Author Topic: Still infected? (Read 6810 times)

deebingo · « **on:** July 05, 2009, 02:47:29 PM »

So I ran Kaspersky and deleted some trojans that came up. Then ran the other steps in order including Super Anti-spyware and Malwarebytes and Hijack this. Internet Explorer is still infected or hijacked or whatever because google search results pull up BS sites and not what I am looking for. Also many of my programs all of a sudden can't find the liscence installed or won't open up at all. I am wondering if a virus or trojan has done irreversable damage to my computer? Anyways here are the specs and logs:

XP Pro SP3
Intel Core 2 Duo E8400 @ 3.0 Ghz, 3.01 GHz
4 GB of RAM
Nvidia 9800 GTX+ 512MB of RAM
162 GB remaining on C:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2009 at 04:06 AM

Application Version : 4.26.1004

Core Rules Database Version : 3972
Trace Rules Database Version: 1912

Scan type : Complete Scan
Total Scan Time : 00:25:59

Memory items scanned : 522
Memory threats detected : 0
Registry items scanned : 5567
Registry threats detected : 0
File items scanned : 25110
File threats detected : 19

Adware.Tracking Cookie
   C:\Documents and Settings\Bingo\Cookies\bingo@atdmt[1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@apmebf[1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@doubleclick[1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@interclick[1].txt
   C:\Documents and Settings\Bingo\Cookies\[email protected][1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@mediaplex[2].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@fastclick[1].txt
   C:\Documents and Settings\Bingo\Cookies\[email protected][1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@questionmarket[2].txt
   C:\Documents and Settings\Bingo\Cookies\[email protected][3].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@casalemedia[2].txt
   C:\Documents and Settings\Bingo\Cookies\[email protected][1].txt
   C:\Documents and Settings\Bingo\Cookies\[email protected][1].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@interclick[2].txt
   C:\Documents and Settings\Bingo\Cookies\bingo@atdmt[2].txt

Trojan.Agent/Gen
   C:\WINDOWS\system32\lowsec\local.ds
   C:\WINDOWS\system32\lowsec\user.ds
   C:\WINDOWS\system32\lowsec\user.ds.lll
   C:\WINDOWS\system32\lowsec

Malwarebytes' Anti-Malware 1.36
Database version: 2029
Windows 5.1.2600 Service Pack 3

7/5/2009 5:08:02 AM
mbam-log-2009-07-05 (05-08-02).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 258467
Time elapsed: 50 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:54 AM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bingo\Desktop\ZBrush3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:bubblegi @ net-member.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240467475984
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 11034 bytes

Thanks a lot.

deebingo · « **Reply #1 on:** July 06, 2009, 05:07:43 PM »

So I just ran superantispyware again today and I have NEW infections that require a reboot to remove, yet they never seem to fully go away. Kaspersky is sitting there twittling its thumbs. I am seriously thinking I got Virut from p2p............sigh

Karma is a b$tch I guess; shouldn't have been on those sites.....

Before I try backing up some files I cannot lose (to DVD mind you and I will scan them on a clean computer) and reinstall windows can anyone confirm from my logs that I indeed have Virut or is there another solution?

Thanks in advance.

evilfantasy · « **Reply #2 on:** July 06, 2009, 05:13:13 PM »

Post the new SUPERAntiSpyware log.

Also post these DDS logs.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

deebingo · « **Reply #3 on:** July 07, 2009, 08:38:15 PM »

I did not save the log from this can unfortunately, so I hope this helps. I just did a re-scan and nothing else pops up other than tracking cookies. These were the quarantined items from the scan that produced trojans:

Trojan.Agent/Gen

C:\WINDOWS\system32\lowsec
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds

Trojan.Agent/Gen-SDRA

C:\WINDOWS\SYSTEM32\SDRA64.EXE

Trojan.FakeAlert-GenA

C:\DOCUMENTS AND SETTINGS\BINGO\LOCAL SETTINGS\TEMP\C.EXE

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2009 12:45:00 PM
System Uptime: 7/6/2009 3:32:59 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel Pentium III Xeon processor | Socket 775 | 3010/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 163.3 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 94.257 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

==== System Restore Points ===================

RP1: 4/11/2009 12:47:12 PM - System Checkpoint
RP2: 4/11/2009 2:07:19 PM - Installed Platform
RP3: 4/11/2009 2:09:13 PM - Installed Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gi
RP4: 4/11/2009 2:17:50 PM - Configured Platform
RP5: 4/11/2009 2:44:31 PM - Installed Windows NLSDownlevelMapping.
RP6: 4/11/2009 2:44:45 PM - Installed Windows IDNMitigationAPIs.
RP7: 4/11/2009 2:45:41 PM - Installed Windows Internet Explorer 7.
RP8: 4/11/2009 2:56:35 PM - Installed Windows Media Format 9 Series Runtime Setup
RP9: 4/12/2009 1:37:01 AM - Software Distribution Service 3.0
RP10: 4/12/2009 1:42:25 AM - Installed Kaspersky Anti-Virus 2009.
RP11: 4/12/2009 2:11:30 AM - Software Distribution Service 3.0
RP12: 4/12/2009 12:34:31 PM - Installed DirectX
RP13: 4/12/2009 12:35:32 PM - Installed Maya 2008
RP14: 4/13/2009 1:42:46 AM - Installed iTunes
RP15: 4/14/2009 1:29:11 PM - System Checkpoint
RP16: 4/15/2009 12:51:58 AM - Printer Driver Adobe PDF Converter Installed
RP17: 4/16/2009 12:21:39 AM - Software Distribution Service 3.0
RP18: 4/16/2009 7:37:33 PM - Software Distribution Service 3.0
RP19: 4/16/2009 10:19:54 PM - Removed Microsoft IntelliPoint 6.3
RP20: 4/17/2009 11:44:43 AM - Software Distribution Service 3.0
RP21: 4/18/2009 1:37:58 PM - System Checkpoint
RP22: 4/19/2009 3:35:05 PM - System Checkpoint
RP23: 4/20/2009 4:41:31 PM - Installed EPSON EasyPrintModule
RP24: 4/20/2009 4:42:03 PM - Installed PhotoImpression
RP25: 4/22/2009 1:36:06 PM - System Checkpoint
RP26: 4/22/2009 4:12:27 PM - Installed SUPERAntiSpyware Free Edition
RP27: 4/22/2009 4:15:29 PM - Installed Java(TM) 6 Update 13
RP28: 4/22/2009 11:10:25 PM - Installed Microsoft Office Standard Edition 2003
RP29: 4/23/2009 11:32:00 AM - Software Distribution Service 3.0
RP30: 4/24/2009 12:08:09 PM - System Checkpoint
RP31: 4/24/2009 12:38:12 PM - Software Distribution Service 3.0
RP32: 4/24/2009 2:44:09 PM - Installed ZBrush3.
RP33: 4/24/2009 2:44:34 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP34: 4/25/2009 12:57:37 PM - Installed DirectX
RP35: 4/25/2009 12:58:23 PM - Installed Maya 2009
RP36: 4/25/2009 1:01:58 PM - Installed Maya 2009 Documentation (en_US)
RP37: 4/25/2009 2:49:54 PM - Removed Microsoft IntelliPoint 6.3
RP38: 4/27/2009 1:48:35 PM - System Checkpoint
RP39: 4/28/2009 2:19:51 PM - System Checkpoint
RP40: 4/29/2009 1:10:42 PM - Software Distribution Service 3.0
RP41: 4/30/2009 5:30:28 PM - Installed Uniblue DriverScanner v1.0
RP42: 4/30/2009 5:53:41 PM - Installed IEEE 802.11g Wireless Cardbus/PCI Adapter
RP43: 4/30/2009 6:04:59 PM - Configured IEEE 802.11g Wireless Cardbus/PCI Adapter
RP44: 5/2/2009 12:48:42 PM - System Checkpoint
RP45: 5/4/2009 1:28:04 PM - Installed ZAppLink.
RP46: 5/7/2009 2:44:06 AM - System Checkpoint
RP47: 5/8/2009 10:11:36 PM - System Checkpoint
RP48: 5/10/2009 11:59:54 AM - System Checkpoint
RP49: 5/12/2009 2:01:19 PM - Installed Windows Media Format 9 Series Runtime Setup
RP50: 5/12/2009 10:52:28 PM - Installed REALTEK RTL8185 Wireless LAN Driver and Utility
RP51: 5/13/2009 6:47:19 AM - Software Distribution Service 3.0
RP52: 5/14/2009 1:35:39 AM - Installed REALTEK RTL8185 Wireless LAN Driver and Utility
RP53: 5/15/2009 10:43:51 AM - System Checkpoint
RP54: 5/16/2009 2:34:11 PM - System Checkpoint
RP55: 5/17/2009 3:31:21 PM - System Checkpoint
RP56: 5/19/2009 7:47:06 PM - System Checkpoint
RP57: 5/20/2009 8:33:20 PM - System Checkpoint
RP58: 5/22/2009 2:30:18 PM - System Checkpoint
RP59: 5/24/2009 12:55:31 PM - System Checkpoint
RP60: 5/25/2009 5:10:14 PM - System Checkpoint
RP61: 5/26/2009 5:23:07 PM - System Checkpoint
RP62: 5/27/2009 10:33:15 PM - System Checkpoint
RP63: 5/30/2009 2:47:07 AM - System Checkpoint
RP64: 5/31/2009 3:34:58 AM - System Checkpoint
RP65: 6/1/2009 1:12:36 PM - System Checkpoint
RP66: 6/2/2009 4:23:15 PM - System Checkpoint
RP67: 6/3/2009 5:00:31 PM - System Checkpoint
RP68: 6/4/2009 11:23:01 AM - Software Distribution Service 3.0
RP69: 6/5/2009 11:49:23 AM - System Checkpoint
RP70: 6/6/2009 2:11:55 PM - System Checkpoint
RP71: 6/8/2009 3:56:46 AM - System Checkpoint
RP72: 6/8/2009 11:16:44 PM - Installed DirectX
RP73: 6/8/2009 11:17:16 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP74: 6/8/2009 11:17:29 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP75: 6/9/2009 4:05:15 PM - Installed Java(TM) 6 Update 14
RP76: 6/11/2009 3:33:41 AM - Software Distribution Service 3.0
RP77: 6/12/2009 2:06:54 PM - System Checkpoint
RP78: 6/14/2009 2:48:58 AM - System Checkpoint
RP79: 6/14/2009 1:41:24 PM - Installed Adobe After Effects 7.0
RP80: 6/15/2009 10:39:57 PM - System Checkpoint
RP81: 6/17/2009 2:30:19 AM - System Checkpoint
RP82: 6/17/2009 3:42:01 PM - Installed Unreal Tournament 3
RP83: 6/17/2009 9:50:22 PM - Installed Unreal Tournament 3
RP84: 6/18/2009 10:01:02 PM - System Checkpoint
RP85: 6/19/2009 10:50:42 PM - System Checkpoint
RP86: 6/20/2009 1:08:38 PM - Installed TRENDnet TEW-421PC/TEW-423PI 802.11g Wireless Cardbus/
RP87: 6/25/2009 5:55:32 PM - System Checkpoint
RP88: 6/26/2009 12:36:39 PM - Configured TRENDnet TEW-421PC/TEW-423PI 802.11g Wireless Cardbus
RP89: 6/27/2009 7:33:46 PM - System Checkpoint
RP90: 6/28/2009 3:53:06 AM - Installed YouSendIt Express
RP91: 6/30/2009 4:36:49 PM - System Checkpoint
RP92: 7/3/2009 6:27:45 AM - System Checkpoint
RP93: 7/3/2009 12:50:37 PM - Software Distribution Service 3.0
RP94: 7/4/2009 1:25:18 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe After Effects 7.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audacity 1.2.6
Autodesk DirectConnect 2.0
Autodesk DirectConnect 2009
AviSynth 2.5
Bonjour
CCleaner (remove only)
DVD Decrypter (Remove Only)
DVD Wizard Pro
DVD Wizard Pro Bonus
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java(TM) 6 Update 14
Jpeg Enhancer 1.8
Kaspersky Anti-Virus 2009
Malwarebytes' Anti-Malware
Mass Effect
Maya 2008
Maya 2009
Maya 2009 Documentation (en_US)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
mp4UI
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero Digital
Nero OEM
NVIDIA Drivers
NVIDIA PhysX
OLYMPUS Master 2
PDF Settings
Platform
PowerDVD
PS3 Video 9 4.07
QuickTime
Replay AV 8
Replay Converter 3
Replay Media Catcher 3.02
Replay Media Splitter 1.6.906
Replay Music
Replay Video Capture
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sentinel System Driver
SpeedFan (remove only)
SUPERAntiSpyware Free Edition
System Requirements Lab
Uniblue DriverScanner 2009
Unreal Tournament 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VLC media player 0.9.9
Wacom Tablet
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
WinPcap 4.0
YouSendIt Express
ZAppLink
ZBrush3

==== Event Viewer Messages From Past Week ========

7/5/2009 4:09:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'local.ds' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/2/2009 12:58:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Beep Fips intelppm IPSec kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/2/2009 12:58:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 12:58:14 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 12:58:14 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 12:58:14 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 12:58:14 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 12:57:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/2/2009 12:57:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/2/2009 12:50:18 PM, error: Service Control Manager [7031] - The Kaspersky Anti-Virus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/2/2009 12:45:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
7/2/2009 12:45:16 PM, error: Service Control Manager [7000] - The Realtek EAPPkt Protocol service failed to start due to the following error: The system cannot find the file specified.
7/2/2009 12:45:16 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
7/2/2009 1:47:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/2/2009 1:39:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/2/2009 1:07:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/1/2009 9:16:32 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\beep.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

==== End Of File ===========================

DDS (Ver_09-06-26.01) - NTFSx86
Run by Bingo at 16:19:44.60 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2840 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bingo\Local Settings\Temporary Internet Files\Content.IE5\DLAC1WI0\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:[email protected]
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240467475984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bingo\applic~1\mozilla\firefox\profiles\xuba6wew.default\
FF - component: c:\documents and settings\bingo\application data\mozilla\firefox\profiles\xuba6wew.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-4-12 213520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-7-29 206088]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-4-23 1373480]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-4-11 36864]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-4-11 222976]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eappkt.sys --> c:\windows\system32\drivers\EAPPkt.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

=============== Created Last 30 ================

2009-07-04 14:09   <DIR>   --d-----   c:\program files\Trend Micro
2009-07-02 13:23   <DIR>   --d-----   c:\docume~1\bingo\applic~1\Malwarebytes
2009-07-02 13:06   664   a-------   c:\windows\system32\d3d9caps.dat
2009-07-01 21:13   78,336   a-------   c:\documents and settings\bingo\nah_thfe.exe
2009-06-30 01:53   <DIR>   --d-----   c:\docume~1\bingo\applic~1\SUPERAntiSpyware.com
2009-06-29 19:23   38   a-------   c:\windows\AviSplitter.INI
2009-06-29 04:45   57,398   ac------   c:\windows\system32\dllcache\imjpdadm.exe
2009-06-28 03:54   <DIR>   --d-----   c:\program files\Replay Media Splitter
2009-06-28 03:53   <DIR>   --d-----   c:\program files\YouSendIt
2009-06-28 03:52   <DIR>   --d-----   c:\program files\WinPcap
2009-06-28 03:51   <DIR>   --d-----   c:\windows\Replay Converter 3
2009-06-28 03:51   <DIR>   --d-----   c:\program files\Replay Converter 3
2009-06-28 03:51   737,280   a-------   c:\windows\iun6002.exe
2009-06-28 03:50   <DIR>   --d-----   c:\program files\Replay AV 8
2009-06-28 03:49   <DIR>   --d-----   c:\windows\Replay Music
2009-06-28 03:49   <DIR>   --d-----   c:\program files\Replay Music 3
2009-06-28 03:48   <DIR>   --d-----   c:\windows\Replay Video Capture
2009-06-28 03:48   <DIR>   --d-----   c:\program files\Replay Video Capture
2009-06-28 03:22   <DIR>   --d-----   c:\program files\mp4UI
2009-06-28 01:25   237,568   a-------   c:\windows\system32\rmc_rtspdl.dll
2009-06-28 01:25   156,672   a-------   c:\windows\system32\rmc_fixasf.exe
2009-06-28 01:24   323,584   a-------   c:\windows\system32\AUDIOGENIE2.DLL
2009-06-28 01:24   <DIR>   --d-----   c:\windows\Replay Media Catcher
2009-06-28 01:24   <DIR>   --d-----   c:\program files\Replay Media Catcher
2009-06-27 22:46   <DIR>   --d-----   c:\docume~1\bingo\applic~1\Red Kawa
2009-06-27 15:42   <DIR>   --dsh---   c:\documents and settings\bingo\IECompatCache
2009-06-26 15:04   <DIR>   --d-----   c:\docume~1\bingo\applic~1\uTorrent
2009-06-26 14:45   <DIR>   --dsh---   c:\documents and settings\bingo\PrivacIE
2009-06-26 14:33   <DIR>   --d-----   c:\docume~1\bingo\applic~1\WTablet
2009-06-26 14:33   <DIR>   --dsh---   c:\documents and settings\bingo\IETldCache
2009-06-26 14:33   <DIR>   --d-----   c:\documents and settings\Bingo
2009-06-26 12:35   610,816   a----r--   c:\windows\system32\drivers\BCMWL5.SYS
2009-06-20 13:16   41   a-------   C:\WLANCUGINA.TEXT
2009-06-20 13:10   20   a-------   C:\GINA.TEXT
2009-06-20 13:07   <DIR>   --d-----   c:\program files\TRENDnet
2009-06-17 21:50   <DIR>   --d-----   c:\program files\Unreal Tournament 3
2009-06-17 21:50   1,358,192   a-------   c:\windows\system32\D3DCompiler_35.dll
2009-06-17 21:50   444,776   a-------   c:\windows\system32\d3dx10_35.dll
2009-06-17 21:50   3,727,720   a-------   c:\windows\system32\d3dx9_35.dll
2009-06-17 21:50   1,124,720   a-------   c:\windows\system32\D3DCompiler_34.dll
2009-06-17 21:50   443,752   a-------   c:\windows\system32\d3dx10_34.dll
2009-06-17 21:50   1,123,696   a-------   c:\windows\system32\D3DCompiler_33.dll
2009-06-17 21:50   443,752   a-------   c:\windows\system32\d3dx10_33.dll
2009-06-17 21:50   3,495,784   a-------   c:\windows\system32\d3dx9_33.dll
2009-06-17 21:50   <DIR>   --d-----   c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-06-14 13:41   <DIR>   --d-----   c:\program files\common files\Adobe Systems Shared
2009-06-14 13:41   282,176   a-------   c:\windows\system32\ae700main.dat
2009-06-10 20:00   246,272   -c------   c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:00   12,800   -c------   c:\windows\system32\dllcache\xpshims.dll
2009-06-09 00:45   107,888   a-------   c:\windows\system32\CmdLineExt.dll
2009-06-09 00:37   <DIR>   --d-----   c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-06-08 23:17   2,414,360   a-------   c:\windows\system32\d3dx9_31.dll
2009-06-08 23:17   237,848   a-------   c:\windows\system32\xactengine2_4.dll
2009-06-08 23:17   236,824   a-------   c:\windows\system32\xactengine2_3.dll
2009-06-08 23:17   81,768   a-------   c:\windows\system32\xinput1_3.dll
2009-06-08 23:17   62,744   a-------   c:\windows\system32\xinput1_2.dll
2009-06-08 23:17   15,128   a-------   c:\windows\system32\x3daudio1_1.dll
2009-06-08 23:16   2,297,552   a-------   c:\windows\system32\d3dx9_26.dll
2009-06-08 23:16   <DIR>   --d-----   c:\program files\common files\BioWare
2009-06-08 23:02   <DIR>   --d-----   c:\program files\Mass Effect

==================== Find3M ====================

2009-07-06 15:32   15,081,504   a--sh---   c:\windows\system32\drivers\fidbox.dat
2009-07-06 15:32   876,576   a--sh---   c:\windows\system32\drivers\fidbox2.dat
2009-07-06 15:32   121,000   a--sh---   c:\windows\system32\drivers\fidbox.idx
2009-07-06 15:32   5,124   a--sh---   c:\windows\system32\drivers\fidbox2.idx
2009-05-21 11:33   410,984   a-------   c:\windows\system32\deploytk.dll
2009-05-20 12:56   105,395   a-------   c:\windows\system32\drivers\klin.dat
2009-05-20 12:56   94,643   a-------   c:\windows\system32\drivers\klick.dat
2009-05-12 22:15   915,456   a-------   c:\windows\system32\wininet.dll
2009-05-07 08:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-05-01 00:31   1,657,376   a-------   c:\windows\system32\nwiz.exe
2009-05-01 00:31   449,056   a-------   c:\windows\system32\nvappbar.exe
2009-05-01 00:31   436,768   a-------   c:\windows\system32\keystone.exe
2009-05-01 00:31   1,724,416   a-------   c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31   1,507,328   a-------   c:\windows\system32\nview.dll
2009-05-01 00:31   1,101,824   a-------   c:\windows\system32\nvwimg.dll
2009-05-01 00:31   466,944   a-------   c:\windows\system32\nvshell.dll
2009-04-30 22:02   9,994,240   a-------   c:\windows\system32\nvoglnt.dll
2009-04-30 22:02   5,896,320   a-------   c:\windows\system32\nv4_disp.dll
2009-04-30 22:02   1,720,320   a-------   c:\windows\system32\nvcuda.dll
2009-04-30 22:02   1,579,630   a-------   c:\windows\system32\nvdata.bin
2009-04-30 22:02   1,314,816   a-------   c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02   806,912   a-------   c:\windows\system32\nvapi.dll
2009-04-30 22:02   663,552   a-------   c:\windows\system32\nvcuvid.dll
2009-04-30 22:02   457,248   a-------   c:\windows\system32\nvudisp.exe
2009-04-30 22:02   143,360   a-------   c:\windows\system32\nvcodins.dll
2009-04-30 22:02   143,360   a-------   c:\windows\system32\nvcod.dll
2009-04-27 00:42   457,248   a-------   c:\windows\system32\NVUNINST.EXE
2009-04-17 05:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-15 07:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-04-11 13:02   86,327   a-------   c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-11 12:40   21,640   a-------   c:\windows\system32\emptyregdb.dat

============= FINISH: 16:20:08.57 ===============

evilfantasy · « **Reply #4 on:** July 07, 2009, 08:50:20 PM »

Quote

Trojan.Agent/Gen

C:\WINDOWS\system32\lowsec
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds

This is from Koobface, better known as the Faceboof trojan. Be careful what you click on from facebook.

---

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
mRun: [<NO NAME>] 
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

deebingo · « **Reply #5 on:** July 07, 2009, 10:17:50 PM »

By the way thank you so much for doing this!!! People like you give me hope for our species.

ComboFix 09-07-07.A2 - Bingo 07/07/2009 21:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3100 [GMT -7:00]
Running from: c:\documents and settings\Bingo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bingo\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\Bingo\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\Bingo\Application Data\wiaserva.log
c:\documents and settings\Bingo\nah_thfe.exe
c:\program files\messenger\msmsgs.exe
c:\recycler\S-1-5-21-1844237615-527237240-1801674531-1003
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{9E1D7E7C-893B-4E75-AF62-DF487307B03E}\RP91\A0019641.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-04 21:09 . 2009-07-04 21:09   --------   d-----w-   c:\program files\Trend Micro
2009-07-02 20:23 . 2009-07-02 20:23   --------   d-----w-   c:\documents and settings\Bingo\Application Data\Malwarebytes
2009-07-02 20:06 . 2009-07-02 20:06   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-06-30 08:53 . 2009-07-08 02:26   117760   ----a-w-   c:\documents and settings\Bingo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-30 08:53 . 2009-06-30 08:53   --------   d-----w-   c:\documents and settings\Bingo\Application Data\SUPERAntiSpyware.com
2009-06-29 11:45 . 2008-04-14 12:00   57398   -c--a-w-   c:\windows\system32\dllcache\imjpdadm.exe
2009-06-29 10:20 . 2009-06-23 20:52   57344   ----a-w-   c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
2009-06-28 10:54 . 2009-06-28 10:54   --------   d-----w-   c:\program files\Replay Media Splitter
2009-06-28 10:53 . 2009-06-28 10:53   --------   d-----w-   c:\program files\YouSendIt
2009-06-28 10:52 . 2009-06-28 10:52   --------   d-----w-   c:\program files\WinPcap
2009-06-28 10:51 . 2009-06-28 10:51   --------   d-----w-   c:\windows\Replay Converter 3
2009-06-28 10:51 . 2009-06-28 10:53   --------   d-----w-   c:\program files\Replay Converter 3
2009-06-28 10:51 . 2009-06-28 10:54   737280   ----a-w-   c:\windows\iun6002.exe
2009-06-28 10:50 . 2009-06-28 10:51   --------   d-----w-   c:\program files\Replay AV 8
2009-06-28 10:49 . 2009-06-28 10:49   --------   d-----w-   c:\program files\Replay Music 3
2009-06-28 10:49 . 2009-06-28 10:49   --------   d-----w-   c:\windows\Replay Music
2009-06-28 10:48 . 2009-07-03 21:24   --------   d-----w-   c:\program files\Replay Video Capture
2009-06-28 10:48 . 2009-06-28 10:48   --------   d-----w-   c:\windows\Replay Video Capture
2009-06-28 10:22 . 2009-06-28 10:22   --------   d-----w-   c:\program files\mp4UI
2009-06-28 10:09 . 2009-06-28 10:09   --------   d-----w-   c:\documents and settings\Bingo\Application Data\Ahead
2009-06-28 08:25 . 2009-06-28 10:48   237568   ----a-w-   c:\windows\system32\rmc_rtspdl.dll
2009-06-28 08:25 . 2009-06-28 10:48   156672   ----a-w-   c:\windows\system32\rmc_fixasf.exe
2009-06-28 08:24 . 2009-06-28 10:47   323584   ----a-w-   c:\windows\system32\AUDIOGENIE2.DLL
2009-06-28 08:24 . 2009-06-28 10:48   --------   d-----w-   c:\program files\Replay Media Catcher
2009-06-28 08:24 . 2009-06-28 08:24   --------   d-----w-   c:\windows\Replay Media Catcher
2009-06-28 05:46 . 2009-06-28 05:46   --------   d-----w-   c:\documents and settings\Bingo\Application Data\Red Kawa
2009-06-27 22:42 . 2009-06-27 22:42   --------   d-sh--w-   c:\documents and settings\Bingo\IECompatCache
2009-06-27 06:43 . 2009-07-01 19:31   --------   d-----w-   c:\documents and settings\Bingo\Application Data\Apple Computer
2009-06-27 05:51 . 2009-06-29 12:27   29208   ----a-w-   c:\documents and settings\Bingo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 22:04 . 2009-07-06 23:12   --------   d-----w-   c:\documents and settings\Bingo\Application Data\uTorrent
2009-06-26 22:01 . 2009-06-26 22:01   --------   d-----w-   c:\documents and settings\Bingo\Application Data\vlc
2009-06-26 21:46 . 2009-06-26 21:46   --------   d-----w-   c:\documents and settings\Bingo\Local Settings\Application Data\Mozilla
2009-06-26 21:45 . 2009-06-26 21:45   --------   d-sh--w-   c:\documents and settings\Bingo\PrivacIE
2009-06-26 19:35 . 2006-11-30 08:54   610816   ----a-r-   c:\windows\system32\drivers\BCMWL5.SYS
2009-06-26 17:00 . 2009-06-23 20:52   57344   ----a-w-   c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c3zi4u2k.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
2009-06-20 20:16 . 2009-06-20 20:16   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-06-20 20:07 . 2009-06-20 20:07   --------   d-----w-   c:\program files\TRENDnet
2009-06-20 10:34 . 2009-06-26 19:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\uTorrent
2009-06-18 05:01 . 2009-06-18 05:01   --------   d-----w-   c:\documents and settings\Administrator\Application Data\InstallShield Installation Information
2009-06-18 05:01 . 2009-06-18 04:50   331776   ----a-w-   c:\documents and settings\Administrator\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2009-06-18 05:01 . 2007-10-24 11:47   4147031   ----a-w-   c:\documents and settings\Administrator\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
2009-06-18 04:50 . 2009-06-18 04:50   --------   d-----w-   c:\program files\Unreal Tournament 3
2009-06-18 04:50 . 2007-07-20 01:14   444776   ----a-w-   c:\windows\system32\d3dx10_35.dll
2009-06-18 04:50 . 2007-07-20 01:14   1358192   ----a-w-   c:\windows\system32\D3DCompiler_35.dll
2009-06-18 04:50 . 2007-07-20 01:14   3727720   ----a-w-   c:\windows\system32\d3dx9_35.dll
2009-06-18 04:50 . 2007-05-16 23:45   443752   ----a-w-   c:\windows\system32\d3dx10_34.dll
2009-06-18 04:50 . 2007-05-16 23:45   1124720   ----a-w-   c:\windows\system32\D3DCompiler_34.dll
2009-06-18 04:50 . 2007-03-15 23:57   443752   ----a-w-   c:\windows\system32\d3dx10_33.dll
2009-06-18 04:50 . 2007-03-12 23:42   1123696   ----a-w-   c:\windows\system32\D3DCompiler_33.dll
2009-06-18 04:50 . 2007-03-12 23:42   3495784   ----a-w-   c:\windows\system32\d3dx9_33.dll
2009-06-18 04:50 . 2009-06-18 04:50   --------   d-----w-   c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-06-15 23:16 . 2009-06-15 23:16   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-06-14 20:42 . 2009-06-14 20:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Adobe Systems
2009-06-14 20:41 . 2009-06-14 20:41   --------   d-----w-   c:\program files\Common Files\Adobe Systems Shared
2009-06-14 20:41 . 2009-06-14 20:41   282176   ----a-w-   c:\windows\system32\ae700main.dat
2009-06-11 03:00 . 2009-04-30 21:22   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-06-11 03:00 . 2009-04-30 21:22   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 23:04 . 2009-06-09 23:04   152576   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 07:45 . 2009-06-09 07:45   --------   d--h--r-   c:\documents and settings\Administrator\Application Data\SecuROM
2009-06-09 07:45 . 2009-06-09 07:45   107888   ----a-w-   c:\windows\system32\CmdLineExt.dll
2009-06-09 07:37 . 2009-06-09 07:37   --------   d-----w-   c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-06-09 06:17 . 2007-04-05 01:53   81768   ----a-w-   c:\windows\system32\xinput1_3.dll
2009-06-09 06:17 . 2006-09-28 23:05   237848   ----a-w-   c:\windows\system32\xactengine2_4.dll
2009-06-09 06:17 . 2006-09-28 23:05   2414360   ----a-w-   c:\windows\system32\d3dx9_31.dll
2009-06-09 06:17 . 2006-09-28 23:03   15128   ----a-w-   c:\windows\system32\x3daudio1_1.dll
2009-06-09 06:17 . 2006-07-28 16:30   236824   ----a-w-   c:\windows\system32\xactengine2_3.dll
2009-06-09 06:17 . 2006-07-28 16:30   62744   ----a-w-   c:\windows\system32\xinput1_2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 04:12 . 2009-04-12 08:42   884768   --sha-w-   c:\windows\system32\drivers\fidbox2.dat
2009-07-08 04:12 . 2009-04-12 08:42   5152   --sha-w-   c:\windows\system32\drivers\fidbox2.idx
2009-07-08 04:12 . 2009-04-12 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-08 04:10 . 2009-04-12 08:42   15081504   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-07-08 04:10 . 2009-04-12 08:42   121000   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-06-26 21:33 . 2009-06-26 21:33   --------   d-----w-   c:\documents and settings\Bingo\Application Data\WTablet
2009-06-26 21:33 . 2009-05-13 13:02   --------   d-----w-   c:\documents and settings\LocalService\Application Data\WTablet
2009-06-26 19:38 . 2009-04-23 09:37   --------   d-----w-   c:\documents and settings\Administrator\Application Data\WTablet
2009-06-26 19:35 . 2009-04-22 23:14   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 08:27 . 2009-04-22 23:12   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-20 20:14 . 2009-05-13 05:52   --------   d-----w-   c:\program files\REALTEK
2009-06-20 20:10 . 2009-04-11 21:08   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-18 04:50 . 2009-04-11 21:38   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-15 12:32 . 2009-04-15 08:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-14 20:41 . 2009-04-15 07:22   --------   d-----w-   c:\program files\Common Files\Adobe
2009-06-09 23:05 . 2009-04-22 23:15   --------   d-----w-   c:\program files\Java
2009-06-09 08:02 . 2009-06-09 06:16   --------   d-----w-   c:\program files\Common Files\BioWare
2009-06-09 07:30 . 2009-04-17 00:33   --------   d-----w-   c:\program files\SystemRequirementsLab
2009-06-09 06:17 . 2009-06-09 06:02   --------   d-----w-   c:\program files\Mass Effect
2009-06-05 20:19 . 2009-06-05 20:19   --------   d-----w-   c:\program files\iTunes
2009-06-05 20:19 . 2009-06-05 20:19   --------   d-----w-   c:\program files\iPod
2009-06-05 20:19 . 2009-04-13 08:41   --------   d-----w-   c:\program files\Common Files\Apple
2009-06-05 20:18 . 2009-04-13 08:42   --------   d-----w-   c:\program files\QuickTime
2009-06-05 20:17 . 2009-04-13 08:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-05 20:14 . 2009-06-05 20:14   75048   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 10:54 . 2009-06-05 08:03   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-06-05 08:11 . 2009-06-05 08:03   --------   d-----w-   c:\program files\AoA Audio Extractor
2009-06-05 07:38 . 2009-06-05 07:38   --------   d-----w-   c:\program files\Audacity
2009-06-03 22:33 . 2009-06-03 22:33   --------   d-----w-   c:\program files\DVD Decrypter
2009-06-03 22:30 . 2009-06-03 22:30   --------   d-----w-   c:\program files\DVD Wizard Pro
2009-05-28 21:37 . 2009-05-28 21:37   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-05-21 18:33 . 2009-04-22 23:15   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-05-20 19:56 . 2009-04-12 08:43   94643   ----a-w-   c:\windows\system32\drivers\klick.dat
2009-05-20 19:56 . 2009-04-12 08:43   105395   ----a-w-   c:\windows\system32\drivers\klin.dat
2009-05-13 07:43 . 2009-04-11 21:48   21856   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 05:52 . 2009-05-13 05:52   --------   d-----w-   c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-13 05:15 . 2008-04-14 12:00   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-05-12 21:00 . 2009-05-12 21:00   --------   d-----w-   c:\program files\OLYMPUS
2009-05-12 21:00 . 2009-05-12 21:00   --------   d-----w-   c:\program files\MSXML 4.0
2009-05-07 15:32 . 2008-04-14 12:00   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-01 07:31 . 2009-05-01 07:31   1657376   ----a-w-   c:\windows\system32\nwiz.exe
2009-05-01 07:31 . 2009-05-01 07:31   449056   ----a-w-   c:\windows\system32\nvappbar.exe
2009-05-01 07:31 . 2009-05-01 07:31   436768   ----a-w-   c:\windows\system32\keystone.exe
2009-05-01 07:31 . 2009-05-01 07:31   466944   ----a-w-   c:\windows\system32\nvshell.dll
2009-05-01 07:31 . 2009-05-01 07:31   1724416   ----a-w-   c:\windows\system32\nvwdmcpl.dll
2009-05-01 07:31 . 2009-05-01 07:31   1507328   ----a-w-   c:\windows\system32\nview.dll
2009-05-01 07:31 . 2009-05-01 07:31   1101824   ----a-w-   c:\windows\system32\nvwimg.dll
2009-05-01 05:02 . 2009-05-01 05:02   1579630   ----a-w-   c:\windows\system32\nvdata.bin
2009-05-01 05:02 . 2009-05-01 05:02   1314816   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-05-01 05:02 . 2009-04-11 21:37   457248   ----a-w-   c:\windows\system32\nvudisp.exe
2009-05-01 05:02 . 2009-03-27 17:03   663552   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-05-01 05:02 . 2008-11-12 06:54   9994240   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-05-01 05:02 . 2008-11-12 06:54   806912   ----a-w-   c:\windows\system32\nvapi.dll
2009-05-01 05:02 . 2008-11-12 06:54   8055584   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 05:02 . 2008-11-12 06:54   5896320   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-05-01 05:02 . 2008-11-12 06:54   1720320   ----a-w-   c:\windows\system32\nvcuda.dll
2009-05-01 05:02 . 2008-11-12 06:54   143360   ----a-w-   c:\windows\system32\nvcodins.dll
2009-05-01 05:02 . 2008-11-12 06:54   143360   ----a-w-   c:\windows\system32\nvcod.dll
2009-05-01 00:53 . 2009-05-01 00:53   62865   ----a-w-   c:\windows\system32\drivers\odysseyIM3.sys
2009-04-27 07:42 . 2009-04-11 21:37   457248   ----a-w-   c:\windows\system32\NVUNINST.EXE
2009-04-24 21:45 . 2009-04-24 21:45   8854   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_9FB06B5081B842C4B398D85CD33F7F86.exe
2009-04-24 21:45 . 2009-04-24 21:44   69632   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe1_6084D03834014C9DA21686E6EEA25AFB.exe
2009-04-24 21:45 . 2009-04-24 21:44   69632   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ZBrush3.exe_6084D03834014C9DA21686E6EEA25AFB.exe
2009-04-24 21:45 . 2009-04-24 21:44   10134   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\ARPPRODUCTICON.exe
2009-04-24 21:44 . 2009-04-24 21:44   8854   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6084D038-3401-4C9D-A216-86E6EEA25AFB}\UNINST_Uninstall_Z_6084D03834014C9DA21686E6EEA25AFB.exe
2009-04-22 23:15 . 2009-04-22 23:15   152576   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-21 10:40 . 2009-05-01 00:31   2653088   -c--a-w-   c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-04-17 12:26 . 2008-04-14 12:00   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-04-12 09:21 . 2009-04-12 09:21   0   ----a-w-   c:\windows\nsreg.dat
2009-04-12 09:04 . 2008-01-30 01:29   33808   ----a-w-   c:\windows\system32\drivers\klbg.sys
2009-04-12 09:04 . 2009-04-12 09:04   44808   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-04-12 09:03 . 2009-04-12 09:03   206088   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-04-12 09:03 . 2009-04-12 09:03   33808   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-04-12 09:03 . 2009-04-12 09:03   213520   ----a-w-   c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-04-12 09:01 . 2009-04-12 09:01   8   ----a-w-   c:\windows\system32\nvModes.dat
2009-04-11 20:02 . 2009-04-11 19:42   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-11 19:40 . 2009-04-11 19:40   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-12 68592]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-4-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Autodesk\\Maya2009\\bin\\maya.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/23/2009 2:36 AM 1373480]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4/11/2009 2:09 PM 36864]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [4/11/2009 2:07 PM 222976]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 10:31 AM 42000]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\
FF - component: c:\documents and settings\Bingo\Application Data\Mozilla\Firefox\Profiles\xuba6wew.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 21:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1096)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-08 21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 04:15

Pre-Run: 176,964,202,496 bytes free
Post-Run: 183,685,054,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

302   --- E O F ---   2009-06-11 10:36

evilfantasy · « **Reply #6 on:** July 07, 2009, 10:33:39 PM »

Quote from: deebingo on July 07, 2009, 10:17:50 PM

By the way thank you so much for doing this!!! People like you give me hope for our species.

Your welcome.

It looks like everything is gone now. How is the computer running now?

* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

deebingo · « **Reply #7 on:** July 08, 2009, 01:13:04 PM »

Everything seems to be ok now! Thank you so much! Going to get an internet security suite today to help prevent this from happening again.

evilfantasy · « **Reply #8 on:** July 08, 2009, 01:45:46 PM »

Sounds good.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Computer Hope Forum

News:

Author Topic: Still infected? (Read 6810 times)

deebingo

Still infected?

deebingo

Re: Still infected?

evilfantasy

Re: Still infected?

deebingo

Re: Still infected?

evilfantasy

Re: Still infected?

deebingo

Re: Still infected?

evilfantasy

Re: Still infected?

deebingo

Re: Still infected?

evilfantasy

Re: Still infected?