Computer Hope
Software => Computer viruses and spyware => Topic started by: alsuz on February 15, 2010, 11:18:30 PM
-
I had this on a previous post but have not had a chance to put the right log in due to family emergency. System seems to be slow; when clicking on a site or page it will freeze up but within a few seconds it will unfreeze and go into the site...said there may some files and one time said there was a trojan...Would you check and see if the logs below are correct and see what problem there may be...thanks and yes I am very green to computer stuff.. sorry.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/15/2010 at 09:37 PM
Application Version : 4.33.1000
Core Rules Database Version : 4589
Trace Rules Database Version: 2401
Scan type : Complete Scan
Total Scan Time : 00:20:31
Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 5150
Registry threats detected : 0
File items scanned : 36907
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Malwarebytes' Anti-Malware 1.44
Database version: 3744
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
2/15/2010 10:22:23 PM
mbam-log-2010-02-15 (22-22-23).txt
Scan type: Quick Scan
Objects scanned: 110841
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:18 AM, on 2/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Dorland\Anywhere\DorAny.exe
C:\Program Files\Common Files\AOL\1251835694\ee\AOLSoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DisCryptor Free\DisCryptor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Dorland Anywhere] "C:\Program Files\Dorland\Anywhere\DorAny.exe"
O4 - HKLM\..\Run: [hp 1000 firmware] "C:\Program Files\hp LaserJet 1000\fwdl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1251835694\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisCryptor Free] "C:\Program Files\DisCryptor Free\DisCryptor.exe" -minimized -sysstart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopularScreensaversWallpaper] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Device Detector 4.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - {6256d11e-4609-4663-8dbe-5fe2f9b560eb} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10926 bytes
-
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
- O4 - HKCU\..\Run: [PopularScreensaversWallpaper] \"rundll32\" C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
- O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
- O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
- O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
- O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
- O18 - Filter hijack: text/html - {6256d11e-4609-4663-8dbe-5fe2f9b560eb} - (no file)
.
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
----------
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
----------
If you already have ComboFix be sure to delete it and download a new copy.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
ok.. evilfantasy maybe i have done this right....i have not restarted spyware real time protection yet.
ComboFix 10-02-16.03 - Owner 02/17/2010 16:01:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1540 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
c:\program files\Mozilla Firefox\plc4.dll
c:\program files\Shared
c:\windows\system32\reboot.txt
.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.
2010-02-16 04:46 . 2010-02-16 04:46 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:46 . 2010-02-16 04:46 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcr71.dll
2010-02-16 04:46 . 2010-02-16 04:46 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcp71.dll
2010-02-16 04:46 . 2010-02-16 04:46 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\jmc.dll
2010-02-16 04:45 . 2010-02-16 04:45 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-sse.dll
2010-02-16 04:45 . 2010-02-16 04:45 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-d3d.dll
2010-02-16 04:18 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 04:18 . 2010-02-16 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 04:18 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 03:12 . 2010-02-16 03:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 03:12 . 2010-02-16 03:12 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 02:46 . 2010-02-16 02:46 -------- d-----w- c:\program files\CCleaner
2010-02-14 04:13 . 2010-02-14 04:13 -------- d-----w- c:\windows\Sun
2010-02-10 21:09 . 2009-11-27 17:23 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-10 21:09 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 21:09 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 21:08 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-08 01:09 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-08 01:09 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-08 01:09 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-08 01:09 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-08 01:09 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-08 01:09 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-08 01:09 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-08 01:09 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-08 01:09 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-08 01:09 . 2010-02-08 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-07 23:39 . 2010-02-16 03:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 06:00 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-07 05:29 . 2010-02-07 05:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-02-06 19:40 . 2010-02-16 06:01 -------- d-----w- c:\program files\Trend Micro
2010-02-06 12:29 . 2010-02-06 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-02-06 12:25 . 2010-02-06 20:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak
2010-02-06 12:19 . 2010-02-06 19:11 0 ----a-w- c:\windows\IntIgn0xF28456.dat
2010-02-02 14:15 . 2009-12-17 06:09 49241 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
2010-02-02 14:15 . 2009-12-16 13:07 136528 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
2010-02-02 14:15 . 2009-12-15 12:33 120144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
2010-02-02 14:15 . 2009-12-15 12:14 95568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
2010-02-02 14:15 . 2009-12-15 10:35 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
2010-02-02 14:15 . 2009-12-14 22:00 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
2010-02-02 14:15 . 2009-12-14 20:06 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
2010-02-02 14:15 . 2009-12-14 20:03 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
2010-01-29 12:51 . 2010-01-29 12:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-01-29 12:51 . 2010-01-29 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-26 00:26 . 2010-02-16 02:35 -------- d-----w- c:\program files\Unlocker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 20:57 . 2009-08-06 06:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-17 09:17 . 2009-06-03 20:59 -------- d-----w- c:\program files\Defraggler
2010-02-16 04:45 . 2009-11-19 06:15 -------- d-----w- c:\program files\Java
2010-02-16 03:11 . 2009-08-14 03:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-16 03:11 . 2009-12-22 23:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-08 01:09 . 2009-06-03 20:58 -------- d-----w- c:\program files\Alwil Software
2010-02-07 05:41 . 2009-09-12 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-04 16:06 . 2009-09-01 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2010-02-02 14:15 . 2009-09-01 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\program files\Yahoo!
2010-01-17 13:12 . 2009-11-19 06:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-17 13:11 . 2009-11-19 06:29 -------- d-----w- c:\program files\AVS4YOU
2010-01-17 03:00 . 2009-06-04 14:07 67880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-17 02:56 . 2010-01-16 02:26 -------- d-----w- c:\program files\Roxio
2010-01-17 02:56 . 2010-01-16 02:25 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-17 02:55 . 2010-01-16 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-16 02:37 . 2010-01-16 02:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-01-16 02:35 . 2010-01-16 02:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-16 02:30 . 2010-01-16 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-16 02:29 . 2010-01-16 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-16 02:27 . 2009-06-10 17:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 02:25 . 2010-01-16 02:25 -------- d-----w- c:\program files\DivX
2010-01-15 21:17 . 2010-01-15 21:17 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-13 19:53 . 2010-01-13 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-01-12 00:42 . 2010-01-12 00:39 164 ----a-w- c:\windows\install.dat
2010-01-05 09:57 . 2008-10-16 19:24 841216 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2007-08-13 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2007-01-08 16:01 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 07:58 . 2008-09-08 10:37 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 23:15 . 2009-12-22 23:12 -------- d-----w- c:\program files\LeapFrog
2009-12-22 23:14 . 2009-12-22 23:14 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-22 23:13 . 2009-12-22 23:13 4852064 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\Leapster2Plugin.exe
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-12-17 23:14 . 2009-11-19 06:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2009-06-03 20:44 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 10:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:20 . 2008-08-14 09:39 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:40 . 2008-08-14 04:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 17:25 . 2008-10-24 10:41 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:23 . 2008-05-07 04:04 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:23 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 10:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 10:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2008-04-14 10:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-07-11 13:53 . 2009-07-11 13:53 36122624 ----a-w- c:\program files\ess_nt32_enu.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisCryptor Free"="c:\program files\DisCryptor Free\DisCryptor.exe" [2009-02-01 1671168]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Dorland Anywhere"="c:\program files\Dorland\Anywhere\DorAny.exe" [2008-01-23 409600]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HostManager"="c:\program files\Common Files\AOL\1251835694\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 4.lnk - c:\program files\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2008-8-5 397312]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1251835694\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\OLYMPUS\\DSSPlayerStandard\\TranscriptionModule.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/7/2010 7:09 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/7/2010 7:09 PM 19024]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [8/5/2008 2:58 PM 167936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
R4 discryptor;discryptor;c:\program files\DisCryptor Free\discryptor.sys [2/1/2009 3:55 PM 265984]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{8E86AB1F-EB25-48A4-AFD3-B0077CB92854}.job
- c:\windows\system32\msfeedssync.exe [2009-06-03 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-eBay Icon - c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 16:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-17 16:04:32
ComboFix-quarantined-files.txt 2010-02-17 22:04
Pre-Run: 145,501,380,608 bytes free
Post-Run: 145,479,634,944 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A66656F258E6467FF8304D90C5517B98
-
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
ADASPROT
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://img249.imageshack.us/img249/1218/cfscript1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Please go to Start > Run and copy/paste the following blue text, then press Enter:
C:\QooBox\Add-Remove Programs.txt
A text file should open. Please post the contents of that file in your next reply.
-
ComboFix 10-02-16.03 - Owner 02/17/2010 17:39:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1524 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ADASPROT
-------\Service_ADASPROT
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.
2010-02-16 04:46 . 2010-02-16 04:46 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:46 . 2010-02-16 04:46 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcr71.dll
2010-02-16 04:46 . 2010-02-16 04:46 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcp71.dll
2010-02-16 04:46 . 2010-02-16 04:46 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\jmc.dll
2010-02-16 04:45 . 2010-02-16 04:45 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-sse.dll
2010-02-16 04:45 . 2010-02-16 04:45 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-d3d.dll
2010-02-16 04:18 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 04:18 . 2010-02-16 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 04:18 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 03:12 . 2010-02-16 03:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 03:12 . 2010-02-16 03:12 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 02:46 . 2010-02-16 02:46 -------- d-----w- c:\program files\CCleaner
2010-02-14 04:13 . 2010-02-14 04:13 -------- d-----w- c:\windows\Sun
2010-02-10 21:09 . 2009-11-27 17:23 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-02-10 21:09 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 21:09 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 21:08 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-08 01:09 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-08 01:09 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-08 01:09 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-08 01:09 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-08 01:09 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-08 01:09 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-08 01:09 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-08 01:09 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-08 01:09 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-08 01:09 . 2010-02-08 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-07 23:39 . 2010-02-16 03:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 06:00 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-07 05:29 . 2010-02-07 05:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-02-06 19:40 . 2010-02-16 06:01 -------- d-----w- c:\program files\Trend Micro
2010-02-06 12:29 . 2010-02-06 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-02-06 12:25 . 2010-02-06 20:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak
2010-02-06 12:19 . 2010-02-06 19:11 0 ----a-w- c:\windows\IntIgn0xF28456.dat
2010-02-02 14:15 . 2009-12-17 06:09 49241 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
2010-02-02 14:15 . 2009-12-16 13:07 136528 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
2010-02-02 14:15 . 2009-12-15 12:33 120144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
2010-02-02 14:15 . 2009-12-15 12:14 95568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
2010-02-02 14:15 . 2009-12-15 10:35 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
2010-02-02 14:15 . 2009-12-14 22:00 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
2010-02-02 14:15 . 2009-12-14 20:06 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
2010-02-02 14:15 . 2009-12-14 20:03 106496 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
2010-01-29 12:51 . 2010-01-29 12:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2010-01-29 12:51 . 2010-01-29 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-26 00:26 . 2010-02-16 02:35 -------- d-----w- c:\program files\Unlocker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 23:43 . 2009-08-06 06:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-17 09:17 . 2009-06-03 20:59 -------- d-----w- c:\program files\Defraggler
2010-02-16 04:45 . 2009-11-19 06:15 -------- d-----w- c:\program files\Java
2010-02-16 03:11 . 2009-08-14 03:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-16 03:11 . 2009-12-22 23:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-08 01:09 . 2009-06-03 20:58 -------- d-----w- c:\program files\Alwil Software
2010-02-07 05:41 . 2009-09-12 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-04 16:06 . 2009-09-01 20:10 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2010-02-02 14:15 . 2009-09-01 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-29 12:51 . 2009-08-15 14:52 -------- d-----w- c:\program files\Yahoo!
2010-01-17 13:12 . 2009-11-19 06:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-17 13:11 . 2009-11-19 06:29 -------- d-----w- c:\program files\AVS4YOU
2010-01-17 03:00 . 2009-06-04 14:07 67880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-17 02:56 . 2010-01-16 02:26 -------- d-----w- c:\program files\Roxio
2010-01-17 02:56 . 2010-01-16 02:25 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-17 02:55 . 2010-01-16 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-16 02:37 . 2010-01-16 02:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2010-01-16 02:35 . 2010-01-16 02:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-16 02:30 . 2010-01-16 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-16 02:29 . 2010-01-16 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-16 02:27 . 2009-06-10 17:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 02:25 . 2010-01-16 02:25 -------- d-----w- c:\program files\DivX
2010-01-15 21:17 . 2010-01-15 21:17 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-13 19:53 . 2010-01-13 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-01-12 00:42 . 2010-01-12 00:39 164 ----a-w- c:\windows\install.dat
2010-01-05 09:57 . 2008-10-16 19:24 841216 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2007-08-13 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2007-01-08 16:01 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 07:58 . 2008-09-08 10:37 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 23:15 . 2009-12-22 23:12 -------- d-----w- c:\program files\LeapFrog
2009-12-22 23:14 . 2009-12-22 23:14 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-22 23:13 . 2009-12-22 23:13 4852064 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\Leapster2Plugin.exe
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-12-17 23:14 . 2009-11-19 06:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2009-06-03 20:44 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 10:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:20 . 2008-08-14 09:39 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:40 . 2008-08-14 04:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 17:25 . 2008-10-24 10:41 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:23 . 2008-05-07 04:04 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:23 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 10:42 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 10:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2008-04-14 10:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-07-11 13:53 . 2009-07-11 13:53 36122624 ----a-w- c:\program files\ess_nt32_enu.msi
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_22.03.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 23:43 . 2010-02-17 23:43 16384 c:\windows\temp\Perflib_Perfdata_8d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisCryptor Free"="c:\program files\DisCryptor Free\DisCryptor.exe" [2009-02-01 1671168]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Dorland Anywhere"="c:\program files\Dorland\Anywhere\DorAny.exe" [2008-01-23 409600]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HostManager"="c:\program files\Common Files\AOL\1251835694\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 4.lnk - c:\program files\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2008-8-5 397312]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1251835694\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\OLYMPUS\\DSSPlayerStandard\\TranscriptionModule.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/7/2010 7:09 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/7/2010 7:09 PM 19024]
R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [8/5/2008 2:58 PM 167936]
R4 discryptor;discryptor;c:\program files\DisCryptor Free\discryptor.sys [2/1/2009 3:55 PM 265984]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{8E86AB1F-EB25-48A4-AFD3-B0077CB92854}.job
- c:\windows\system32\msfeedssync.exe [2009-06-03 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 17:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\dimsntfy.dll
- - - - - - - > 'explorer.exe'(1056)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\zstatus.exe
.
**************************************************************************
.
Completion time: 2010-02-17 17:45:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-17 23:45
ComboFix2.txt 2010-02-17 22:04
Pre-Run: 145,485,348,864 bytes free
Post-Run: 145,380,700,160 bytes free
- - End Of File - - B72B4EEF571518FD2250AD7A3612872D
7-Zip 4.65
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AutoUpdate
avast! Free Antivirus
CCleaner
CCScore
CDBurnerXP
Defraggler
DisCryptor Free - Encryption Software
DivX
Dorland's Electronic Medical Speller
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
hp LaserJet 1000
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Mega Codec Pack 3.8.0
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LeapFrog Connect
LeapFrog Leapster2 Plugin
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Small Business Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB973688)
netbrdg
OfotoXMI
Olympus DSS Player Standard
OpenOffice.org 3.0
QuickTime
Realtek High Definition Audio Driver
rjhExtensions
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
SUPERAntiSpyware Free Edition
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Vista Wallpapers
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
-
Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.
* Viewpoint Media Player
----------
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
ESET Online Scan
Scan your computer with the ESET FREE Online Virus Scan (http://eset.com/onlinescan)
* Click the ESET Online Scanner button.
* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.
* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.
In your next reply please include the ESET Online Scan Log
-
First Evilfantasy thank you so much for your help with this and the time you have taken to help me...I'm so glad that we are able to have folks like you to help ones like me,,,who does not really know squat about computers... here is the Eset Online Scan Log results.
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP233\A0083431.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087847.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087848.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087849.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087851.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087852.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087853.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087858.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087859.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087860.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087861.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087863.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087864.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091335.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091336.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091338.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091340.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091341.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091342.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091343.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091348.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091349.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091351.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091352.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP289\A0093131.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
-
That all is nothing to worry about.
If there are no more malware issues we can finish up now.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
* Click Start Now
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page (http://www.microsoft.com/windows/ie/).
----------
I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.