and Settings\Main User\Application Data\Blitware
2009-08-21 17:41:10 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-21 11:27:04 ----D---- C:\Documents and Settings\Main User\Application Data\Ludia
2009-08-21 11:27:04 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2009-08-21 11:11:50 ----D---- C:\Program Files\Ubisoft
2009-08-21 01:24:52 ----D---- C:\Program Files\Hasbro
2009-08-20 23:04:12 ----D---- C:\Program Files\Common Files\SupportSoft
2009-08-20 04:25:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-20 04:24:49 ----D---- C:\Documents and Settings\Main User\Application Data\SpinTop
2009-08-15 17:55:26 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-08-14 05:49:23 ----A---- C:\WINDOWS\WORDPAD.INI
2009-08-14 03:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 03:03:01 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-14 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 18:01:06 ----D---- C:\Program Files\Datel
2009-08-12 21:03:08 ----D---- C:\WINDOWS\Sun
2009-08-11 15:53:54 ----D---- C:\Documents and Settings\Main User\Application Data\Vso
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\Pncrt.dll
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-08-11 15:53:49 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-08-11 15:53:48 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-08-11 15:53:48 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-08-11 15:53:46 ----D---- C:\Program Files\VSO

======List of files/folders modified in the last 1 months======

2009-09-03 14:10:55 ----D---- C:\WINDOWS\Prefetch
2009-09-03 14:08:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-03 14:05:08 ----D---- C:\Documents and Settings\Main User\Application Data\vlc
2009-09-03 14:00:26 ----D---- C:\Documents and Settings\Main User\Application Data\IMVU
2009-09-03 13:58:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-03 13:42:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-03 12:12:36 ----HD---- C:\$AVG8.VAULT$
2009-09-03 04:45:45 ----D---- C:\Documents and Settings\Main User\Application Data\gtk-2.0
2009-09-02 21:58:11 ----RD---- C:\Program Files
2009-09-01 22:10:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-01 18:36:03 ----D---- C:\WINDOWS\Minidump
2009-09-01 18:36:03 ----D---- C:\WINDOWS
2009-08-31 14:15:36 ----D---- C:\WINDOWS\system32
2009-08-30 15:22:43 ----D---- C:\WINDOWS\system32\drivers
2009-08-30 15:19:35 ----A---- C:\WINDOWS\system.ini
2009-08-30 15:17:36 ----D---- C:\WINDOWS\system32\config
2009-08-30 15:16:19 ----D---- C:\WINDOWS\AppPatch
2009-08-30 15:16:18 ----D---- C:\Program Files\Common Files
2009-08-30 15:12:02 ----SHD---- C:\System Volume Information
2009-08-30 15:12:02 ----D---- C:\WINDOWS\system32\Restore
2009-08-29 09:40:00 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-29 09:08:38 ----SD---- C:\WINDOWS\Tasks
2009-08-29 09:08:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-29 08:51:13 ----RASH---- C:\boot.ini
2009-08-28 18:14:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-28 17:24:28 ----SHD---- C:\WINDOWS\Installer
2009-08-27 22:08:53 ----D---- C:\Documents and Settings\Main User\Application Data\IMVUClient
2009-08-26 18:15:03 ----D---- C:\Documents and Settings\Main User\Application Data\LimeWire
2009-08-26 17:49:20 ----HD---- C:\WINDOWS\inf
2009-08-25 17:31:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-25 17:24:31 ----A---- C:\WINDOWS\imsins.BAK
2009-08-25 17:23:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-25 16:38:17 ----D---- C:\Program Files\Canon
2009-08-24 18:43:06 ----D---- C:\Program Files\WinRAR
2009-08-24 17:03:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-22 13:36:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 20:36:07 ----D---- C:\Documents and Settings
2009-08-21 18:44:01 ----SD---- C:\Documents and Settings\Main User\Application Data\Microsoft
2009-08-21 17:41:34 ----RSD---- C:\WINDOWS\assembly
2009-08-21 02:55:34 ----D---- C:\WINDOWS\network diagnostic
2009-08-20 23:02:19 ----D---- C:\Program Files\Adobe
2009-08-20 04:25:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-18 21:15:10 ----D---- C:\DELL
2009-08-17 20:34:52 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-08-15 04:01:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-15 03:59:32 ----RSD---- C:\WINDOWS\Fonts
2009-08-14 04:07:25 ----D---- C:\Program Files\Outlook Express
2009-08-13 18:01:21 ----D---- C:\WINDOWS\WinSxS
2009-08-10 16:58:20 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-08-10 16:58:18 ----D---- C:\Program Files\Roxio
2009-08-10 16:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-08-05 16:57:40 ----D---- C:\Documents and Settings\Main User\Application Data\Adobe
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-29 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-29 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-15 108552]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-27 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-01-27 27776]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-11 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-01-27 99200]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\Combo-fix\catchme.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
#21 ·
Rsit Info:

info.txt logfile of random's system information tool 1.06 2009-09-03 14:10:57

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Efficient Calendar Free 1.39-->"C:\Program Files\Efficient Calendar Free\unins000.exe"
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Hell's Kitchen 1.1.5-->C:\Program Files\Ubisoft\Ludia\Hell's Kitchen\Hell's Kitchen\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monopoly Here & Now Edition-->C:\PROGRA~1\Hasbro\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\MONOPO~1\INSTALL.LOG
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Mario World-->"C:\Program Files\Super Mario World\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-08-30]
O2 - BHO: (no name) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file) [2009-09-03]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-09-03]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: DELL-7B5AA1E6BB
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 6339
Source Name: Service Control Manager
Time Written: 20090825163625.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 6336
Source Name: Service Control Manager
Time Written: 20090825163625.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 6333
Source Name: Service Control Manager
Time Written: 20090825163624.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 6330
Source Name: Service Control Manager
Time Written: 20090825163624.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.

Record Number: 6327
Source Name: Service Control Manager
Time Written: 20090825163624.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: DELL-7B5AA1E6BB
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\MAIN USER\MY DOCUMENTS\CONVERTXTODVD\01 - DOUG LESS (PART 1)\MENU_SNAPS\CHP0_138X110_0MS.YUV> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 993
Source Name: Windows Search Service
Time Written: 20090824025624.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\MAIN USER\MY DOCUMENTS\CONVERTXTODVD\01 - DOUG LESS (PART 1)\MENU_SNAPS\CHP0_138X110_0MS.YUV> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 992
Source Name: Windows Search Service
Time Written: 20090824025623.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x10003973.

Record Number: 950
Source Name: Application Error
Time Written: 20090822190752.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 1001
Message: Fault bucket 755802940.

Record Number: 923
Source Name: Application Error
Time Written: 20090822102412.000000-240
Event Type: error
User:

Computer Name: DELL-7B5AA1E6BB
Event Code: 1004
Message: Faulting application winlogon.exe, version 0.0.0.0, faulting module msgina.dll, version 5.1.2600.5512, fault address 0x00027973.

Record Number: 920
Source Name: Application Error
Time Written: 20090822102221.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
 
#22 ·
The C:\Qoobox items AVG found are what Combo fix has already quarantined and will be removed when we clean up the tools we used.

So no problems there and ignore those warnings until we finish.

Try running without Teatimer. See if it makes any difference. In fact uninstall it completely. You can always re-install later if you decide it is worth it. (I will give you an alternative on your all clean) Also have you had AVG for a long time? It can be a bit of a hog. There are other free good alternatives if you are interested.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit). Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 16
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code:
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 7
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Let me know when the above is done and another update.
 
#25 ·
As for an update on the computer.. nothing horrible to report.. just getting the little frozen hiccups which i am now completely convinced is USB related i haven't posted on that problem yet thought i should completely finish this one 1st.. After uninstalling spybot it said that some of it was not completely removed but that i could do it manually..
 
#26 ·
Malware wise things are looking ok so I would suggest you proceed as follows.

MBAM and ATF are great tools for you to keep and use on a regular basis.

You can delete RSIT from your Desktop and it associated folder C:\RSIT

Remove Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /)
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.

Please reply if you have any problems or questions
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top