Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mbam log? [Closed]


  • This topic is locked This topic is locked

#1
Mattjames

Mattjames

    New Member

  • Member
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/3/2003 6:35:09 PM
mbam-log-2003-12-03 (18-35-09).txt

Scan type: Quick scan
Objects scanned: 121606
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dpnet32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f4b41d2e937 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f7db56-9a30-4d71-9471-43ff943f76f2} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dinput832.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dpnet32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\d3dx9_3132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnetcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\davclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmime32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dskquota32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsound32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dx8vb32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu787367796v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu787367796v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u787367796v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Mattjames

Mattjames

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
should i show you my combo fix log?
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes
  • 0

#5
Mattjames

Mattjames

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 10-06-06.04 - Owner 12/04/2003 7:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.294 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\winspool.drv
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\0200000007673692937C.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937O.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937P.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\install.rdf
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\1183218249
c:\windows\system32\unrar.exe

-- Previous Run --

c:\windows\system32\msgsvc.dll . . . is infected!!

--------

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2003-11-04 to 2003-12-04 )))))))))))))))))))))))))))))))
.

2010-06-04 12:58 . 2003-12-04 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-04 12:04 . 2010-06-04 12:06 13391344 ----a-w- c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_chrome_4.1.249.1064_en_setup.exe
2010-06-04 11:58 . 2010-06-04 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-03 07:52 . 2010-06-03 07:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-31 14:38 . 2010-05-31 14:38 -------- d-----w- c:\program files\iPod
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\program files\iTunes
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 14:33 . 2010-05-31 14:33 -------- d-----w- c:\program files\QuickTime
2010-05-31 14:24 . 2010-05-31 14:24 -------- d-----w- c:\program files\Bonjour
2010-05-31 14:21 . 2010-05-31 14:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-27 01:13 . 2010-05-27 01:13 561152 ----a-w- c:\windows\AJScreensaver.scr
2010-05-16 00:11 . 2010-05-16 00:11 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-15 23:09 . 2010-05-15 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-05-10 08:43 . 2010-06-03 15:06 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-10 01:16 . 2010-05-10 01:16 -------- d-----w- c:\documents and settings\Owner\AppData
2010-05-10 01:12 . 2010-05-10 01:12 -------- d-----w- c:\program files\AhnLab
2010-05-03 14:18 . 2010-05-03 14:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-29 17:17 . 2010-04-29 17:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2010-04-28 19:45 . 2003-12-04 15:26 -------- d-----w- c:\documents and settings\Owner\Tracing
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Microsoft
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-28 19:42 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live
2010-04-28 19:37 . 2010-04-28 19:37 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-20 07:53 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-04-20 07:53 . 2001-08-17 20:48 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2010-04-17 06:12 . 2010-04-17 06:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 13:41 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PassMark
2010-04-16 13:41 . 2010-04-16 13:41 57856 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{849089CF-4988-49ED-A2DD-110CD5D9D7E8}\Icon849089CF.exe
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\program files\PerformanceTest
2010-04-16 13:08 . 2010-04-16 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-04-16 13:08 . 2003-12-03 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-16 13:06 . 2010-04-16 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-16 13:03 . 2003-12-04 10:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-16 12:53 . 2010-04-16 12:53 -------- d-----w- c:\program files\Smith Micro
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 10:58 . 2010-04-07 10:58 -------- d-----w- c:\windows\Sun
2010-04-03 06:45 . 2006-02-28 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-03 06:03 . 2010-04-03 06:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-03 06:01 . 2010-04-03 06:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-02 17:04 . 2010-06-03 22:05 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-02 17:04 . 2003-12-02 23:51 -------- d-----w- c:\program files\Ask.com
2010-04-02 17:03 . 2010-04-02 17:03 -------- d-----w- c:\program files\LimeWire
2010-04-01 20:05 . 2010-04-01 20:05 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-03-29 19:00 . 2010-03-29 19:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-03-29 19:00 . 2003-12-02 09:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2010-03-29 19:00 . 2010-04-28 19:45 13688 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-28 06:31 . 2010-03-28 06:31 -------- d-----w- c:\windows\ServicePackFiles
2010-03-28 00:14 . 2010-04-01 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-27 22:05 . 2010-03-27 22:05 190 ----a-w- c:\windows\DelIndex.BAT
2010-03-27 22:03 . 2010-03-27 22:05 -------- d-----w- c:\program files\Privacy Keeper
2010-03-27 18:03 . 2004-08-04 07:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-27 16:36 . 2010-04-03 06:01 -------- d-----w- c:\windows\system32\LogFiles
2010-03-26 21:47 . 2010-03-26 22:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-26 21:45 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-26 21:45 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-26 21:38 . 2009-12-08 18:53 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-26 21:38 . 2009-12-08 18:55 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-26 21:38 . 2009-12-08 18:19 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-26 21:38 . 2009-12-08 18:19 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-26 21:37 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-26 21:21 . 2009-01-08 02:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonSystemWorks
2010-03-26 21:13 . 2010-04-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-26 21:09 . 2005-01-23 18:30 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-03-26 21:06 . 2010-03-26 21:06 -------- d-s---w- c:\windows\system32\Microsoft
2010-03-26 21:03 . 2006-02-28 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-03-26 21:02 . 2006-02-28 12:00 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2010-03-26 21:01 . 2010-03-30 19:28 -------- d--h--w- c:\windows\$hf_mig$
2010-03-26 21:01 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-26 21:01 . 2010-03-26 21:01 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2010-03-26 20:57 . 2010-03-26 21:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-03-26 20:57 . 2006-02-28 12:00 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 40448 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-03-26 20:55 . 2004-08-04 08:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll
2010-03-26 20:55 . 2004-08-04 06:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-26 20:55 . 2004-08-04 06:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys
2010-03-26 20:55 . 2004-08-04 08:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-26 20:55 . 2004-08-04 06:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys
2010-03-26 20:55 . 2004-08-04 06:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys
2010-03-26 20:51 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-26 20:35 . 2010-03-26 20:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2010-03-26 20:33 . 2010-03-26 20:34 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 20:23 . 2010-03-26 20:23 -------- d-----w- c:\windows\system32\bits
2010-03-26 12:43 . 2010-03-26 12:49 -------- d-----w- c:\windows\PeerNet
2010-03-26 12:43 . 2010-03-26 12:43 -------- d-----w- c:\windows\Provisioning
2010-03-26 09:37 . 2010-03-26 09:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2010-03-25 03:12 . 2006-02-28 12:00 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-s---w- c:\documents and settings\Owner\UserData
2010-03-24 00:57 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-03-24 00:51 . 2006-02-28 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 ----a-w- c:\windows\system32\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 ----a-w- c:\windows\system32\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 ----a-w- c:\windows\system32\evntagnt.dll
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-22 17:09 . 2010-03-22 17:12 -------- d-----w- c:\program files\Microsoft Plus!
2010-03-22 01:13 . 2010-05-31 14:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-21 18:47 . 2010-05-04 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 10:44 . 2010-03-21 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-21 10:43 . 2010-06-04 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-21 09:40 . 2010-03-21 09:40 0 ----a-w- c:\windows\nsreg.dat
2010-03-21 09:39 . 2010-03-21 09:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-03-21 09:37 . 2010-04-01 20:38 -------- d-----w- c:\program files\Carbonite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 13:58 . 2010-05-31 15:40 320 ----a-w- c:\documents and settings\Owner\udpcrawl.tmp
2010-06-04 12:17 . 2010-06-03 07:47 -------- d-----w- c:\program files\Google
2010-06-03 07:50 . 2010-06-03 07:50 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:47 -------- d-----w- c:\program files\DivX
2010-06-03 07:50 . 2010-06-03 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-03 07:50 . 2010-06-03 07:50 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:50 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-03 07:49 . 2010-06-03 07:49 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-03 07:46 . 2010-06-03 07:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-01 06:01 . 2003-12-02 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-31 15:36 . 2010-05-31 15:36 0 ---ha-w- c:\documents and settings\Owner\iirziqwbgt.tmp
2010-05-31 14:37 . 2003-12-02 19:48 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 23:39 . 2003-12-04 02:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 23:39 . 2003-12-04 02:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 18:14 . 2010-03-21 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 02:45 . 2010-03-21 06:21 77423 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 20:59 . 2010-03-21 06:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-21 09:37 . 2010-03-21 05:38 -------- d-----w- c:\program files\Java
2010-03-21 06:37 . 2010-03-21 06:37 -------- d-----w- c:\program files\Broadcom
2010-03-21 06:34 . 2010-03-21 06:34 -------- d-----w- c:\program files\Intel
2010-03-21 06:34 . 2010-03-21 06:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 06:32 . 2010-03-21 06:32 -------- d-----w- c:\program files\Analog Devices
2010-03-21 06:31 . 2010-03-21 06:31 -------- d-----w- c:\program files\Dell
2010-03-21 06:27 . 2010-03-21 06:27 2232 ----a-w- c:\windows\java\Packages\Data\D3DBXVRP.DAT
2010-03-21 06:27 . 2010-03-21 06:27 155995 ----a-w- c:\windows\java\Packages\41VBDJ97.ZIP
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\4Z7NXB1B.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\6HZ3ZHBR.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\J57739BJ.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\CV33179J.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\1BBXZD33.DAT
2010-03-21 06:23 . 2010-03-21 06:23 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 05:38 . 2010-03-21 05:38 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-05 19:16 . 2010-02-05 19:16 94208 ----a-w- c:\windows\system32\dpl100.dll
2009-12-31 16:14 . 2006-02-28 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-22 18:39 . 2006-02-28 12:00 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-12-16 12:58 . 2010-03-21 06:17 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2006-02-28 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2006-02-28 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2006-02-28 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-16 06:51 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 17:21 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:53 . 2006-02-28 12:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-02-28 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-02-28 12:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-11 14:33 . 2006-02-28 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 12:19 . 2006-02-28 12:00 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 03:24 . 2010-03-25 03:09 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 03:24 . 2010-03-25 03:09 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 03:24 . 2010-03-25 03:09 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 03:24 . 2009-08-07 03:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 03:24 . 2010-03-21 06:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 03:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 03:23 . 2010-03-25 03:09 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 03:23 . 2010-03-21 06:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 04:57 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2006-02-28 12:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-06-25 08:44 . 2006-02-28 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2006-02-28 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2006-02-28 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2006-02-28 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2006-02-28 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2006-02-28 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:32 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2010-03-21 06:17 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-18 22:17 . 2003-12-02 19:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-18 20:17 . 2009-05-18 20:17 26600 ----a-w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11 . 2006-02-28 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-08 12:34 . 2006-02-28 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 12:34 . 2006-02-28 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 12:33 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 12:32 . 2006-02-28 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 12:32 . 2006-02-28 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 12:31 . 2006-02-28 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 12:31 . 2006-02-28 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-06-04 12:00 . 2010-06-04 12:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 19:11 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-21 149280]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-01-23 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-04 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCloseDragDropBands"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [4/1/2010 12:05 PM 18432]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2010 11:47 PM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/4/2010 3:59 AM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2003-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-04 11:58]

2003-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]

2010-06-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-03-28 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Contains
DPF: DownloadInformation -
DPF: InstalledVersion
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\[email protected]\defaults\preferences\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Notify-f4b41d2e937 - c:\windows\SYSTEM32\DINPUT832.DLL
AddRemove-EarthBound-RO FULL CLIENT - c:\documents and settings\Owner\My Documents\Ragnarok\EarthBound Ro\Uninstal.exe
AddRemove-MyProduct - c:\documents and settings\Owner\My Documents\Ragnarok\Old School RO\Uninstal.exe
AddRemove-{ED7474E0-CCD3-4730-9A66-D92C9BCA66FF} - c:\documents and settings\Owner\Local Settings\Application Data\{B67AE4AE-D3BC-4A7E-A478-AFD4EC8988DA}\ChosenRO Large Installer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2003-12-04 07:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2003-12-04 07:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2003-12-04 15:31

Pre-Run: 48,990,859,264 bytes free
Post-Run: 48,957,882,368 bytes free

- - End Of File - - 46E48E0CD852F44E93BC883889561365
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    
    :Reg
    
    :Files
    c:\documents and settings\Owner\*.tmp
    c:\windows\java\Packages\Data\D3DBXVRP.DAT
    c:\windows\java\Packages\41VBDJ97.ZIP
    c:\windows\java\Packages\Data\4Z7NXB1B.DAT
    c:\windows\java\Packages\Data\6HZ3ZHBR.DAT
    c:\windows\java\Packages\Data\J57739BJ.DAT
    c:\windows\java\Packages\Data\CV33179J.DAT
    c:\windows\java\Packages\Data\1BBXZD33.DAT
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles /all
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    msgsvc.dll
    /md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP