Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware "The Best Offer Network" and other malware/spyware on

Started by dewunknown36 , May 03 2008 09:32 AM

  • This topic is locked This topic is locked

#1
dewunknown36
Posted 03 May 2008 - 09:32 AM

dewunknown36

    Member

  • Member
  • PipPip
  • 12 posts
Hi, I'm new to the forums and this is my first post. I did everything that was listed in the "Before you post a HijackThis Log". All of the logs are enclosed below. A while ago, I downloaded some programs and had CA EZ Internet Suite at the time, it came back that my computer was infected with a bunch of different Trojan programs. I think that I removed the Trojans successfully, but upon doing a recent TrendMicro Housecall scan, it came up that I was infected with the Adware Best Offers Network, and I cannot seem to get rid of it. I don't know if there are anymore infections on my system, but I will post the logs and hopefully you guys can advise what to do. Thanks in advance.

Malwarebytes' Anti-Malware 1.11
Database version: 699

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 114613
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2008 at 10:16 AM

Application Version : 4.0.1154

Core Rules Database Version : 3450
Trace Rules Database Version: 1442

Scan type : Complete Scan
Total Scan Time : 01:11:11

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 4705
Registry threats detected : 0
File items scanned : 81338
File threats detected : 49

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@nextag[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adultfriendfinder[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adultadworld[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@clicktorrent[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@roiservice[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bluestreak[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@trafficmp[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@partner2profit[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@collective-media[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@247realmedia[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-03 11:19:15
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Internet Security 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location zu
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description zu
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 zu
176382 HIGH MS07-057 zu
170907 HIGH MS07-046 zu
170906 HIGH MS07-045 zu
170904 HIGH MS07-043 zu
164913 HIGH MS07-033 zu
160623 HIGH MS07-027 zu
150253 HIGH MS07-016 zu
108742 MEDIUM MS06-006 zu
;===============================================================================
=================================================================================
===================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:19 AM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209514737046
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8315 bytes
  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 06:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Does TrendMicro indicate what file is infected?

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
dewunknown36
Posted 03 May 2008 - 07:30 PM

dewunknown36

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Greyknight, thanks for answering. TrendMicro does not indicate which file is infected, otherwise I would've tried to remove it on my own. Thanks for your help. Here is the Combofix log requested:

ComboFix 08-05-01.3 - Compaq_Administrator 2008-05-03 21:24:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 18:39 . 2008-05-03 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-03 17:47 . 2008-05-03 17:47 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-05-03 17:44 . 2008-05-03 17:44 <DIR> d-------- C:\Program Files\vso
2008-05-03 17:06 . 2008-05-03 17:06 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2008-05-03 16:42 . 2008-05-03 16:42 <DIR> d-------- C:\temp
2008-05-03 11:22 . 2008-05-03 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 23:03 . 2008-05-01 23:03 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-01 22:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-01 22:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-01 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-01 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-30 19:20 . 2008-04-30 19:20 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 10:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 10:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-29 22:58 . 2008-04-30 00:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 22:29 . 2008-04-29 22:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\kav
2008-04-29 20:58 . 2008-04-29 20:58 <DIR> d-------- C:\Program Files\CCleaner
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-29 20:53 . 2008-05-03 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-04-29 20:52 . 2008-04-29 20:52 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-04-29 20:52 . 2008-05-03 17:44 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Vso
2008-04-29 20:52 . 2008-04-29 20:52 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-29 20:52 . 2008-04-29 20:52 47,360 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-04-29 20:51 . 2008-04-29 20:51 <DIR> d-------- C:\Program Files\SlySoft
2008-04-29 20:51 . 2008-04-29 20:51 0 ---hs---- C:\WINDOWS\SA67EF421.tmp
2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-29 19:55 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-29 19:55 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-29 19:55 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-29 19:55 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-29 19:55 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-29 19:54 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-29 19:54 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-29 19:54 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-29 19:54 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-29 19:29 . 2008-04-29 19:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-29 19:18 . 2006-03-20 23:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-04-29 13:38 . 2008-04-29 13:38 <DIR> d-------- C:\Program Files\Fisher-Price
2008-04-29 13:37 . 2008-04-29 13:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-29 09:14 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-29 09:14 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-29 09:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-29 09:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-29 09:13 . 2008-04-29 09:13 <DIR> d-------- C:\Program Files\Logitech
2008-04-29 09:13 . 2008-04-29 09:13 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-29 09:13 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-04-29 09:13 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-04-29 09:13 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-04-29 09:13 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-04-29 09:04 . 2008-05-03 18:19 <DIR> d-------- C:\Program Files\Juno
2008-04-29 09:04 . 1998-02-06 21:43 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-04-29 09:04 . 1998-08-24 20:03 4,608 --a------ C:\WINDOWS\system32\rnasmm.dll
2008-04-29 09:04 . 2008-05-03 18:29 488 --a------ C:\WINDOWS\JUNO.INI
2008-04-29 04:56 . 2008-05-03 20:05 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-04-29 04:27 . 2008-05-03 21:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
2008-04-29 03:56 . 2008-04-29 19:46 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-29 03:56 . 2008-04-29 03:56 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-04-29 03:56 . 2008-04-29 03:56 61 --a------ C:\WINDOWS\smscfg.ini
2008-04-29 03:55 . 2004-08-04 01:59 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,504 --a------ C:\WINDOWS\system32\dllcache\intelide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,376 --a------ C:\WINDOWS\system32\dllcache\viaide.sys
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Symantec
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-29 03:39 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Google
2008-04-29 03:35 . 2008-04-29 04:17 <DIR> d-------- C:\Program Files\PC-Doctor for DOS
2008-04-29 03:35 . 2008-04-29 04:17 <DIR> d-------- C:\Program Files\PC-Doctor 5 for Windows
2008-04-29 03:35 . 2005-11-18 15:51 28,848 --a------ C:\WINDOWS\system32\drivers\USBkey.sys
2008-04-29 03:35 . 2005-11-18 15:58 13,440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys
2008-04-29 03:35 . 2002-12-06 15:10 2,238 --a------ C:\WINDOWS\system32\doc.ico
2008-04-29 03:33 . 2005-07-13 14:48 29,926 --a------ C:\WINDOWS\hsc.ico
2008-04-29 03:32 . 2008-04-29 01:04 <DIR> d-a------ C:\WINDOWS\system32\pcintro
2008-04-29 03:32 . 2008-04-29 04:03 <DIR> d-------- C:\WINDOWS\HPCPCUninstall-5577497
2008-04-29 03:32 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Compaq Connections
2008-04-29 03:32 . 2008-04-29 03:32 118,842 -ra------ C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
2008-04-29 03:31 . 2008-04-29 03:31 667,896 --a------ C:\WINDOWS\unins000.exe
2008-04-29 03:31 . 2003-04-07 17:22 45,056 --a------ C:\WINDOWS\system32\runclose.ocx
2008-04-29 03:31 . 2002-03-20 00:05 45,056 --a------ C:\WINDOWS\system32\hpreg.dll
2008-04-29 03:31 . 2004-01-22 13:51 40,960 --a------ C:\WINDOWS\system32\omano.dll
2008-04-29 03:31 . 2005-10-28 16:30 19,736 --a------ C:\WINDOWS\system32\oemlogo.bmp
2008-04-29 03:31 . 2008-04-29 03:31 12,988 --a------ C:\WINDOWS\system32\CHODDI.SYS
2008-04-29 03:31 . 2008-04-29 03:31 1,235 --a------ C:\WINDOWS\unins000.dat
2008-04-29 03:29 . 2008-04-29 01:22 <DIR> d-------- C:\Program Files\Quicken
2008-04-29 03:29 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-29 03:29 . 2008-04-29 01:22 31 --a------ C:\WINDOWS\Quicken.ini
2008-04-29 03:28 . 2008-04-29 04:03 <DIR> d-a------ C:\WINDOWS\CREATOR
2008-04-29 03:28 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-29 03:28 . 2005-06-03 18:29 266,240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll
2008-04-29 03:28 . 2005-06-03 18:29 237,568 --a------ C:\WINDOWS\system32\ShellvRTF.dll
2008-04-29 03:27 . 2003-06-18 20:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-29 03:27 . 2008-04-29 03:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 03:25 . 2008-04-29 04:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 03:23 . 2008-04-29 04:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 03:22 . 2008-04-29 08:39 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-29 03:22 . 2008-04-29 04:09 <DIR> d-a------ C:\Program Files\Common Files\LightScribe
2008-04-29 03:22 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-29 03:22 . 2003-04-23 21:29 221,215 --a------ C:\WINDOWS\system32\Divxdec.ax
2008-04-29 03:22 . 2006-01-02 16:26 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-04-29 03:21 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-29 03:19 . 2008-04-29 04:05 <DIR> d-------- C:\WINDOWS\wt
2008-04-29 03:17 . 2008-04-29 14:15 <DIR> d-------- C:\Program Files\WildTangent
2008-04-29 03:16 . 2008-04-29 04:18 <DIR> d-------- C:\Program Files\Sonic
2008-04-29 03:16 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-29 03:16 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-29 03:16 . 2008-04-29 03:21 108 --a------ C:\WINDOWS\WININIT.INI
2008-04-29 03:15 . 2008-04-29 04:15 <DIR> d-------- C:\Program Files\Netscape
2008-04-29 03:15 . 2008-04-29 04:12 <DIR> d-------- C:\Program Files\HP Rhapsody
2008-04-29 03:15 . 2005-08-18 17:33 45,929 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE
2008-04-29 03:15 . 2008-04-29 03:15 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-29 03:15 . 2005-08-11 22:25 698 --a------ C:\WINDOWS\NSSetDefaultBrowser.ini
2008-04-29 03:14 . 2008-04-29 04:18 <DIR> d-------- C:\Program Files\Real
2008-04-29 03:14 . 2008-04-29 04:14 <DIR> d-------- C:\Program Files\music_now
2008-04-29 03:14 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-29 03:14 . 2008-04-29 04:09 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-29 03:13 . 2008-04-29 04:14 <DIR> d-------- C:\Program Files\MSN Encarta Standard
2008-04-29 03:13 . 2008-04-29 04:11 <DIR> d-------- C:\Program Files\DISC
2008-04-29 03:13 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 08:24 --------- d-----w C:\Program Files\Windows Plus
2008-04-29 08:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 07:33 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-04-29 07:33 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-04-29 07:33 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-04-29 07:33 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-04-29 07:33 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-04-29 07:33 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-04-29 07:33 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-04-29 07:33 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-04-29 07:33 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 08:59 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-29 01:30 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-29 01:30 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-29 01:30 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-04-11 10:42 2075584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-30 00:55 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-11 17:11 1064960]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-11 17:10 61440]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 05:01 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 20:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 22:23 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 02:11 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-29 01:30 1177368]
"eligmini"="C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 16:27 487424]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-06 22:46:03 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-30 00:55 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-29 01:30]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-29 01:30]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-29 01:30]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-29 01:30]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-29 01:30]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-29 01:30]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-29 01:29]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-29 01:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f968846-9749-11da-95ee-0015f2a9f7da}]
\Shell\AutoRun\command - ~tmp0.1st.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 21:26:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-03 21:26:54
ComboFix-quarantined-files.txt 2008-05-04 01:26:52

Pre-Run: 179,565,678,592 bytes free
Post-Run: 179,642,920,960 bytes free

256 --- E O F --- 2008-04-30 00:15:57
  • 0

#4
greyknight17
Posted 04 May 2008 - 11:57 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Open up C:\WINDOWS\WININIT.INI in notepad. Copy & Paste the contents of that file here. Then delete everything in that file and copy/paste the following two lines into it and save it:

[rename]
nul=

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\kb913800.exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Is anything still detected now? How is the computer running so far?
  • 0

#5
dewunknown36
Posted 04 May 2008 - 04:15 PM

dewunknown36

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Greyknight, I did what you said and Opened up C:\WINDOWS\WININIT.INI in notepad. I can't Copy & Paste the contents of that file here because I had separate browser open and when I did the Combofix program, it shut down the browser. Here is the Combofix log:


ComboFix 08-05-01.3 - Compaq_Administrator 2008-05-04 18:03:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.332 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\kb913800.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\kb913800.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 16:10 . 2008-05-04 16:10 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-05-04 14:02 . 2008-05-04 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-04 13:07 . 2008-05-04 16:16 198,372 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-05-04 13:07 . 2008-05-04 16:15 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-05-04 13:07 . 2008-05-04 16:16 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-05-04 13:06 . 2008-05-04 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-04 13:03 . 2008-05-04 16:16 198,372 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-05-04 13:03 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-05-04 13:03 . 2008-05-04 16:16 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-05-04 13:03 . 2008-05-04 13:03 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-04 13:02 . 2008-05-04 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-04 12:59 . 2008-05-04 12:59 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-05-04 12:59 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-05-04 12:59 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-05-03 18:39 . 2008-05-03 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-03 17:47 . 2008-05-03 17:47 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-05-03 17:44 . 2008-05-03 17:44 <DIR> d-------- C:\Program Files\vso
2008-05-03 17:06 . 2008-05-03 17:06 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2008-05-03 16:42 . 2008-05-03 16:42 <DIR> d-------- C:\temp
2008-05-03 11:22 . 2008-05-03 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 23:03 . 2008-05-01 23:03 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-01 22:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-01 22:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-01 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-01 22:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-30 19:20 . 2008-05-04 13:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 10:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 10:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-29 22:58 . 2008-04-30 00:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:58 . 2008-04-29 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-04-29 22:31 . 2008-04-29 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-29 22:29 . 2008-04-29 22:29 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-29 21:06 . 2008-04-29 21:06 <DIR> d-------- C:\kav
2008-04-29 20:58 . 2008-04-29 20:58 <DIR> d-------- C:\Program Files\CCleaner
2008-04-29 20:53 . 2008-04-29 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-29 20:53 . 2008-05-04 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2008-04-29 20:52 . 2008-04-29 20:52 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-04-29 20:52 . 2008-05-03 17:44 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Vso
2008-04-29 20:52 . 2008-04-29 20:52 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-29 20:52 . 2008-04-29 20:52 47,360 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-04-29 20:51 . 2008-04-29 20:51 <DIR> d-------- C:\Program Files\SlySoft
2008-04-29 20:51 . 2008-04-29 20:51 0 ---hs---- C:\WINDOWS\SA67EF421.tmp
2008-04-29 20:20 . 2008-04-29 20:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-29 19:55 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-29 19:55 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-29 19:55 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-29 19:55 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-29 19:55 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-29 19:54 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-29 19:54 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-29 19:54 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-29 19:54 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-29 19:29 . 2008-04-29 19:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-29 13:38 . 2008-04-29 13:38 <DIR> d-------- C:\Program Files\Fisher-Price
2008-04-29 13:37 . 2008-04-29 13:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-29 09:14 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-29 09:14 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-29 09:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-29 09:14 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-29 09:13 . 2008-04-29 09:13 <DIR> d-------- C:\Program Files\Logitech
2008-04-29 09:13 . 2008-04-29 09:13 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-29 09:13 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-04-29 09:13 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-04-29 09:13 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-04-29 09:13 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-04-29 09:04 . 2008-05-03 18:19 <DIR> d-------- C:\Program Files\Juno
2008-04-29 09:04 . 1998-02-06 21:43 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-04-29 09:04 . 1998-08-24 20:03 4,608 --a------ C:\WINDOWS\system32\rnasmm.dll
2008-04-29 09:04 . 2008-05-03 18:29 488 --a------ C:\WINDOWS\JUNO.INI
2008-04-29 04:56 . 2008-05-04 16:16 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-04-29 04:27 . 2008-05-03 21:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
2008-04-29 03:56 . 2008-04-29 19:46 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-29 03:56 . 2008-04-29 03:56 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-04-29 03:56 . 2008-04-29 03:56 61 --a------ C:\WINDOWS\smscfg.ini
2008-04-29 03:55 . 2004-08-04 01:59 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,504 --a------ C:\WINDOWS\system32\dllcache\intelide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008-04-29 03:55 . 2004-08-04 01:59 5,376 --a------ C:\WINDOWS\system32\dllcache\viaide.sys
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Symantec
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-29 03:43 . 2008-04-29 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-29 03:39 . 2008-04-29 01:20 <DIR> d-------- C:\Program Files\Google
2008-04-29 03:35 . 2008-04-29 04:17 <DIR> d-------- C:\Program Files\PC-Doctor for DOS
2008-04-29 03:35 . 2008-04-29 04:17 <DIR> d-------- C:\Program Files\PC-Doctor 5 for Windows
2008-04-29 03:35 . 2005-11-18 15:51 28,848 --a------ C:\WINDOWS\system32\drivers\USBkey.sys
2008-04-29 03:35 . 2005-11-18 15:58 13,440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys
2008-04-29 03:35 . 2002-12-06 15:10 2,238 --a------ C:\WINDOWS\system32\doc.ico
2008-04-29 03:33 . 2005-07-13 14:48 29,926 --a------ C:\WINDOWS\hsc.ico
2008-04-29 03:32 . 2008-04-29 01:04 <DIR> d-a------ C:\WINDOWS\system32\pcintro
2008-04-29 03:32 . 2008-04-29 04:03 <DIR> d-------- C:\WINDOWS\HPCPCUninstall-5577497
2008-04-29 03:32 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Compaq Connections
2008-04-29 03:32 . 2008-04-29 03:32 118,842 -ra------ C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
2008-04-29 03:31 . 2008-04-29 03:31 667,896 --a------ C:\WINDOWS\unins000.exe
2008-04-29 03:31 . 2003-04-07 17:22 45,056 --a------ C:\WINDOWS\system32\runclose.ocx
2008-04-29 03:31 . 2002-03-20 00:05 45,056 --a------ C:\WINDOWS\system32\hpreg.dll
2008-04-29 03:31 . 2004-01-22 13:51 40,960 --a------ C:\WINDOWS\system32\omano.dll
2008-04-29 03:31 . 2005-10-28 16:30 19,736 --a------ C:\WINDOWS\system32\oemlogo.bmp
2008-04-29 03:31 . 2008-04-29 03:31 12,988 --a------ C:\WINDOWS\system32\CHODDI.SYS
2008-04-29 03:31 . 2008-04-29 03:31 1,235 --a------ C:\WINDOWS\unins000.dat
2008-04-29 03:29 . 2008-04-29 01:22 <DIR> d-------- C:\Program Files\Quicken
2008-04-29 03:29 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-29 03:29 . 2008-04-29 01:22 31 --a------ C:\WINDOWS\Quicken.ini
2008-04-29 03:28 . 2008-04-29 04:03 <DIR> d-a------ C:\WINDOWS\CREATOR
2008-04-29 03:28 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-29 03:28 . 2005-06-03 18:29 266,240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll
2008-04-29 03:28 . 2005-06-03 18:29 237,568 --a------ C:\WINDOWS\system32\ShellvRTF.dll
2008-04-29 03:27 . 2003-06-18 20:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-29 03:27 . 2008-04-29 03:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 03:25 . 2008-04-29 04:13 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 03:23 . 2008-04-29 04:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 03:22 . 2008-04-29 08:39 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-29 03:22 . 2008-04-29 04:09 <DIR> d-a------ C:\Program Files\Common Files\LightScribe
2008-04-29 03:22 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-29 03:22 . 2003-04-23 21:29 221,215 --a------ C:\WINDOWS\system32\Divxdec.ax
2008-04-29 03:22 . 2006-01-02 16:26 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-04-29 03:21 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-29 03:19 . 2008-04-29 04:05 <DIR> d-------- C:\WINDOWS\wt
2008-04-29 03:17 . 2008-04-29 14:15 <DIR> d-------- C:\Program Files\WildTangent
2008-04-29 03:16 . 2008-04-29 04:18 <DIR> d-------- C:\Program Files\Sonic
2008-04-29 03:16 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-29 03:16 . 2008-04-29 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 08:24 --------- d-----w C:\Program Files\Windows Plus
2008-04-29 08:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 07:33 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-04-29 07:33 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-04-29 07:33 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-04-29 07:33 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-04-29 07:33 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-04-29 07:33 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-04-29 07:33 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-04-29 07:33 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-04-29 07:33 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 08:59 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-03_21.26.45.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 00:03:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 20:14:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-02-15 23:02:20 50,736 ----a-w C:\WINDOWS\system32\avldr.dll
+ 2007-09-28 17:05:40 71,608 ----a-w C:\WINDOWS\system32\drivers\APPFLT.SYS
+ 2007-06-08 11:44:06 24,760 ----a-w C:\WINDOWS\system32\drivers\cpoint.sys
+ 2007-05-11 12:33:06 51,256 ----a-w C:\WINDOWS\system32\drivers\dsaflt.sys
+ 2007-11-14 21:48:22 21,816 ----a-w C:\WINDOWS\system32\drivers\fnetmon.sys
+ 2007-07-11 14:39:48 191,672 ----a-w C:\WINDOWS\system32\drivers\idsflt.sys
+ 2007-10-25 12:50:32 132,664 ----a-w C:\WINDOWS\system32\drivers\NETFLTDI.SYS
+ 2007-11-19 17:01:50 143,160 ----a-w C:\WINDOWS\system32\drivers\netimflt.sys
+ 2007-05-11 12:33:32 37,304 ----a-w C:\WINDOWS\system32\drivers\smsflt.sys
+ 2007-05-11 12:33:34 30,648 ----a-w C:\WINDOWS\system32\drivers\wnmflt.sys
+ 2003-10-22 21:23:18 446,464 ----a-w C:\WINDOWS\system32\HHActiveX.dll
+ 2001-07-30 20:40:12 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
+ 2007-02-28 21:04:44 63,024 ----a-w C:\WINDOWS\system32\pavipc.dll
+ 2007-10-25 21:27:32 292,144 ----a-w C:\WINDOWS\system32\PavSHook.dll
- 2008-04-29 23:50:48 53,640 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-04 17:09:53 53,640 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-29 23:50:48 382,022 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-04 17:09:53 382,022 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-02-08 14:53:40 107,568 ----a-w C:\WINDOWS\system32\SYSTOOLS.DLL
+ 2007-10-16 19:37:10 161,072 ----a-w C:\WINDOWS\system32\TpUtil.dll
+ 2008-05-04 20:15:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b48.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-04-11 10:42 2075584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-30 00:55 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-11 17:11 1064960]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-11 17:10 61440]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 05:01 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 20:29 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 22:23 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 02:11 49152]
"eligmini"="C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 16:27 487424]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-11-23 14:33 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 14:17 27952]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-06 22:46:03 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-30 00:55 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-05-04 16:15]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f968846-9749-11da-95ee-0015f2a9f7da}]
\Shell\AutoRun\command - ~tmp0.1st.exe

*Newly Created Service* - COMFILTR
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 18:06:05
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 18:07:10
ComboFix-quarantined-files.txt 2008-05-04 22:07:05
ComboFix2.txt 2008-05-04 21:45:24
ComboFix3.txt 2008-05-04 01:26:55

Pre-Run: 179,329,597,440 bytes free
Post-Run: 179,319,033,856 bytes free

280 --- E O F --- 2008-04-30 00:15:57


Hope this helps.
  • 0

#6
greyknight17
Posted 04 May 2008 - 04:26 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You may just erase the contents inside the C:\WINDOWS\WININIT.INI file and copy/paste the lines I mentioned earlier.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
dewunknown36
Posted 04 May 2008 - 04:32 PM

dewunknown36

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Everything seems to be running okay. Do you know if there was anything within my Hijackthis log that looked funny? I can post another Hijack log or Combofix log if you want me to, just to make sure.

One other question for you also. I was thinking that some kind of spyware had disable my ability to use a game controller that I had been using previously. Do you know if viruses have this capability? If you want, I can give you the error message I'm receiving when I try to use the controller. Let me know. Thanks.
  • 0

#8
greyknight17
Posted 04 May 2008 - 05:17 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No need. They both look ok now.

Did you try reinstalling the game controller driver (if it comes with one)? Have you tried using it on another computer to confirm that it works? If you still have problems, post in the appropriate board in the forum for more assistance.
  • 0

#9
greyknight17
Posted 04 May 2008 - 05:17 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP