Need help removing "Clickfraudmanager" [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Need help removing "Clickfraudmanager" [Solved]

Options

rmcfly View Member Profile	Feb 24 2009, 06:28 PM Post #1
Member Posts: 12 OS: XP	I am in desperate need of help to remove this virus. Everytime I use the Google toolbar in Firefox and select the desired site, I get redirected and at the bottom of the browser it displays "Clickfraudmanager for a brief moment. I have scanned my system with Bitdefender 2009, Malwarebytes, Trojan Hunter and Superantispyware. I have exhausted my limited resources and am now looking for some help. Anything would be appreciated as I have had very little luck finding a viable solution on the web. Please Help. This post has been edited by rmcfly: Feb 24 2009, 06:29 PM

Jimmy2012 View Member Profile	Feb 24 2009, 11:58 PM Post #2
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly and welcome to Geeks to go. Download OTListIt2 to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

rmcfly View Member Profile	Feb 25 2009, 08:21 PM Post #3
Member Posts: 12 OS: XP	Thank you for responding to my post and helping me. I started by following the pre post instructions and ran ATF_Clean, set a restore point, ran erunt and installed HiJackThis. Here are the results from OTListIt2. Again, thank you for your time and help with this. OTListIt logfile created on: 2/25/2009 7:58:00 PM - Run OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Documents and Settings\Russ\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1023.49 Mb Total Physical Memory \| 644.11 Mb Available Physical Memory \| 62.93% Memory free 2.40 Gb Paging File \| 2.03 Gb Available in Paging File \| 84.48% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 76.33 Gb Total Space \| 63.48 Gb Free Space \| 83.17% Space Free \| Partition Type: NTFS Drive D: \| 128.00 Gb Total Space \| 80.26 Gb Free Space \| 62.70% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME Current User Name: Russ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) PRC - D:\Program Files\TrojanHunter 5.0\THGuard.exe (Mischel Internet Security) PRC - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation) PRC - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe (Uniblue Software) PRC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Documents and Settings\Russ\Desktop\OTListIt2.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Arrakis3 [On_Demand \| Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CVPND [Auto \| Running]) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LIVESRV [Auto \| Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL) SRV - (NVSvc [Auto \| Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (scan [On_Demand \| Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV - (SolidWorks Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (VSSERV [Auto \| Running]) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.) ========== Driver Services (SafeList) ========== DRV - (bdfm [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (Bdfndisf [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys (BitDefender LLC) DRV - (bdfsfltr [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (bdftdif [System \| Running]) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (BDSelfPr [On_Demand \| Running]) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.) DRV - (BDVEDISK [Auto \| Running]) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys (BitDefender S.R.L.) DRV - (ctac32k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (ctaud2k [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctljystk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys (Creative Technology Ltd.) DRV - (ctprxy2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (CVirtA [On_Demand \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.) DRV - (CVPNDRVA [Auto \| Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.) DRV - (ElbyCDIO [Auto \| Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes) DRV - (emupia [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (gameenum [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ha10kx2k [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (nv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nv_agp [Boot \| Running]) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (Profos [On_Demand \| Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys () DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (rtl8139 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation) DRV - (SASDIFSV [System \| Running]) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM [On_Demand \| Running]) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL [System \| Running]) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Trufos [On_Demand \| Stopped]) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys () DRV - (USBAAPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (vsdatant [On_Demand \| Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local FF - prefs.js..browser.startup.homepage: "http://www.msn.com" FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {A15DCA03-3717-4FE9-A021-78EA815F370B}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/11/29 13:11:25 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com -> %ProgramFiles%\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR [C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\] -> [2009/02/07 22:30:18 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/06 21:56:42 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/08 16:20:17 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components -> %ProgramFiles%\MOZILLA THUNDERBIRD\COMPONENTS [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009/02/07 22:38:04 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS -> FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com -> %ProgramFiles%\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION [C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\] -> [2009/02/07 22:30:29 00,000,000 \| ---D \| M] FF - C:\Documents and Settings\Russ\Application Data\mozilla\Extensions [2008/07/26 19:50:34 00,000,000 \| ---D \| M] FF - C:\Documents and Settings\Russ\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/26 19:50:34 00,000,000 \| ---D \| M] FF - C:\Documents and Settings\Russ\Application Data\mozilla\Firefox\Profiles\jjfcjrjo.default\extensions [2009/02/21 07:48:51 00,000,000 \| ---D \| M] FF - C:\Documents and Settings\Russ\Application Data\mozilla\Firefox\Profiles\jjfcjrjo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008/11/15 00:18:08 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions [2009/02/21 07:48:51 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/06 21:15:13 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions\{A15DCA03-3717-4FE9-A021-78EA815F370B} [2009/02/06 21:04:11 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008/08/08 22:14:04 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008/11/29 13:12:12 00,000,000 \| ---D \| M] FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2008/12/22 07:32:42 00,000,000 \| ---D \| M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender) O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" () O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install () O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [THGuard] "D:\Program Files\TrojanHunter 5.0\THGuard.exe" (Mischel Internet Security) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd) O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s (Uniblue Software) O4 - HKCU..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (Uniblue Software) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = D:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1217084590437 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkklIaya) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ] O32 - Autorun File - D:\AUTOEXEC.BAT () - [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\.tmp files] [1 C:\WINDOWS\.tmp files] [2009/02/25 19:49:39 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/02/25 19:48:57 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\Russ\Desktop\NTREGOPT.lnk [2009/02/25 19:48:57 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\Russ\Desktop\ERUNT.lnk [2009/02/25 19:48:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/02/25 19:45:34 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Russ\Desktop\System Restore [2009/02/25 19:42:49 \| 00,401,720 \| ---- \| C] (Trend Micro Inc.) -- C:\Documents and Settings\Russ\Desktop\HiJackThis.exe [2009/02/25 19:41:57 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\Russ\Desktop\erunt_setup.exe [2009/02/25 19:38:27 \| 00,020,480 \| ---- \| C] () -- C:\Documents and Settings\Russ\Desktop\New Microsoft Word Document.doc [2009/02/25 19:37:26 \| 00,497,152 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Russ\Desktop\OTListIt2.exe [2009/02/23 21:44:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2009/02/23 21:44:35 \| 00,000,652 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/02/23 21:44:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com [2009/02/23 21:43:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/02/23 21:43:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Russ\Application Data\TrojanHunter [2009/02/23 21:09:03 \| 00,000,572 \| ---- \| C] () -- C:\Documents and Settings\Russ\Desktop\TrojanHunter.lnk [2009/02/23 21:08:46 \| 00,059,392 \| R--- \| C] () -- C:\WINDOWS\System32\streamhlp.dll [2009/02/21 15:12:07 \| 00,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2009/02/21 15:11:58 \| 00,666,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2009/02/21 15:11:57 \| 00,619,520 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2009/02/21 15:11:55 \| 01,499,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2009/02/21 15:11:35 \| 01,846,400 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2009/02/21 15:11:32 \| 02,189,184 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2009/02/21 15:11:32 \| 02,145,280 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2009/02/21 15:11:31 \| 02,023,936 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2009/02/21 15:11:30 \| 02,066,048 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2009/02/21 15:11:22 \| 03,067,904 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009/02/21 15:11:20 \| 00,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2009/02/21 15:11:18 \| 00,455,296 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2009/02/21 15:11:16 \| 00,333,952 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2009/02/21 15:11:06 \| 00,272,128 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009/02/21 15:11:02 \| 00,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2009/02/21 15:07:45 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2009/02/21 14:44:33 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\$NtServicePackUninstall$ [2009/02/09 19:26:13 \| 00,000,260 \| ---- \| C] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2009/02/08 17:21:11 \| 00,002,509 \| ---- \| C] () -- C:\Documents and Settings\Russ\Desktop\Rosetta Stone V3.lnk [2009/02/08 16:19:47 \| 00,003,144 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\srgb.icm [2009/02/08 15:37:24 \| 00,010,457 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2009/02/08 15:37:24 \| 00,001,771 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2009/02/08 15:37:24 \| 00,000,855 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2009/02/08 15:37:23 \| 00,000,420 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2009/02/08 15:37:21 \| 00,613,334 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2009/02/08 15:37:21 \| 00,172,196 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2009/02/08 15:37:21 \| 00,172,196 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2009/02/08 15:37:21 \| 00,067,374 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2009/02/08 15:37:21 \| 00,023,195 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2009/02/08 15:37:20 \| 00,343,204 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2009/02/08 15:37:20 \| 00,343,204 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2009/02/08 15:37:20 \| 00,172,196 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2009/02/08 15:37:20 \| 00,086,196 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2009/02/08 15:37:20 \| 00,086,180 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2009/02/08 15:37:20 \| 00,086,180 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2009/02/08 15:37:19 \| 00,354,468 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2009/02/08 15:37:19 \| 00,029,070 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmp.inf [2009/02/08 15:37:14 \| 00,017,272 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2009/02/08 15:37:14 \| 00,008,677 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2009/02/08 15:37:14 \| 00,007,892 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2009/02/08 15:37:14 \| 00,007,636 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2009/02/08 15:37:14 \| 00,007,369 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2009/02/08 15:37:14 \| 00,006,769 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2009/02/08 15:37:14 \| 00,006,241 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2009/02/08 15:37:14 \| 00,006,060 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2009/02/08 15:37:14 \| 00,004,193 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2009/02/08 15:37:14 \| 00,002,477 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2009/02/08 15:37:13 \| 00,005,789 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2009/02/08 15:37:05 \| 00,300,969 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2009/02/08 15:37:05 \| 00,017,489 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2009/02/08 15:37:05 \| 00,005,290 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2009/02/08 15:36:49 \| 00,002,469 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2009/02/08 15:36:49 \| 00,002,375 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2009/02/08 15:36:48 \| 00,023,829 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2009/02/08 15:36:48 \| 00,003,187 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tour.js [2009/02/08 15:36:48 \| 00,002,450 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2009/02/08 15:36:48 \| 00,002,371 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2009/02/08 15:36:45 \| 00,001,398 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2009/02/08 15:36:45 \| 00,001,380 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2009/02/08 15:36:45 \| 00,001,380 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2009/02/08 15:36:45 \| 00,001,367 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2009/02/08 15:36:27 \| 00,001,148 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2009/02/08 15:36:26 \| 00,086,016 \| ---- \| C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm [2009/02/08 15:36:23 \| 00,000,908 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2009/02/08 15:36:14 \| 00,572,557 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2009/02/08 15:36:11 \| 00,066,725 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2009/02/08 15:35:59 \| 00,077,307 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2009/02/08 15:35:59 \| 00,001,477 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl [2009/02/08 15:35:59 \| 00,001,477 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl [2009/02/08 15:35:59 \| 00,001,474 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl [2009/02/08 15:35:59 \| 00,001,448 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl [2009/02/08 15:35:59 \| 00,001,049 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl [2009/02/08 15:35:59 \| 00,001,046 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl [2009/02/08 15:35:59 \| 00,001,036 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl [2009/02/08 15:35:59 \| 00,000,784 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl [2009/02/08 15:35:59 \| 00,000,783 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl [2009/02/08 15:35:59 \| 00,000,775 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl [2009/02/08 15:35:59 \| 00,000,733 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl [2009/02/08 15:35:58 \| 00,001,451 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl [2009/02/08 15:35:58 \| 00,001,250 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl [2009/02/08 15:35:58 \| 00,000,789 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl [2009/02/08 15:35:58 \| 00,000,787 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl [2009/02/08 15:35:44 \| 00,375,519 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2009/02/08 15:35:30 \| 00,022,060 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2009/02/08 15:35:29 \| 00,000,403 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2009/02/08 15:35:15 \| 01,307,648 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2009/02/08 15:35:15 \| 00,079,872 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2009/02/08 15:34:38 \| 00,294,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm [2009/02/08 15:34:33 \| 00,097,117 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp [2009/02/08 15:34:33 \| 00,018,286 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2009/02/08 15:34:33 \| 00,002,778 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2009/02/08 15:34:33 \| 00,002,545 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2009/02/08 15:34:32 \| 00,001,885 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt [2009/02/08 15:34:17 \| 00,457,607 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2009/02/08 15:33:58 \| 00,290,816 \| ---- \| C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm [2009/02/08 15:32:41 \| 00,005,971 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\events.js [2009/02/08 15:32:28 \| 00,294,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe [2009/02/08 15:32:19 \| 00,381,425 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2009/02/08 15:32:19 \| 00,009,585 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\controls.css [2009/02/08 15:32:19 \| 00,008,298 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2009/02/08 15:32:19 \| 00,006,878 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\controls.js [2009/02/08 15:32:17 \| 00,184,959 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2009/02/08 15:32:16 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2009/02/08 15:32:16 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2009/02/08 15:32:16 \| 00,000,772 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2009/02/08 15:32:14 \| 00,000,760 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2009/02/08 15:32:14 \| 00,000,717 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2009/02/08 15:32:07 \| 00,000,999 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2009/02/08 11:33:39 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Russ\Application Data\Malwarebytes [2009/02/08 11:33:28 \| 00,015,504 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/02/08 11:33:25 \| 00,038,496 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/02/08 11:33:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/02/08 11:33:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/02/08 10:48:51 \| 00,000,850 \| ---- \| C] () -- C:\WINDOWS\System32\ProductTweaks.xml [2009/02/08 10:48:50 \| 00,000,385 \| ---- \| C] () -- C:\WINDOWS\System32\user_gensett.xml [2009/02/08 10:43:37 \| 00,028,288 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2009/02/08 10:43:26 \| 00,156,672 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2009/02/08 10:43:26 \| 00,156,672 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2009/02/08 10:43:25 \| 00,156,672 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2009/02/08 10:43:24 \| 00,079,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2009/02/08 10:43:24 \| 00,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2009/02/08 10:43:24 \| 00,065,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2009/02/08 10:43:22 \| 00,041,600 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2009/02/08 10:43:22 \| 00,031,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2009/02/08 10:43:20 \| 00,009,216 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll [2009/02/08 10:43:18 \| 00,073,728 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll [2009/02/08 10:43:18 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll [2009/02/08 10:43:18 \| 00,004,608 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll [2009/02/08 10:43:17 \| 00,086,073 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2009/02/08 10:43:17 \| 00,048,256 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2009/02/08 10:43:16 \| 00,426,041 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2009/02/08 10:43:12 \| 00,076,288 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2009/02/08 10:43:12 \| 00,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2009/02/08 10:43:11 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2009/02/08 10:43:08 \| 00,455,168 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2009/02/08 10:43:08 \| 00,044,032 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2009/02/08 10:43:08 \| 00,010,240 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2009/02/08 10:43:07 \| 00,571,392 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2009/02/08 10:43:06 \| 00,185,344 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2009/02/08 10:43:06 \| 00,019,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2009/02/08 10:43:05 \| 00,021,896 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2009/02/08 10:43:05 \| 00,013,192 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2009/02/08 10:43:01 \| 00,016,896 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll [2009/02/08 10:42:59 \| 00,101,376 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2009/02/08 10:42:55 \| 00,143,422 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2009/02/08 10:42:54 \| 00,007,168 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2009/02/08 10:42:53 \| 00,010,240 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2009/02/08 10:42:51 \| 00,012,288 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2009/02/08 10:42:50 \| 00,015,872 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2009/02/08 10:42:50 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2009/02/08 10:42:50 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2009/02/08 10:42:49 \| 00,038,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2009/02/08 10:42:49 \| 00,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2009/02/08 10:42:49 \| 00,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2009/02/08 10:42:49 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2009/02/08 10:42:49 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2009/02/08 10:42:49 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2009/02/08 10:42:48 \| 00,030,208 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2009/02/08 10:42:48 \| 00,030,208 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2009/02/08 10:42:48 \| 00,029,184 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2009/02/08 10:42:48 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2009/02/08 10:42:48 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2009/02/08 10:42:48 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2009/02/08 10:42:47 \| 00,025,088 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2009/02/08 10:42:46 \| 00,018,944 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2009/02/08 10:42:41 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2009/02/08 10:42:40 \| 00,057,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2009/02/08 10:42:38 \| 00,079,872 \| ---- \| C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2009/02/08 10:42:38 \| 00,079,872 \| ---- \| C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2009/02/08 10:42:35 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2009/02/08 10:42:33 \| 00,023,040 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2009/02/08 10:42:33 \| 00,014,848 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2009/02/08 10:42:30 \| 00,077,824 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2009/02/08 10:42:30 \| 00,016,384 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2009/02/08 10:42:29 \| 00,009,728 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2009/02/08 10:42:26 \| 00,083,748 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2009/02/08 10:42:26 \| 00,083,748 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2009/02/08 10:42:25 \| 00,131,584 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2009/02/08 10:42:25 \| 00,011,264 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2009/02/08 10:42:25 \| 00,006,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2009/02/08 10:42:24 \| 00,070,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2009/02/08 10:42:24 \| 00,067,584 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2009/02/08 10:42:23 \| 00,482,304 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2009/02/08 10:42:23 \| 00,175,104 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2009/02/08 10:42:23 \| 00,053,760 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2009/02/08 10:42:22 \| 00,079,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2009/02/08 10:42:22 \| 00,020,992 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll [2009/02/08 10:42:20 \| 00,036,927 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2009/02/08 10:42:20 \| 00,031,744 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll [2009/02/08 10:42:20 \| 00,015,872 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2009/02/08 10:42:20 \| 00,015,360 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2009/02/08 10:42:20 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2009/02/08 10:42:14 \| 00,038,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2009/02/08 10:42:11 \| 00,053,248 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll [2009/02/08 10:42:07 \| 00,229,439 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2009/02/08 10:42:00 \| 01,875,968 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2009/02/08 10:42:00 \| 00,098,304 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2009/02/08 10:41:49 \| 00,092,416 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2009/02/08 10:41:49 \| 00,092,032 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2009/02/08 10:41:48 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll [2009/02/08 10:41:46 \| 00,065,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2009/02/08 10:41:45 \| 00,022,016 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll [2009/02/08 10:41:43 \| 00,047,066 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2009/02/08 10:41:41 \| 01,158,818 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2009/02/08 10:41:41 \| 00,070,656 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2009/02/08 10:41:40 \| 00,006,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2009/02/08 10:41:40 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2009/02/08 10:41:40 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2009/02/08 10:41:40 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2009/02/08 10:41:39 \| 00,006,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2009/02/08 10:41:39 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2009/02/08 10:41:39 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2009/02/08 10:41:39 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2009/02/08 10:41:39 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2009/02/08 10:41:38 \| 00,009,216 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2009/02/08 10:41:38 \| 00,007,680 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2009/02/08 10:41:38 \| 00,007,168 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2009/02/08 10:41:37 \| 00,006,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2009/02/08 10:41:37 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2009/02/08 10:41:37 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2009/02/08 10:41:37 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2009/02/08 10:41:36 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2009/02/08 10:41:36 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2009/02/08 10:41:36 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2009/02/08 10:41:36 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2009/02/08 10:41:35 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2009/02/08 10:41:35 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2009/02/08 10:41:35 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2009/02/08 10:41:35 \| 00,005,120 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2009/02/08 10:41:34 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2009/02/08 10:41:34 \| 00,005,120 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2009/02/08 10:41:34 \| 00,005,120 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2009/02/08 10:41:33 \| 00,006,144 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2009/02/08 10:41:33 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2009/02/08 10:41:33 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2009/02/08 10:41:33 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2009/02/08 10:41:32 \| 00,018,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2009/02/08 10:41:32 \| 00,009,216 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll [2009/02/08 10:41:31 \| 00,007,168 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll [2009/02/08 10:41:29 \| 00,008,704 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll [2009/02/08 10:41:27 \| 00,471,102 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2009/02/08 10:41:27 \| 00,315,455 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2009/02/08 10:41:27 \| 00,059,392 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2009/02/08 10:41:26 \| 00,274,489 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2009/02/08 10:41:26 \| 00,262,200 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2009/02/08 10:41:26 \| 00,102,456 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2009/02/08 10:41:26 \| 00,059,904 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2009/02/08 10:41:26 \| 00,045,109 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2009/02/08 10:41:25 \| 00,233,527 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2009/02/08 10:41:18 \| 00,208,952 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2009/02/08 10:41:18 \| 00,196,665 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2009/02/08 10:41:18 \| 00,155,705 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2009/02/08 10:41:17 \| 00,716,856 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2009/02/08 10:41:17 \| 00,368,696 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2009/02/08 10:41:17 \| 00,307,257 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2009/02/08 10:41:17 \| 00,081,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2009/02/08 10:41:17 \| 00,057,398 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2009/02/08 10:41:16 \| 00,811,064 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2009/02/08 10:41:16 \| 00,340,023 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2009/02/08 10:41:16 \| 00,311,359 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2009/02/08 10:41:15 \| 00,134,339 \| ---- \| C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2009/02/08 10:41:15 \| 00,106,496 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2009/02/08 10:41:15 \| 00,102,463 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2009/02/08 10:41:15 \| 00,094,720 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2009/02/08 10:41:15 \| 00,086,016 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2009/02/08 10:41:15 \| 00,044,032 \| ---- \| C] (Microsoft Corp This post has been edited by rmcfly*: Feb 25 2009, 08:27 PM

Jimmy2012 View Member Profile	Feb 26 2009, 12:17 AM Post #5
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. And please post a HijackThis log as well.

rmcfly View Member Profile	Feb 26 2009, 06:10 PM Post #6
Member Posts: 12 OS: XP	Here are the results from both Combofix and also HiJackThis. ComboFix 09-02-26.01 - Russ 2009-02-26 17:51:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.609 [GMT -6:00] Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\Tasks\dbnkcgcw.job . ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))) . 2009-02-25 19:48 . 2009-02-25 19:49 <DIR> d-------- c:\program files\ERUNT 2009-02-23 21:44 . 2009-02-23 21:44 <DIR> d-------- c:\documents and settings\Russ\Application Data\SUPERAntiSpyware.com 2009-02-23 21:44 . 2009-02-23 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-23 21:43 . 2009-02-23 21:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-23 21:43 . 2009-02-23 21:43 <DIR> d-------- c:\documents and settings\Russ\Application Data\TrojanHunter 2009-02-21 15:12 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-02-09 19:26 . 2009-02-09 19:26 260 --a------ c:\windows\system32\BDUpdateV1.xml 2009-02-08 16:19 . 2001-07-21 14:40 3,144 --a--c--- c:\windows\system32\dllcache\srgb.icm 2009-02-08 15:36 . 2002-08-29 06:00 572,557 -----c--- c:\windows\system32\dllcache\rtuner.wmv 2009-02-08 15:35 . 2008-09-09 19:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll 2009-02-08 15:34 . 2002-08-29 06:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv 2009-02-08 15:34 . 2008-04-13 18:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm 2009-02-08 15:34 . 2004-08-04 06:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp 2009-02-08 15:34 . 2004-08-04 06:00 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf 2009-02-08 15:34 . 2002-08-29 06:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif 2009-02-08 15:34 . 2002-08-29 06:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif 2009-02-08 15:34 . 2004-08-04 06:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt 2009-02-08 15:33 . 2008-04-13 18:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm 2009-02-08 11:33 . 2009-02-19 20:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-08 11:33 . 2009-02-08 11:33 <DIR> d-------- c:\documents and settings\Russ\Application Data\Malwarebytes 2009-02-08 11:33 . 2009-02-08 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-08 11:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-08 11:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-08 10:48 . 2009-02-08 10:48 850 --a------ c:\windows\system32\ProductTweaks.xml 2009-02-08 10:48 . 2009-02-08 10:48 385 --a------ c:\windows\system32\user_gensett.xml 2009-02-08 10:42 . 2004-08-04 06:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex 2009-02-08 10:41 . 2004-08-04 06:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll 2009-02-08 10:40 . 2008-04-13 18:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll 2009-02-08 10:39 . 2004-08-04 06:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\WindowsShell.Manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-02-08 10:24 . 2004-08-03 22:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys 2009-02-08 10:17 . 2004-08-04 06:00 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT 2009-02-08 10:17 . 2004-08-04 06:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT 2009-02-08 10:17 . 2004-08-04 06:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT 2009-02-08 10:17 . 2004-08-04 06:00 37,484 --a--c--- c:\windows\system32\dllcache\MW770.CAT 2009-02-08 10:17 . 2004-08-04 06:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2009-02-08 10:17 . 2004-08-04 06:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll 2009-02-08 10:17 . 2004-08-04 06:00 13,472 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT 2009-02-08 10:17 . 2004-08-04 06:00 13,312 --a------ c:\windows\system32\irclass.dll 2009-02-08 10:17 . 2004-08-04 06:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll 2009-02-08 10:17 . 2004-08-04 06:00 8,574 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT 2009-02-08 10:17 . 2004-08-04 06:00 7,382 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT 2009-02-08 02:51 . 2009-02-26 17:58 121 --a------ c:\windows\bdagent.INI 2009-02-08 02:26 . 2009-02-08 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-02-08 02:19 . 2009-02-08 02:19 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-02-08 02:18 . 2009-02-08 02:18 <DIR> d-------- c:\program files\Rosetta Stone 2009-02-08 02:18 . 2009-02-21 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone 2009-02-08 01:39 . 2009-02-08 02:04 <DIR> d-------- c:\program files\The Rosetta Stone 2009-02-08 00:30 . 2009-02-08 20:47 <DIR> d-------- c:\documents and settings\Russ\Application Data\uTorrent 2009-02-07 22:31 . 2009-02-07 22:31 <DIR> d-------- c:\documents and settings\Russ\Application Data\BitDefender 2009-02-07 22:30 . 2009-02-07 22:30 <DIR> d-------- c:\program files\BitDefender 2009-02-07 22:30 . 2009-02-07 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender 2009-02-07 22:18 . 2009-02-07 22:30 <DIR> d-------- c:\program files\Common Files\BitDefender 2009-02-07 19:48 . 2009-02-07 19:48 <DIR> d-------- c:\program files\Elaborate Bytes 2009-02-07 18:49 . 2004-08-04 06:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe 2009-02-07 17:59 . 2004-08-04 06:00 7,334 --a--c--- c:\windows\system32\dllcache\wmerrenu.cat 2009-02-07 17:06 . 2009-02-07 17:06 <DIR> d-------- c:\program files\Softwin 2009-02-07 16:19 . 2009-02-07 19:39 <DIR> d-------- c:\documents and settings\Russ\Application Data\Uniblue 2009-02-07 14:00 . 2009-02-07 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Uniblue 2009-02-07 13:53 . 2009-02-07 19:39 <DIR> d-------- c:\program files\Uniblue 2009-02-07 13:53 . 2009-02-07 14:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue 2009-02-06 21:54 . 2009-02-06 21:54 <DIR> d-------- c:\documents and settings\Administrator 2009-02-06 21:09 . 2009-02-08 14:22 2,412 --a------ c:\windows\nlmkngrt 2009-01-26 20:07 . 2009-01-26 20:08 <DIR> d-------- c:\documents and settings\Russ\Application Data\sldIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 23:51 81,984 ----a-w c:\windows\system32\bdod.bin 2009-02-26 23:27 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-10 00:55 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-02-08 04:00 --------- d-----w c:\program files\Common Files\Softwin 2009-02-07 22:13 --------- d-----w c:\program files\Bonjour 2009-01-31 04:13 --------- d-----w c:\documents and settings\Russ\Application Data\SolidWorks 2009-01-17 20:14 --------- d-----w c:\documents and settings\Russ\Application Data\iScreensaver 2009-01-11 23:24 --------- d-----w c:\program files\Jasc Software Inc 2008-12-23 02:31 127,034 ----a-r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-12-16 23:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232] "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-12-03 1260296] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 9479448] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-24 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016] "THGuard"="d:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - d:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-12-23 1445904] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-22 67128] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328] R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42] 2009-02-07 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-12-03 15:39] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Russ\Application Data\Mozilla\Firefox\Profiles\jjfcjrjo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-26 17:57:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1052) d:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe d:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe . ************************************************************************ . Completion time: 2009-02-26 18:02:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-27 00:02:07 Pre-Run: 68,041,306,112 bytes free Post-Run: 67,950,968,832 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin 215 --- E O F --- 2009-02-25 02:35:34 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:03:52 PM, on 2/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\TrojanHunter 5.0\THGuard.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Russ\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 5.0\THGuard.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = D:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217084590437 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 7136 bytes

Jimmy2012 View Member Profile	Feb 26 2009, 11:31 PM Post #7
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE Folder:: c:\windows\nlmkngrt SysRst:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following reports/logs into your next reply: Combofix.txt

rmcfly View Member Profile	Feb 27 2009, 06:04 PM Post #8
Member Posts: 12 OS: XP	OK Jim, or is it Jimmy? Here are the latest results from ComboFix. I wish I had some idea as to what you are looking at or for as I think it would be interesting to be able to track down these infections. How did you get started and learn how to do this? ComboFix 09-02-27.01 - Russ 2009-02-27 17:45:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -6:00] Running from: c:\documents and settings\Russ\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Russ\Desktop\CFScript.txt.txt AV: BitDefender Antivirus On-access scanning disabled (Updated) FW: BitDefender Firewall enabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\nlmkngrt\ . ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-25 19:48 . 2009-02-25 19:49 <DIR> d-------- c:\program files\ERUNT 2009-02-23 21:44 . 2009-02-23 21:44 <DIR> d-------- c:\documents and settings\Russ\Application Data\SUPERAntiSpyware.com 2009-02-23 21:44 . 2009-02-23 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-23 21:43 . 2009-02-23 21:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-23 21:43 . 2009-02-23 21:43 <DIR> d-------- c:\documents and settings\Russ\Application Data\TrojanHunter 2009-02-21 15:12 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-02-09 19:26 . 2009-02-09 19:26 260 --a------ c:\windows\system32\BDUpdateV1.xml 2009-02-08 16:19 . 2001-07-21 14:40 3,144 --a--c--- c:\windows\system32\dllcache\srgb.icm 2009-02-08 15:36 . 2002-08-29 06:00 572,557 -----c--- c:\windows\system32\dllcache\rtuner.wmv 2009-02-08 15:35 . 2008-09-09 19:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll 2009-02-08 15:34 . 2002-08-29 06:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv 2009-02-08 15:34 . 2008-04-13 18:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm 2009-02-08 15:34 . 2004-08-04 06:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp 2009-02-08 15:34 . 2004-08-04 06:00 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf 2009-02-08 15:34 . 2002-08-29 06:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif 2009-02-08 15:34 . 2002-08-29 06:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif 2009-02-08 15:34 . 2004-08-04 06:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt 2009-02-08 15:33 . 2008-04-13 18:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm 2009-02-08 11:33 . 2009-02-19 20:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-08 11:33 . 2009-02-08 11:33 <DIR> d-------- c:\documents and settings\Russ\Application Data\Malwarebytes 2009-02-08 11:33 . 2009-02-08 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-08 11:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-08 11:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-08 10:48 . 2009-02-08 10:48 850 --a------ c:\windows\system32\ProductTweaks.xml 2009-02-08 10:48 . 2009-02-08 10:48 385 --a------ c:\windows\system32\user_gensett.xml 2009-02-08 10:42 . 2004-08-04 06:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex 2009-02-08 10:41 . 2004-08-04 06:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll 2009-02-08 10:40 . 2008-04-13 18:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll 2009-02-08 10:39 . 2004-08-04 06:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\WindowsShell.Manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-02-08 10:35 . 2009-02-08 10:35 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-02-08 10:24 . 2004-08-03 22:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys 2009-02-08 10:17 . 2004-08-04 06:00 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT 2009-02-08 10:17 . 2004-08-04 06:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT 2009-02-08 10:17 . 2004-08-04 06:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT 2009-02-08 10:17 . 2004-08-04 06:00 37,484 --a--c--- c:\windows\system32\dllcache\MW770.CAT 2009-02-08 10:17 . 2004-08-04 06:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2009-02-08 10:17 . 2004-08-04 06:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll 2009-02-08 10:17 . 2004-08-04 06:00 13,472 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT 2009-02-08 10:17 . 2004-08-04 06:00 13,312 --a------ c:\windows\system32\irclass.dll 2009-02-08 10:17 . 2004-08-04 06:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll 2009-02-08 10:17 . 2004-08-04 06:00 8,574 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT 2009-02-08 10:17 . 2004-08-04 06:00 7,382 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT 2009-02-08 02:51 . 2009-02-27 17:49 121 --a------ c:\windows\bdagent.INI 2009-02-08 02:26 . 2009-02-08 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-02-08 02:19 . 2009-02-08 02:19 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-02-08 02:18 . 2009-02-08 02:18 <DIR> d-------- c:\program files\Rosetta Stone 2009-02-08 02:18 . 2009-02-21 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone 2009-02-08 01:39 . 2009-02-08 02:04 <DIR> d-------- c:\program files\The Rosetta Stone 2009-02-08 00:30 . 2009-02-08 20:47 <DIR> d-------- c:\documents and settings\Russ\Application Data\uTorrent 2009-02-07 22:31 . 2009-02-07 22:31 <DIR> d-------- c:\documents and settings\Russ\Application Data\BitDefender 2009-02-07 22:30 . 2009-02-07 22:30 <DIR> d-------- c:\program files\BitDefender 2009-02-07 22:30 . 2009-02-07 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender 2009-02-07 22:18 . 2009-02-07 22:30 <DIR> d-------- c:\program files\Common Files\BitDefender 2009-02-07 19:48 . 2009-02-07 19:48 <DIR> d-------- c:\program files\Elaborate Bytes 2009-02-07 18:49 . 2004-08-04 06:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe 2009-02-07 17:59 . 2004-08-04 06:00 7,334 --a--c--- c:\windows\system32\dllcache\wmerrenu.cat 2009-02-07 17:06 . 2009-02-07 17:06 <DIR> d-------- c:\program files\Softwin 2009-02-07 16:19 . 2009-02-07 19:39 <DIR> d-------- c:\documents and settings\Russ\Application Data\Uniblue 2009-02-07 14:00 . 2009-02-07 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Uniblue 2009-02-07 13:53 . 2009-02-07 19:39 <DIR> d-------- c:\program files\Uniblue 2009-02-07 13:53 . 2009-02-07 14:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue 2009-02-06 21:54 . 2009-02-06 21:54 <DIR> d-------- c:\documents and settings\Administrator 2009-02-06 21:09 . 2009-02-08 14:22 2,412 --a------ c:\windows\nlmkngrt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 23:47 81,984 ----a-w c:\windows\system32\bdod.bin 2009-02-27 23:29 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-10 00:55 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-02-08 04:00 --------- d-----w c:\program files\Common Files\Softwin 2009-02-07 22:13 --------- d-----w c:\program files\Bonjour 2009-01-31 04:13 --------- d-----w c:\documents and settings\Russ\Application Data\SolidWorks 2009-01-27 02:08 --------- d-----w c:\documents and settings\Russ\Application Data\sldIM 2009-01-17 20:14 --------- d-----w c:\documents and settings\Russ\Application Data\iScreensaver 2009-01-11 23:24 --------- d-----w c:\program files\Jasc Software Inc 2008-12-23 02:31 127,034 ----a-r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2008-12-16 23:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-26_18.00.29.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-27 23:16:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_234.dat . ((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\_003847_.tmp.dll 2004-08-04 06:00 9216 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006310.dll 2004-08-04 06:00 9216 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006310.dll C:\_003985_.tmp.dll {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A000(FMfn C:\_004107_.tmp.dll 2004-08-04 06:00 53760 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006570.dll C:\_004108_.tmp.dll 2004-08-04 06:00 221184 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006571.dll 2004-08-04 06:00 221184 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006571.dll C:\_004366_.tmp.dll 2004-08-04 06:00 7424 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006828.dll 2004-08-04 06:00 7424 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006828.dll C:\_004417_.tmp.dll {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A" 2004-08-04 06:00 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0006879.dll C:\_004813_.tmp.dll 2004-08-04 06:00 1032192 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0007275.dll c:\avenger\jkklIaya.dll {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000006.dll c:\avenger\meeizkip.sys {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000007.sys c:\avenger\senekamqsenvde.dll 2009-02-08 11:02 49152 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000008.dll c:\avenger\senekaonumtqte.dll 2009-02-06 21:04 14336 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000009.dll c:\avenger\senekarqkwqkgm.dll 2009-02-06 21:04 15872 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000010.dll c:\avenger\senekauwmybwvb.sys 2009-02-08 14:22 0 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000011.sys c:\avenger\ssqNFXoN.dll 2009-02-06 21:04 51200 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000012.dll c:\dllcache\_004592_.tmp.dll 2004-08-04 06:00 57344 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0007054.dll c:\dllcache\_004833_.tmp.dll 2004-08-04 06:00 63488 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP8\A0007295.dll 2009-02-23 19:44 155648 c:\program files\BitDefender\BitDefender 2009\as2core\as2core.dll 2008-12-09 18:57 155648 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010055.dll 2009-02-23 19:44 438272 c:\program files\BitDefender\BitDefender 2009\as2core\asregex.dll 2008-12-09 18:57 438272 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010056.dll 2009-02-23 19:44 9728 c:\program files\BitDefender\BitDefender 2009\asfn.dll 2008-12-09 18:57 9728 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010057.dll 2009-02-23 19:44 240 c:\program files\BitDefender\BitDefender 2009\build.reg 2009-01-21 14:56 240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010050.reg 2009-02-23 19:44 593920 c:\program files\BitDefender\BitDefender 2009\WSLib.dll 2008-09-18 13:28 634880 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010053.dll 2009-02-23 19:44 94208 c:\program files\BitDefender\BitDefender 2009\WSPack.dll 2008-09-18 13:28 94208 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP11\A0010054.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000033.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000034.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000035.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000036.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000032.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000038.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10394\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP0\A0000039.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000062.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000063.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000064.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000065.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000067.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10395\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP1\A0000068.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002682.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002683.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002684.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002685.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002681.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002687.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10417\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002688.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002703.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002704.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002705.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002706.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002702.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002708.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10438\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002709.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002716.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002717.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002718.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002719.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002715.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002721.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10452\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002722.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002738.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002739.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002740.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002741.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002737.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002743.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10470\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP4\A0002744.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10471\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP5\A0002751.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10471\avxs.dll {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP5\A0002753.dllc:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004881.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10471\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP5\A0002750.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004882.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004883.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004884.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004885.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004887.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10576\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004888.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004907.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004908.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004909.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004910.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004906.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004912.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10595\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP6\A0004913.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005920.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005921.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\avxt.dll 2002-01-14 13:49 27136 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005922.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\bdc.exe 2006-10-28 22:06 92160 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005923.exe c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\bdcore.dll 2008-09-25 16:49 102400 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005919.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\bdupd.dll 2005-09-03 10:28 77824 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005925.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10596\libfn.dll 2007-06-13 00:02 178176 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005926.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10611\avxdisk.dll 2009-01-14 12:39 53248 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005930.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10611\avxs.dll 2002-01-14 13:49 10240 {A5663E94-FB3F-4E11-980F-BB1110609CBB}\RP7\A0005931.dll c:\program files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_10611\avxt.dll C:\System Volume . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232] "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-12-03 1260296] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 9479448] "SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-24 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016] "THGuard"="d:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - d:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-12-23 1445904] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-22 67128] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328] R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42] 2009-02-07 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-12-03 15:39] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Russ\Application Data\Mozilla\Firefox\Profiles\jjfcjrjo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 17:49:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1048) d:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-02-27 17:53:05 ComboFix-quarantined-files.txt 2009-02-27 23:53:01 ComboFix2.txt 2009-02-27 00:02:17 Pre-Run: 67,960,389,632 bytes free Post-Run: 67,935,608,832 bytes free 383 --- E O F --- 2009-02-25 02:35:34

Jimmy2012 View Member Profile	Feb 28 2009, 12:19 AM Post #9
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, QUOTE OK Jim, or is it Jimmy? Both are fine, I go by either one. QUOTE I wish I had some idea as to what you are looking at or for Anything that is bad, that needs to be removed. QUOTE How did you get started and learn how to do this? The school here at Geeks to go, I signed up for it one day, got accepted and then started learning how to do this. There are a lot of great teachers here that will help you learn to do this. If you would like to learn more please read the following link. http://www.geekstogo.com/forum/Want-to-hel...hers-t2792.html Please open OTListIt2.exe Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Files c:\windows\nlmkngrt :Commands [emptytemp] [reboot] Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste. Click the Run Fix button. Let the program run until it is finished, reboot when it is done. It will produce a log for you on reboot, please post that log in your next reply. This post has been edited by Jimmy2012: Feb 28 2009, 12:19 AM

rmcfly View Member Profile	Feb 28 2009, 02:33 PM Post #10
Member Posts: 12 OS: XP	Jim, Thanks for the info on how you got started doing this. Looks interesting to me so I will check into it once my schedule clears up a bit. Here is the OTListIt2 log from the last run. ========== FILES ========== c:\windows\nlmkngrt moved successfully. ========== COMMANDS ========== File delete failed. C:\Documents and Settings\Russ\Local Settings\temp\History\History.IE5\MSHist012009022820090301\index.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_65c.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTListIt2 by OldTimer - Version 2.0.2.0 log created on 02282009_142251 Files moved on Reboot... C:\Documents and Settings\Russ\Local Settings\temp\History\History.IE5\MSHist012009022820090301\index.dat moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found! Registry entries deleted on Reboot...

Jimmy2012 View Member Profile	Feb 28 2009, 07:46 PM Post #11
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, No problem. Lets go ahead and do these two scans and see if they pick anything else up. Please start Malwarebytes' Anti-Malware and update it. To update please do this, click Update and then click Check for Updates. It will now install any updates it finds. Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. ~~~~~~~~~~~~~~ In your next reply please have these logs. The Malwarebytes log And the Kaspersky log

rmcfly View Member Profile	Mar 1 2009, 12:56 AM Post #12
Member Posts: 12 OS: XP	Hello Jim, I've never been so disappointed to have clean scans from both Malwarebytes and also Kaspersky. Kaspersky is just finishing its scan of my D drive but has not found anything yet. I did some searching and found 2 posts for this problem and they both used Gooredfix to eliminate it. Don't know if that helps or not. I will post the logs of both as soon as the scan on my D drive is complete. Russ This post has been edited by rmcfly: Mar 1 2009, 12:56 AM

Jimmy2012 View Member Profile	Mar 1 2009, 01:04 AM Post #13
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, QUOTE I did some searching and found 2 posts for this problem and they both used Gooredfix to eliminate it. Don't know if that helps or not. I did not see those signs in any of your logs, but since it is still going on, lets go ahead and run GooredFix and see if it picks anything up. Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

rmcfly View Member Profile	Mar 1 2009, 01:19 AM Post #14
Member Posts: 12 OS: XP	Jim, Here are the results from Malwarebytes and also GooRedFix (Option 1). I will post the results from Kaspersky shortly. Malwarebytes' Anti-Malware 1.34 Database version: 1813 Windows 5.1.2600 Service Pack 3 2/28/2009 9:10:08 PM mbam-log-2009-02-28 (21-10-08).txt Scan type: Quick Scan Objects scanned: 66859 Time elapsed: 4 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) GooredFix v1.91 by jpshortstuff Log created at 01:15 on 01/03/2009 running Option #1 (Russ) Firefox version 3.0.6 (en-US) =====Suspect Goored Entries===== C:\Program Files\Mozilla Firefox\extensions\{A15DCA03-3717-4FE9-A021-78EA815F370B} =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" This post has been edited by rmcfly: Mar 1 2009, 01:20 AM

Jimmy2012 View Member Profile	Mar 1 2009, 01:26 AM Post #15
Trusted Helper Posts: 6,238 From: Ohio, USA OS: Windows XP, Fedora, Ubuntu	Hello rmcfly, Looks like GooredFix found the problem. Please double-click GooredFix.exe on your Desktop to run it. Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal need help removing "Nail.exe"!	1 / 385	12th June 2005 - 10:37 AM yw37 started - last by yw37
Virus, Spyware and Trojan Removal NEED HELP REMOVING "pokapoka79.exe" [RESOLVED] 12	17 / 1,002	30th January 2006 - 06:08 PM pardo started - last by Flrman1
Virus, Spyware and Trojan Removal Need Help Removing "DriveCleaner" from Registry	7 / 386	24th November 2006 - 10:26 PM mentor2k started - last by mentor2k
Virus, Spyware and Trojan Removal Need help removing "Win32:Spyware-gen" and "Win32:Homle	1 / 490	29th June 2008 - 01:16 PM ljohnson4541 started - last by ljohnson4541
Virus, Spyware and Trojan Removal Need Help Removing Virus (Police Pro) [Solved]	12 / 739	14th September 2009 - 06:39 PM reege23 started - last by Transience