Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: Here is my malwarebyts ant-malware and hijackthis log files  (Read 10563 times)

0 Members and 1 Guest are viewing this topic.

alyoob

    Topic Starter


    Intermediate

    Thanked: 1
    • Experience: Experienced
    • OS: Windows 8
    Here is my malwarebyts ant-malware and hijackthis log files
    « on: September 22, 2009, 03:14:14 PM »
    I am not able to install any other programs that was suggested in the form for scanning purposes. Luckily I had malwarebyte anti-malware log and Hijacklog already installed on my computer. Here are the logs.

    [attachment deleted by admin]
    « Last Edit: September 22, 2009, 05:39:43 PM by alyoob »
    Logged

    Two-eyes



      Intermediate
      • Thanked: 4
      Re: Here is my malwarebyts ant-malware and hijackthis log files
      « Reply #1 on: September 22, 2009, 03:20:17 PM »
      Hi,
      you should have replied to your previous post with these logs...but what 's done cannot be undone (mostly cos the delete function was removed  :D).
      You will have to have patience and wait for an expert to see your logs and assist you further.

      T-E %

      UPDATE:
      after running you're hijackthis log through Computer Hope's processes tool this report came.  Crawler toolbar seem to be one of your problems.  It is suggested in the report you uninstall it.
      There is also protect.dll, that seems to be malware.  The report says to delete, but I would wait for an expert to speak to me.
      DO NOT DO ANYTHING ELSE SUGGESTED IN YOUR REPORT, UNLESS DIRECTED BY AN EXPERT.
      « Last Edit: September 22, 2009, 03:33:23 PM by Two-eyes »
      Logged
      Quote
      I believe the bushes in my yard will BURN before God picks up a PC to send a message

      harry 48



        Egghead

      • lay back , relax and chill out
        • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: Here is my malwarebyts ant-malware and hijackthis log files
      « Reply #2 on: September 22, 2009, 04:10:20 PM »
      two-eyes , please do not give advice if your not a malware expert

      alyoob , please do not use the process tool if you do not know what your doing

      an expert will be along soon . please wait
      Logged

      CBMatt

      • Mod & Malware Specialist


        • Prodigy

      • Sad and lonely...and loving every minute of it.
        • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: Here is my malwarebyts ant-malware and hijackthis log files
      « Reply #3 on: September 22, 2009, 06:30:05 PM »
      As stated, Two-eyes, please leave the removal instructions to the designated specialists.  I realize that you are trying to help, but we have proper training and it is important that we follow specific guidelines during the removal process.  Thank you.



      Now, alyoob, go ahead and run another scan with HijackThis and place checkmarks next to these entries:
      O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

      O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
      O4 - HKLM\..\RunOnce: [ムN@] ムN@
      O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\HP_OWN~1.HP_\protect.dll,_IWMPEvents@0
      O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\DOCUME~1\DEFAUL~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\DOCUME~1\DEFAUL~1\protect.dll,_IWMPEvents@0 (User 'Default user')

      Close all other windows (including this one) and click on Fix Checked.  Once you have done that, closely follow these steps as well...

      Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

      http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      http://subs.geekstogo.com/ComboFix.exe

      Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Double-click combofix.exe and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix log and a new HijackThis log in your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
      Logged
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey

      Two-eyes



        Intermediate
        • Thanked: 4
        Re: Here is my malwarebyts ant-malware and hijackthis log files
        « Reply #4 on: September 23, 2009, 04:09:27 AM »
         :-[...sorry, I shouldv'e followed my own advise.  Hope I didn't do any damage  :-[
        Logged
        Quote
        I believe the bushes in my yard will BURN before God picks up a PC to send a message

        alyoob

          Topic Starter


          Intermediate

          Thanked: 1
          • Experience: Experienced
          • OS: Windows 8
          Re: Here is my malwarebyts ant-malware and hijackthis log files
          « Reply #5 on: September 23, 2009, 09:59:37 AM »
          When i used combofix to run the scan and the computer restarted combofix messed up my internet connection and was unable to reconnect to the forum to give you the log. I had to do a system restore and undo what combox had done.
          « Last Edit: September 23, 2009, 11:18:58 AM by alyoob »
          Logged

          CBMatt

          • Mod & Malware Specialist


            • Prodigy

          • Sad and lonely...and loving every minute of it.
            • Thanked: 167
            • Yes
          • Experience: Experienced
          • OS: Windows 7
          Re: Here is my malwarebyts ant-malware and hijackthis log files
          « Reply #6 on: September 23, 2009, 04:46:39 PM »
          Quote from: Two-eyes on September 23, 2009, 04:09:27 AM
          :-[...sorry, I shouldv'e followed my own advise.  Hope I didn't do any damage  :-[
          It's okay.  Thank you for understanding.



          Quote from: alyoob on September 23, 2009, 09:59:37 AM
          When i used combofix to run the scan and the computer restarted combofix messed up my internet connection and was unable to reconnect to the forum to give you the log. I had to do a system restore and undo what combox had done.
          This is not something that commonly happens as a result of running ComboFix.  In fact, I have never experienced this in all of my time spent using it.  The only thing I can think of is that it was either a fluke or it removed an important file that had become infected.  If ComboFix was indeed the culprit, then I sincerely apologize.  Do you still have a copy of the log by any chance?  If so, that could greatly help me in trying to figure out what may have happened, and it would also show me what else might be lurking around on your computer.

          Although I haven't seen it cause connection issues this severe, there is one infection that ComboFix has reacted badly to in the recent past.  Let's try another scan to verify whether or not it is on your computer...
          Please print these instructions as they will be needed later when Internet access is not available.
           
          Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/156236231/SDFix.exe.html

          When using this tool, you must use the Administrator's account or an account with Administrative rights
          • Double-click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix).
          • DO NOT use it just yet.
          Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears), press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

          Open the SDFix folder and double-click RunThis.bat to start the script.
          • Type Y to begin the cleanup process.
          • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to reboot.
          • Press any Key and it will restart the PC.
          • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished.  Press any key to end the script and load your desktop icons.
          • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
          • Copy and paste the contents of the results file Report.txt in your next reply.
          Logged
          Quote
          An undefined problem has an infinite number of solutions.
          由obert A. Humphrey

          alyoob

            Topic Starter


            Intermediate

            Thanked: 1
            • Experience: Experienced
            • OS: Windows 8
            Re: Here is my malwarebyts ant-malware and hijackthis log files
            « Reply #7 on: September 23, 2009, 05:00:47 PM »
            I actually found the combofix log here it is and i will do the steps you told me on top but my computer is not able to boot into safe mode



            ComboFix 09-09-22.02 - HP_Owner 09/22/2009 17:14.1.1 - NTFSx86
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1407.984 [GMT -7:00]
            Running from: c:\documents and settings\HP_Owner.HP_OWNER\Desktop\Comb11oFix.exe
            AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
             * Created a new restore point
            .

            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            c:\documents and settings\HP_Owner.HP_OWNER\My Documents\regestry backup.reg
            c:\documents and settings\HP_Owner.HP_OWNER\protect.dll
            C:\Images
            c:\images\DirCfg.ini
            c:\program files\Protection System
            c:\recycler\S-1-5-21-2294972053-1846567828-194732070-1009
            c:\windows\Downloaded Program Files\bdcore.dll
            c:\windows\Downloaded Program Files\libfn.dll
            c:\windows\Installer\11040a4.msi
            c:\windows\Installer\1324b.msi
            c:\windows\Installer\178801.msi
            c:\windows\Installer\178807.msi
            c:\windows\Installer\19291a.msp
            c:\windows\Installer\19291b.msp
            c:\windows\Installer\19291c.msp
            c:\windows\Installer\19291d.msp
            c:\windows\Installer\19291e.msp
            c:\windows\Installer\19291f.msp
            c:\windows\Installer\192920.msp
            c:\windows\Installer\192921.msp
            c:\windows\Installer\192922.msp
            c:\windows\Installer\19706a.msi
            c:\windows\Installer\1973a7.msi
            c:\windows\Installer\19c3d8.msi
            c:\windows\Installer\1c49ef7.msi
            c:\windows\Installer\1c49efd.msi
            c:\windows\Installer\28cef.msi
            c:\windows\Installer\28d2e.msi
            c:\windows\Installer\2f0baa.msi
            c:\windows\Installer\388abfa.msi
            c:\windows\Installer\3a91bc.msp
            c:\windows\Installer\3a91bd.msp
            c:\windows\Installer\3a91be.msp
            c:\windows\Installer\3a91bf.msp
            c:\windows\Installer\3a91c0.msp
            c:\windows\Installer\3a91c1.msp
            c:\windows\Installer\3a91c2.msp
            c:\windows\Installer\3a91c3.msp
            c:\windows\Installer\3a91c4.msp
            c:\windows\Installer\41b043.msp
            c:\windows\Installer\435b05.msi
            c:\windows\Installer\435b06.msp
            c:\windows\Installer\435b07.msp
            c:\windows\Installer\435b08.msp
            c:\windows\Installer\435b09.msp
            c:\windows\Installer\435b0a.msp
            c:\windows\Installer\435b0b.msp
            c:\windows\Installer\435b0c.msp
            c:\windows\Installer\435b0d.msp
            c:\windows\Installer\435b0e.msp
            c:\windows\Installer\454f48.msi
            c:\windows\Installer\454f49.msp
            c:\windows\Installer\454f4a.msp
            c:\windows\Installer\454f4b.msp
            c:\windows\Installer\454f4c.msp
            c:\windows\Installer\454f4d.msp
            c:\windows\Installer\454f4e.msp
            c:\windows\Installer\454f4f.msp
            c:\windows\Installer\454f50.msp
            c:\windows\Installer\454f51.msp
            c:\windows\Installer\454f52.msp
            c:\windows\Installer\462398.msi
            c:\windows\Installer\4623a7.msp
            c:\windows\Installer\4623b2.msp
            c:\windows\Installer\4623be.msp
            c:\windows\Installer\50692a.msi
            c:\windows\Installer\5a34b.msi
            c:\windows\Installer\5a377.msi
            c:\windows\Installer\5a383.msi
            c:\windows\Installer\5a3d4.msi
            c:\windows\Installer\5a4cb.msi
            c:\windows\Installer\5a4f6.msi
            c:\windows\Installer\5a541.msi
            c:\windows\Installer\5a54a.msi
            c:\windows\Installer\5a551.msi
            c:\windows\Installer\5a558.msi
            c:\windows\Installer\5a56e.msi
            c:\windows\Installer\5a582.msi
            c:\windows\Installer\5a5bc.msi
            c:\windows\Installer\5a5cd.msi
            c:\windows\Installer\5a5f3.msi
            c:\windows\Installer\5ab65.msi
            c:\windows\Installer\5ac76.msi
            c:\windows\Installer\5acae.msi
            c:\windows\Installer\5ad0d.msi
            c:\windows\Installer\5ae01.msi
            c:\windows\Installer\5af06.msi
            c:\windows\Installer\5b2bd.msi
            c:\windows\Installer\5b2ce.msi
            c:\windows\Installer\5b2da.msi
            c:\windows\Installer\5b2e1.msi
            c:\windows\Installer\5b33a.msi
            c:\windows\Installer\5b395.msi
            c:\windows\Installer\5b39b.msi
            c:\windows\Installer\5b3a1.msi
            c:\windows\Installer\5b3a7.msi
            c:\windows\Installer\5b3ad.msi
            c:\windows\Installer\66cac.msp
            c:\windows\Installer\701ce.msi
            c:\windows\Installer\701d4.msi
            c:\windows\Installer\701da.msi
            c:\windows\Installer\701e0.msi
            c:\windows\Installer\701e6.msi
            c:\windows\Installer\701f0.msi
            c:\windows\Installer\701f6.msi
            c:\windows\Installer\701fc.msi
            c:\windows\Installer\70203.msi
            c:\windows\Installer\7020a.msi
            c:\windows\Installer\70210.msi
            c:\windows\Installer\70216.msi
            c:\windows\Installer\7021c.msi
            c:\windows\Installer\70256.msi
            c:\windows\Installer\7025c.msi
            c:\windows\Installer\70286.msi
            c:\windows\Installer\761de.msi
            c:\windows\Installer\90c27.msi
            c:\windows\Installer\98b939.msi
            c:\windows\Installer\a5d44.msi
            c:\windows\Installer\a5d5c.msi
            c:\windows\Installer\a5d62.msi
            c:\windows\Installer\a5d7d.msi
            c:\windows\Installer\a9e28.msi
            c:\windows\Installer\c9754.msp
            c:\windows\Installer\c9755.msp
            c:\windows\Installer\c9756.msp
            c:\windows\Installer\c9757.msp
            c:\windows\Installer\c9758.msp
            c:\windows\Installer\c9759.msp
            c:\windows\Installer\c975a.msp
            c:\windows\Installer\c975b.msp
            c:\windows\Installer\c975c.msp
            c:\windows\sc.exe
            c:\windows\sv1.exe
            c:\windows\system32\gakikedo.dll
            c:\windows\system32\huwakalu.dll
            c:\windows\system32\livoguyi.dll
            c:\windows\system32\lowsec
            c:\windows\system32\lowsec\local.ds
            c:\windows\system32\lowsec\user.ds
            c:\windows\system32\ps2.bat
            c:\windows\system32\sdra64.exe
            c:\windows\viassary-hp.reg
            D:\Autorun.inf

            c:\windows\system32\userinit.exe . . . is infected!!

            c:\windows\system32\spoolsv.exe . . . is infected!!

            c:\windows\explorer.exe . . . is infected!!

            .
            (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\Legacy_6TO4
            -------\Legacy_IAS
            -------\Legacy_MNDISK
            -------\Legacy_MYWEBSEARCHSERVICE


            (((((((((((((((((((((((((   Files Created from 2009-08-23 to 2009-09-23  )))))))))))))))))))))))))))))))
            .

            2009-09-23 00:02 . 2009-09-23 00:02   879616   ----a-w-   c:\windows\isvchost.exe
            2009-09-23 00:01 . 2003-01-10 21:13   33588   ----a-r-   c:\windows\system32\drivers\wanatw4.sys
            2009-09-23 00:00 . 2009-09-23 00:19   22528   --sha-w-   c:\windows\system32\calc.dll
            2009-09-22 19:51 . 2009-09-22 19:51   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
            2009-09-21 21:58 . 2009-09-21 21:58   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
            2009-09-21 21:24 . 2009-09-21 21:24   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\MicroVision Applications
            2009-09-21 21:13 . 2009-09-21 21:13   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Leadertech
            2009-09-21 19:35 . 2009-09-22 16:15   148992   ----a-w-   c:\windows\sv3.exe
            2009-09-21 19:32 . 2009-09-21 19:32   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
            2009-09-21 19:31 . 2009-09-21 19:31   --------   d-----w-   c:\windows\system32\wbem\Repository
            2009-09-21 19:30 . 2009-09-21 19:30   --------   dc----w-   c:\documents and settings\All Users\Application Data\Avira
            2009-09-21 19:08 . 2009-09-21 19:09   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Spyware Terminator
            2009-09-20 00:48 . 2009-09-20 00:54   --------   d-----w-   c:\program files\Apache Software Foundation
            2009-09-19 18:27 . 2004-12-14 16:07   229376   ----a-r-   c:\windows\system32\hpovst08.dll
            2009-09-19 18:26 . 2009-09-19 18:26   68491   ----a-w-   c:\windows\hpoins05.dat
            2009-09-19 18:26 . 2004-12-14 16:07   19696   ------w-   c:\windows\hpomdl05.dat
            2009-09-19 03:10 . 2009-07-28 23:33   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
            2009-09-19 03:10 . 2009-03-30 17:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
            2009-09-19 03:10 . 2009-02-13 19:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
            2009-09-19 03:10 . 2009-02-13 19:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
            2009-09-19 03:10 . 2009-09-19 03:10   --------   d-----w-   c:\program files\Avira
            2009-09-15 20:43 . 2009-09-15 20:43   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Unity
            2009-09-15 20:15 . 2009-09-15 20:15   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\Unity
            2009-09-15 20:15 . 2009-09-15 20:15   --------   d-----w-   c:\program files\Unity
            2009-09-15 01:28 . 2009-09-15 01:28   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
            2009-09-14 01:04 . 2009-09-14 01:04   --------   d-----w-   c:\program files\AOLSpyware
            2009-09-13 22:19 . 2009-09-13 22:19   --------   d-----w-   c:\program files\Microsoft Virtual PC
            2009-09-13 21:31 . 2009-06-21 21:44   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
            2009-09-13 21:30 . 2009-07-10 13:27   1315328   -c----w-   c:\windows\system32\dllcache\msoe.dll
            2009-09-12 01:16 . 2009-09-12 01:17   --------   dc----w-   c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
            2009-09-11 20:00 . 2009-09-23 00:10   --------   d-----w-   c:\program files\Crawler
            2009-09-11 05:08 . 2009-09-11 05:08   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\AOL OCP
            2009-09-11 05:06 . 2009-09-11 05:06   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\AOL
            2009-09-08 18:47 . 2009-09-08 18:47   --------   d-----w-   c:\program files\Realtek AC97
            2009-09-07 02:05 . 2009-09-07 02:05   --------   d-----w-   c:\program files\SpeedyFox
            2009-09-05 02:46 . 2009-09-05 02:46   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Desktopicon
            2009-09-05 02:37 . 2009-09-05 02:37   --------   dc----w-   c:\documents and settings\All Users\Application Data\McAfee.com
            2009-09-05 02:37 . 2004-07-22 18:57   279624   ----a-w-   c:\windows\system32\mcgdmgr.dll
            2009-09-05 02:37 . 2009-09-05 02:37   --------   d-----w-   c:\program files\McAfee.com
            2009-09-05 02:37 . 2004-07-27 02:13   341064   ----a-w-   c:\windows\system32\mcinsctl.dll
            2009-08-30 22:23 . 2009-08-30 22:23   --------   dc----w-   c:\documents and settings\HP_OWN~1~HP_\LOCALS~1
            2009-08-30 22:23 . 2009-08-30 22:23   --------   dc----w-   c:\documents and settings\HP_OWN~1~HP_
            2009-08-30 05:42 . 2004-08-04 12:00   185344   -c--a-w-   c:\windows\system32\dllcache\thawbrkr.dll
            2009-08-30 05:42 . 2004-08-04 12:00   185344   ----a-w-   c:\windows\system32\Thawbrkr.dll
            2009-08-30 05:42 . 2004-08-04 12:00   10752   -c--a-w-   c:\windows\system32\dllcache\c_iscii.dll
            2009-08-30 05:42 . 2004-08-04 12:00   10752   ----a-w-   c:\windows\system32\c_iscii.dll
            2009-08-30 05:42 . 2004-08-04 12:00   5632   -c--a-w-   c:\windows\system32\dllcache\kbdusa.dll
            2009-08-30 05:42 . 2004-08-04 12:00   5632   ----a-w-   c:\windows\system32\kbdusa.dll
            2009-08-30 05:41 . 2004-08-04 12:00   6144   -c--a-w-   c:\windows\system32\dllcache\ftlx041e.dll
            2009-08-30 05:41 . 2004-08-04 12:00   6144   ----a-w-   c:\windows\system32\ftlx041e.dll
            2009-08-29 16:22 . 2009-08-29 16:29   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Move Networks
            2009-08-26 21:30 . 2009-08-26 21:30   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\PCHealth

            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2009-09-23 00:23 . 2009-09-23 00:23   0   ----a-w-   c:\windows\system32\2.tmp
            2009-09-23 00:12 . 2009-02-16 01:03   12288   ----a-w-   c:\windows\system32\clipsrv.exe
            2009-09-23 00:11 . 2009-02-16 01:03   211725   ----a-w-   c:\windows\system32\cisvc.exe
            2009-09-23 00:07 . 2009-06-23 00:07   89600   --sha-w-   c:\windows\system32\jokigaju.dll
            2009-09-23 00:02 . 2009-09-23 00:02   89088   ----a-w-   c:\windows\system32\38C.tmp
            2009-09-23 00:02 . 2009-09-23 00:02   1   ----a-w-   c:\windows\system32\38B.tmp
            2009-09-23 00:02 . 2009-09-23 00:02   86528   ----a-w-   c:\windows\system32\38A.tmp
            2009-09-23 00:02 . 2009-09-23 00:02   148   ----a-w-   c:\windows\system32\389.tmp
            2009-09-22 15:35 . 2009-09-22 15:35   89088   ----a-w-   c:\windows\system32\383.tmp
            2009-09-22 15:35 . 2009-09-22 15:35   1   ----a-w-   c:\windows\system32\37D.tmp
            2009-09-22 15:35 . 2009-09-22 15:35   144   ----a-w-   c:\windows\system32\37B.tmp
            2009-09-22 14:07 . 2009-02-16 03:11   --------   d-----w-   c:\program files\AVG
            2009-09-22 14:07 . 2009-02-16 03:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
            2009-09-22 04:41 . 2009-02-16 02:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
            2009-09-22 04:32 . 2009-09-22 04:32   89088   ----a-w-   c:\windows\system32\382.tmp
            2009-09-22 04:32 . 2009-09-22 04:32   1   ----a-w-   c:\windows\system32\381.tmp
            2009-09-22 04:32 . 2009-09-22 04:32   144   ----a-w-   c:\windows\system32\37A.tmp
            2009-09-21 23:10 . 2009-09-21 23:10   89088   ----a-w-   c:\windows\system32\376.tmp
            2009-09-21 23:10 . 2009-09-21 23:10   1   ----a-w-   c:\windows\system32\375.tmp
            2009-09-21 23:10 . 2009-09-21 23:10   144   ----a-w-   c:\windows\system32\371.tmp
            2009-09-21 22:58 . 2009-09-21 22:58   89088   ----a-w-   c:\windows\system32\373.tmp
            2009-09-21 22:58 . 2009-09-21 22:58   1   ----a-w-   c:\windows\system32\372.tmp
            2009-09-21 22:58 . 2009-09-21 22:58   144   ----a-w-   c:\windows\system32\370.tmp
            2009-09-21 22:58 . 2009-02-16 00:23   361600   ----a-w-   c:\windows\system32\drivers\TCPIP.SYS
            2009-09-21 21:14 . 2009-05-31 21:44   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Sonic
            2009-09-21 20:45 . 2009-09-21 20:45   89088   ----a-w-   c:\windows\system32\36F.tmp
            2009-09-21 20:45 . 2009-09-21 20:45   1   ----a-w-   c:\windows\system32\36E.tmp
            2009-09-21 20:44 . 2009-09-21 20:44   144   ----a-w-   c:\windows\system32\36A.tmp
            2009-09-21 20:39 . 2009-09-21 20:39   89088   ----a-w-   c:\windows\system32\36C.tmp
            2009-09-21 20:39 . 2009-09-21 20:39   1   ----a-w-   c:\windows\system32\36B.tmp
            2009-09-21 20:39 . 2009-09-21 20:39   144   ----a-w-   c:\windows\system32\367.tmp
            2009-09-21 20:23 . 2009-09-21 20:23   89088   ----a-w-   c:\windows\system32\369.tmp
            2009-09-21 20:23 . 2009-09-21 20:23   1   ----a-w-   c:\windows\system32\368.tmp
            2009-09-21 20:23 . 2009-09-21 20:23   144   ----a-w-   c:\windows\system32\366.tmp
            2009-09-21 19:30 . 2009-02-16 03:21   --------   d-----w-   c:\program files\Spyware Terminator
            2009-09-21 19:18 . 2009-07-10 19:17   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Spyware Terminator
            2009-09-21 19:10 . 2009-07-10 19:22   --------   d-----w-   c:\program files\WinClamAVShield
            2009-09-21 19:10 . 2009-07-10 19:17   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spyware Terminator
            2009-09-21 19:08 . 2009-09-21 19:08   1   ----a-w-   c:\windows\system32\380.tmp
            2009-09-21 19:08 . 2009-09-21 19:08   37888   ----a-w-   c:\windows\system32\37F.tmp
            2009-09-21 19:08 . 2009-09-21 19:08   144   ----a-w-   c:\windows\system32\37E.tmp
            2009-09-21 19:07 . 2009-09-21 19:07   361600   ----a-w-   c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
            2009-09-21 19:06 . 2009-08-10 02:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
            2009-09-20 22:52 . 2009-07-01 04:47   --------   d-----w-   c:\program files\Blubster
            2009-09-19 23:09 . 2009-05-31 22:58   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\IObit
            2009-09-19 18:52 . 2009-05-31 21:44   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Apple Computer
            2009-09-19 18:16 . 2004-10-22 01:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hewlett-Packard
            2009-09-19 18:16 . 2004-10-22 01:05   --------   d-----w-   c:\program files\HP
            2009-09-19 18:02 . 2009-02-16 04:20   46   ----a-w-   c:\windows\hposf045.dat
            2009-09-16 19:05 . 2009-05-31 22:07   89624   -c--a-w-   c:\documents and settings\HP_Owner.HP_OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
            2009-09-15 17:11 . 2009-06-01 19:11   --------   d-----w-   c:\program files\Spybot - Search & Destroy
            2009-09-15 17:08 . 2009-02-16 02:43   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
            2009-09-15 17:07 . 2009-04-11 14:52   --------   d-----w-   c:\program files\SpywareBlaster
            2009-09-15 00:34 . 2009-02-16 04:12   --------   d-----w-   c:\program files\McAfee
            2009-09-14 01:06 . 2009-02-16 05:20   --------   d-----w-   c:\program files\Common Files\AOL
            2009-09-14 01:04 . 2009-02-16 04:31   --------   d-----w-   c:\program files\Abexo
            2009-09-14 01:04 . 2009-02-17 23:15   --------   d-----w-   c:\program files\Lavasoft
            2009-09-14 01:03 . 2009-02-17 23:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
            2009-09-12 01:17 . 2004-10-22 01:58   --------   d-----w-   c:\program files\iTunes
            2009-09-12 01:16 . 2004-10-22 01:58   --------   d-----w-   c:\program files\iPod
            2009-09-12 01:14 . 2004-10-22 01:58   --------   d-----w-   c:\program files\QuickTime
            2009-09-12 01:13 . 2009-03-28 19:52   --------   d-----w-   c:\program files\Common Files\Apple
            2009-09-11 23:49 . 2009-05-31 22:07   3540   -c--a-w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\wklnhst.dat
            2009-09-11 16:58 . 2009-08-21 22:16   --------   d-----w-   c:\program files\Vanish
            2009-09-11 16:58 . 2009-06-01 00:15   --------   d-----w-   c:\program files\America Online 9.0a
            2009-09-11 05:24 . 2009-03-25 20:57   --------   d-----w-   c:\program files\Common Files\AOLSHARE
            2009-09-11 05:06 . 2009-02-16 05:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\AOL
            2009-09-11 05:05 . 2009-02-16 05:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL Downloads
            2009-09-10 21:54 . 2009-08-10 02:44   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
            2009-09-10 21:53 . 2009-08-10 02:45   18520   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2009-09-05 02:53 . 2009-06-06 00:37   --------   d-----w-   c:\program files\Norton Security Scan
            2009-09-05 02:53 . 2009-06-06 00:37   --------   d-----w-   c:\program files\Common Files\Symantec Shared
            2009-08-27 19:46 . 2004-10-22 01:46   --------   d--h--w-   c:\program files\InstallShield Installation Information
            2009-08-26 21:28 . 2009-02-16 03:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
            2009-08-26 15:05 . 2009-04-22 04:40   --------   dc----w-   c:\documents and settings\All Users\Application Data\NOS
            2009-08-26 15:04 . 2009-08-16 19:30   --------   d-----w-   c:\program files\NOS
            2009-08-25 21:22 . 2009-02-16 02:42   --------   d-----w-   c:\program files\IObit
            2009-08-25 21:19 . 2009-06-19 15:16   --------   d-----w-   c:\program files\Participatory Culture Foundation
            2009-08-23 16:04 . 2009-06-15 14:28   --------   d-----w-   c:\program files\Microsoft Silverlight
            2009-08-21 22:38 . 2009-08-21 22:16   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Azureus
            2009-08-21 22:16 . 2009-08-21 22:16   --------   dc----w-   c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Vanish
            2009-08-20 04:05 . 2009-02-16 04:14   --------   d-----w-   c:\documents and settings\LocalService\Application Data\SACore
            2009-08-11 22:22 . 2004-10-22 00:27   --------   d-----w-   c:\program files\Java
            2009-08-11 04:02 . 2009-08-11 04:02   23600   ----a-w-   c:\windows\system32\drivers\TVICHW32.SYS
            2009-08-05 09:01 . 2009-02-16 00:21   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
            2009-07-27 15:32 . 2009-07-27 15:32   --------   dc----w-   c:\documents and settings\All Users\Application Data\Chat Republic Games
            2009-07-25 12:23 . 2009-06-05 22:11   411368   ----a-w-   c:\windows\system32\deploytk.dll
            2009-07-17 19:01 . 2009-02-16 01:03   58880   ----a-w-   c:\windows\system32\atl.dll
            2009-07-14 06:43 . 2004-10-21 23:36   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
            2009-07-10 19:17 . 2009-07-10 19:17   142592   ----a-w-   c:\windows\system32\drivers\sp_rsdrv2.sys
            2009-07-03 17:09 . 2009-02-16 00:23   915456   ----a-w-   c:\windows\system32\wininet.dll
            2009-06-25 08:25 . 2009-02-16 00:23   54272   ----a-w-   c:\windows\system32\wdigest.dll
            2009-06-25 08:25 . 2009-02-16 00:22   56832   ----a-w-   c:\windows\system32\secur32.dll
            2009-06-25 08:25 . 2009-02-16 00:22   147456   ----a-w-   c:\windows\system32\schannel.dll
            2009-06-25 08:25 . 2009-02-16 00:21   136192   ----a-w-   c:\windows\system32\msv1_0.dll
            2009-06-25 08:25 . 2009-02-16 00:21   730112   ----a-w-   c:\windows\system32\lsasrv.dll
            2009-06-25 08:25 . 2009-02-16 00:21   301568   ----a-w-   c:\windows\system32\kerberos.dll
            2009-06-23 00:01 . 2009-06-23 00:01   49152   --sha-w-   c:\windows\system32\zikubupa.dll
            .

            ------- Sigcheck -------

            [-] 2009-09-21 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
            [-] 2009-09-21 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
            [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
            [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
            [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
            [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

            [-] 2008-04-14 . 7298B49496F9A3B734273596E59AEF8C . 74752 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
            [-] 2008-04-14 . 896269915E78F56745E9F5E1544CBAFF . 74752 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
            [-] 2004-08-04 . E64BBDF9170B96E9779FECDF1D180A9E . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

            [-] 2008-04-14 . 6E301A257E5B892C14645E8DFE7E260C . 43008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
            [-] 2008-04-14 . 00A36639136EFC11D9F4BDA24CDCF91F . 43008 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
            [-] 2004-08-04 . 8B8B6BB3453EE0BE769C00D493265730 . 41472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

            [-] 2008-04-14 . EB679338EB68829E4D7ECFA099403713 . 1050624 . . [6.00.2900.5512] . . c:\windows\explorer.exe
            [-] 2008-04-14 . C96EE0B665D2CBE2EC11EEDE36F45824 . 1050624 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
            [-] 2004-08-04 . 94D90FA949A62A906228741A174226A8 . 1049088 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

            [-] 2008-04-14 . 81D8A90170FCCBA292BC69768B2EA30B . 30720 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
            [-] 2008-04-14 . F4EA5347F50691B90F6EED1E25FEFB3F . 31232 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
            [-] 2004-08-04 . A0FD933270ADC9FF1D897AB3A7D25C53 . 30720 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

            [-] 2008-04-14 . 92F6F8C49778B0590BBC8F46FDE3243C . 32256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
            [-] 2008-04-14 . 8A390498FE43B02B3A4002ADD6B0413B . 32256 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
            [-] 2004-08-04 . 073D5C37EF6B9C404F6A8F57B89D75D8 . 32256 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
            .
            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f01d1b9-f68f-440d-b342-68c0aa039c7a}]
            2009-06-23 00:01   49152   --sha-w-   c:\windows\system32\zikubupa.dll

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
            "calc"="c:\docume~1\HP_OWN~1.HP_\protect.dll" [2009-09-23 22528]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 176128]
            "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 81920]
            "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 253952]
            "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 102400]
            "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-13 198160]
            "calc"="c:\windows\system32\calc.dll" [2009-09-23 22528]
            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 438272]
            "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
            "kihopiviy"="c:\windows\system32\jokigaju.dll" [2009-09-23 89600]
            "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 77824]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
            "ムN@"="d14e4000" [X]

            c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
            scandisk.lnk - c:\windows\system32\rundll32.exe  [2009-2-15 50176]

            c:\documents and settings\HP_Owner.HP_OWNER\Start Menu\Programs\Startup\
            scandisk.lnk - c:\windows\system32\rundll32.exe  [2009-2-15 50176]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
            "{5c2157ea-fec1-4f5f-8e9c-7926053cffc9}"= "c:\windows\system32\jokigaju.dll" [2009-09-23 89600]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
            "rayotafut"= {5c2157ea-fec1-4f5f-8e9c-7926053cffc9} - c:\windows\system32\jokigaju.dll [2009-09-23 89600]

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
            backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
            backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start Vanish.lnk]
            backup=c:\windows\pss\Start Vanish.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
            backup=c:\windows\pss\Updates from HP.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
            backup=c:\windows\pss\Windows Search.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.HP_OWNER^Start Menu^Programs^Startup^HP Organize.lnk]
            backup=c:\windows\pss\HP Organize.lnkStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\security center]
            "UpdatesDisableNotify"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
            "DisableMonitoring"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
            "DisableMonitoring"=dword:00000001

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
            "EnableFirewall"= 0 (0x0)

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "%windir%\\system32\\sessmgr.exe"=
            "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "c:\\Program Files\\Blubster\\Blubster.exe"=
            "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
            "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
            "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
            "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
            "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
            "c:\\Program Files\\iTunes\\iTunes.exe"=

            R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/10/2009 12:17 PM 142592]
            R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/21/2009 4:18 PM 305936]
            R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/15/2009 9:13 PM 92296]

            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
            "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
            .
            Contents of the 'Scheduled Tasks' folder

            2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
            - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

            2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{2B20013E-A910-4C03-AED7-E70154567A99}.job
            - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

            2009-09-22 c:\windows\Tasks\User_Feed_Synchronization-{61E61E72-11B6-4764-922D-184A34B21FE2}.job
            - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
            .
            .
            ------- Supplementary Scan -------
            .
            uStart Page = hxxp://www.google.com/
            uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
            mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
            uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
            uInternet Settings,ProxyOverride = *.local
            IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
            IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
            IE: Crawler Search - tbr:iemenu
            IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
            Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
            DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - hxxp://www.miniclip.com/superstar_racing/ChatRepublicPlayer.cab
            FF - ProfilePath - c:\documents and settings\HP_Owner.HP_OWNER\Application Data\Mozilla\Firefox\Profiles\59k728e3.default\
            FF - prefs.js: browser.startup.homepage - www.google.com
            FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
            FF - component: c:\program files\Crawler\firefox\components\xshared.dll
            FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
            FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
            FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
            FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
            FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
            FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

            ---- FIREFOX POLICIES ----
            FF - user.js: browser.cache.memory.capacity - 65536
            FF - user.js: browser.chrome.favicons - fales
            FF - user.js: browser.display.show_image_placeholders - true
            FF - user.js: browser.turbo.enabled - true
            FF - user.js: browser.urlbar.autocomplete.enabled - true
            FF - user.js: browser.urlbar.autofill - true
            FF - user.js: content.interrupt.parsing - true
            FF - user.js: content.max.tokenizing.time - 2250000
            FF - user.js: content.notify.backoffcount - 5
            FF - user.js: content.notify.interval - 750000
            FF - user.js: content.notify.ontimer - true
            FF - user.js: content.switch.threshold - 750000
            FF - user.js: network.http.max-connections - 48
            FF - user.js: network.http.max-connections-per-server - 16
            FF - user.js: network.http.max-persistent-connections-per-proxy - 16
            FF - user.js: network.http.max-persistent-connections-per-server - 8
            FF - user.js: network.http.pipelining - true
            FF - user.js: network.http.pipelining.firstrequest - true
            FF - user.js: network.http.pipelining.maxrequests - 8
            FF - user.js: network.http.proxy.pipelining - true
            FF - user.js: network.http.request.max-start-delay - 0
            FF - user.js: nglayout.initialpaint.delay - 0
            FF - user.js: plugin.expose_full_path - true
            FF - user.js: ui.submenuDelay - 0
            .
            - - - - ORPHANS REMOVED - - - -

            Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
            WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
            HKLM-Run-yurazirevu - livoguyi.dll
            HKU-Default-Run-calc - c:\docume~1\DEFAUL~1\protect.dll



            **************************************************************************

            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2009-09-22 17:25
            Windows 5.1.2600 Service Pack 3 NTFS

            scanning hidden processes ... 

            scanning hidden autostart entries ...

            scanning hidden files ... 

            scan completed successfully
            hidden files: 0

            **************************************************************************

            [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AgereModemAudio]
            "ImagePath"="c:\windows\TEMP\VRT396.tmp"

            [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]
            "ImagePath"="c:\windows\TEMP\VRT396.tmp"
            .
            --------------------- LOCKED REGISTRY KEYS ---------------------

            [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
            @Denied: (2) (LocalSystem)
            "6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
               d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,f2,9f,be,3b,7c,f8,47,b8,e0,b8,\
            "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
               d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,39,b5,e3,63,e4,d5,4f,a4,ca,bb,\
            "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
               d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,39,b5,e3,63,e4,d5,4f,a4,ca,bb,\

            [HKEY_USERS\S-1-5-21-3111597298-674844136-161376353-1009\Software\Microsoft\SystemCertificates\AddressBook*]
            @Allowed: (Read) (RestrictedCode)
            @Allowed: (Read) (RestrictedCode)

            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
            "Enabled"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
            @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker3"

            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"

            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            - - - - - - - > 'winlogon.exe'(720)
            c:\windows\system32\WININET.DLL
            c:\program files\Bonjour\mdnsNSP.dll

            - - - - - - - > 'explorer.exe'(3296)
            c:\windows\system32\WININET.dll
            c:\windows\system32\calc.dll
            c:\windows\system32\jokigaju.dll
            c:\windows\system32\webcheck.dll
            c:\windows\system32\IEFRAME.dll
            c:\windows\system32\mshtml.dll
            c:\windows\system32\msls31.dll
            c:\windows\system32\WPDShServiceObj.dll
            c:\program files\Common Files\aolshare\aolshcpy.dll
            c:\program files\Microsoft Virtual PC\VPCShExH.DLL
            c:\windows\system32\PortableDeviceTypes.dll
            c:\windows\system32\PortableDeviceApi.dll
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\program files\Common Files\AOL\ACS\AOLacsd.exe
            c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            c:\program files\Bonjour\mDNSResponder.exe
            c:\program files\Java\jre6\bin\jqs.exe
            c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            c:\program files\Spyware Terminator\sp_rsser.exe
            c:\windows\system32\wscntfy.exe
            .
            **************************************************************************
            .
            Completion time: 2009-09-23 17:29 - machine was rebooted
            ComboFix-quarantined-files.txt  2009-09-23 00:29

            Pre-Run: 103,413,395,456 bytes free
            Post-Run: 103,487,078,400 bytes free

            553
            Logged

            CBMatt

            • Mod & Malware Specialist


              • Prodigy

            • Sad and lonely...and loving every minute of it.
              • Thanked: 167
              • Yes
            • Experience: Experienced
            • OS: Windows 7
            Re: Here is my malwarebyts ant-malware and hijackthis log files
            « Reply #8 on: September 23, 2009, 07:31:37 PM »
            Thanks for that; it helps a lot.  You've got several infections and a few of your important system files have also been infected.  This is most likely what caused the complications.  If you can't boot into Safe Mode, then you'll just have to try using SDFix in Normal Mode.

            Once you have run SDFix, I would like you to create a new Restore Point with System Restore and then try ComboFix again.   Hopefully we can get ComboFix up and running without it conflicting with your computer.  If it works, post the new log here.  If not, then you can restore your computer back to the new Restore Point you made and we'll have to go an alternate route.  Post back as soon as you can so I can instruct you further.  I'm hoping to get you all fixed up ASAP.
            Logged
            Quote
            An undefined problem has an infinite number of solutions.
            由obert A. Humphrey

            alyoob

              Topic Starter


              Intermediate

              Thanked: 1
              • Experience: Experienced
              • OS: Windows 8
              Re: Here is my malwarebyts ant-malware and hijackthis log files
              « Reply #9 on: September 24, 2009, 08:53:52 AM »
              I am sorry but my computer is not able to install anything so I will resort to a clean installation of windows thanks for your help.
              « Last Edit: September 24, 2009, 03:16:42 PM by alyoob »
              Logged

              CBMatt

              • Mod & Malware Specialist


                • Prodigy

              • Sad and lonely...and loving every minute of it.
                • Thanked: 167
                • Yes
              • Experience: Experienced
              • OS: Windows 7
              Re: Here is my malwarebyts ant-malware and hijackthis log files
              « Reply #10 on: September 24, 2009, 09:14:23 PM »
              If you haven't done that already, you could try replacing the system files and then see if ComboFix will run properly.  To replace the system files, simply open up your Task Manager (Ctrl+Alt+Del), click on Processes, and end the spoolsv.exe process.  Then go to this folder:
              C:\WINDOWS\ServicePackFiles\i386\

              Copy spoolsv.exe anduserinit.exe and paste them into C:\WINDOWS\system32.  When asked if you want to replace the existing files, say Yes.

              Go back to the i386 folder and copy explorer.exe, then paste it into C:\WINDOWS.  When asked if you want to replace the existing files, say Yes.

              Not the best method, but it might help.  You can then try running ComboFix again and see if you get better results.



              Or if you have another computer, you can hook your hard drive up as a data drive and scan it this way.  Just be aware that it is possible for some infections to spread this.  Most can't, but there are some that can.



              I know nothing has been working so far, but there are still options available if you're willing to work at it.  If not, then try to back up as much as your important personal data (documents, pictures, etc.) before reformatting.  Also, you could try running a repair install of Windows, but that only has a slight chance of working.
              Logged
              Quote
              An undefined problem has an infinite number of solutions.
              由obert A. Humphrey

              alyoob

                Topic Starter


                Intermediate

                Thanked: 1
                • Experience: Experienced
                • OS: Windows 8
                Re: Here is my malwarebyts ant-malware and hijackthis log files
                « Reply #11 on: September 26, 2009, 03:04:16 PM »
                You wont believe what happened to my computer when i did the destructive recovery and  reinstalled all the programs that I use on my computer. When i finished installing all the programs I got an explore.exe run error message memory cannot be written then i  found out that the Trojan or virus came back and it was sitting on my desktop. I immediately went to computerhope.com help section and went on the chat area asked them about the problem and what steps i took, I told them I did the destructive recovery and i still have the virus or trojans on my computer they told me about an online scanner by microsoft that detects virus malware etc. The scanner by microsoft is called Protection Center - Windows Live OneCare safety scanner. They also have a phone number that you can call for help on viruses it is free . Anyways I did the scan which was advised before calling them. when the scan finished it detected 4151 items viruses and trojans. The program execute the cleanup process then deleted the 4151 detection  successfully. I called them up and they checked if there was any addition stuff on my computer and they found one program and they deleted it. Now I believe that my computer is ok . There is no errors like before when i start my computer it is fine . But when I installed mcafee on my system and did a quick scan it found 4 critical items. I then restarted my computer and did the quick scan again and it did not find anything else . Now to make sure that I do not have the virus again I am executing a full scan.  What should I do next to make sure that the microsoft online scanner and the mcafee scanner have detected all viruses or trojans.
                Logged

                harry 48



                  Egghead

                • lay back , relax and chill out
                  • Thanked: 129
                  • Yes
                  • Yes
                  • Yes
                  • Dribbling Pensioner
                • Certifications: List
                • Experience: Familiar
                • OS: Windows 7
                Re: Here is my malwarebyts ant-malware and hijackthis log files
                « Reply #12 on: September 26, 2009, 04:05:29 PM »
                Windows Live OneCare safety scanner , this is good to have and use every 2 weeks ,
                Logged

                CBMatt

                • Mod & Malware Specialist


                  • Prodigy

                • Sad and lonely...and loving every minute of it.
                  • Thanked: 167
                  • Yes
                • Experience: Experienced
                • OS: Windows 7
                Re: Here is my malwarebyts ant-malware and hijackthis log files
                « Reply #13 on: September 27, 2009, 12:24:16 AM »
                alyoob, that's great to hear.  I'm really glad you finally managed to get something to work.  As you know, you had quite a bad infection!

                One of the most effective ways to help keep yourself virus-free is to have a good firewall.  You're vulnerable without one, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!  Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

                Also, it's very important to scan with your anti-malware programs every couple of weeks, as Harry suggested.  If you keep your scans regular, you will be able to prevent these infections from getting so bad and spreading all throughout your computer.  And of course, if you ever have anymore problems, you can always come back here for help.
                Logged
                Quote
                An undefined problem has an infinite number of solutions.
                由obert A. Humphrey

                alyoob

                  Topic Starter


                  Intermediate

                  Thanked: 1
                  • Experience: Experienced
                  • OS: Windows 8
                  Re: Here is my malwarebyts ant-malware and hijackthis log files
                  « Reply #14 on: September 27, 2009, 03:02:13 PM »
                  I am not sure that the virus or trojan is completely gone yet I scanned with mcafee and it seemed to find some stuff that the other scanner missed. Is there a way to completely know if the virus or trojan is patching itself to other locations. I am also using Windows firewall. The vius was mostly on my recvovery drive d that is where the 4151 Trojans were found with the microsoft online scanner. The mcafee scanner found them also on the d drive 124 items. Is it enough to only scan my computer using mcafee
                  « Last Edit: September 27, 2009, 06:39:42 PM by alyoob »
                  Logged
                  Pages: [1] 2  All   Go Up
                  « previous next »