Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MS Antispyware 2009 [Solved]

Started by gitcheegoomee , Feb 01 2009 07:29 PM

  • This topic is locked This topic is locked

#16
Fred21543
Posted 06 February 2009 - 05:51 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#17
gitcheegoomee
Posted 06 February 2009 - 07:46 PM

gitcheegoomee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix 09-02-06.01 - andrew 2009-02-06 19:28:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.639 [GMT -6:00]
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\Cache
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 18:57 . 2009-02-06 18:57 130,048 --a------ c:\windows\idicekiriyi.dll
2009-02-06 18:45 . 2009-02-06 18:45 41,984 --a------ c:\windows\Wyoliveba.dll
2009-02-06 13:33 . 2009-02-06 13:33 <DIR> d-------- c:\documents and settings\andrew\Application Data\Apple Computer
2009-02-06 04:45 . 2009-02-06 16:08 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-06 04:45 . 2009-02-06 16:09 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 04:45 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-02-05 18:01 . 2009-02-05 18:01 67,585 --a------ c:\windows\system32\67.tmp
2009-02-05 16:11 . 2009-02-06 15:44 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-05 16:10 . 2008-06-13 07:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-05 16:09 . 2009-02-05 16:09 67,585 --a------ c:\windows\system32\E4.tmp
2009-02-05 16:09 . 2009-02-05 16:09 23,553 --a------ c:\windows\system32\E3.tmp
2009-02-05 16:08 . 2008-08-14 04:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-05 16:08 . 2008-08-14 03:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-05 16:08 . 2008-08-14 03:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-05 16:08 . 2008-08-14 03:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-05 16:05 . 2008-10-24 05:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-05 16:04 . 2009-02-05 16:09 162,948 --a------ c:\windows\system32\84.tmp
2009-02-05 16:04 . 2009-02-05 16:04 168 --a------ c:\windows\system32\83.tmp
2009-02-05 16:03 . 2009-02-05 16:03 67,585 --a------ c:\windows\system32\6D.tmp
2009-02-05 16:03 . 2009-02-05 16:03 616 --a------ c:\windows\system32\6F.tmp
2009-02-05 16:03 . 2009-02-05 16:03 130 --a------ c:\windows\adobe.bat
2009-02-05 16:03 . 2009-02-05 16:03 0 --a------ c:\windows\_id.dat
2009-02-05 15:54 . 2004-08-10 04:13 73,728 --a--c--- c:\windows\system32\dllcache\ehresja.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresko.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresfr.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresde.dll
2009-02-05 15:52 . 2004-08-10 06:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-02-05 15:51 . 2004-08-10 06:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-05 15:50 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-05 15:48 . 2004-08-10 06:00 36,864 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-02-05 15:43 . 2007-06-26 02:27 363,520 --a--c--- c:\windows\system32\dllcache\w3svc.dll
2009-02-05 15:43 . 2004-08-10 06:00 25,088 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2009-02-04 19:52 . 2009-02-04 19:52 <DIR> d-------- c:\program files\Ahead
2009-02-04 19:52 . 2009-02-04 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-04 11:06 . 2009-02-04 11:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-04 05:03 . 2009-02-04 05:03 32,768 --ah----- c:\documents and settings\LocalService\qmhp.exe
2009-02-04 04:54 . 2004-03-22 11:24 4,272 -ra------ c:\windows\system32\drivers\bvrp_pci.sys.bak
2009-02-04 04:49 . 2009-02-05 16:03 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-04 04:49 . 2009-02-04 04:49 32,768 --ah----- c:\documents and settings\NetworkService\iapbc.exe
2009-02-03 04:55 . 2009-02-04 19:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-03 04:55 . 2009-02-03 04:55 <DIR> d-------- c:\documents and settings\andrew\Application Data\SUPERAntiSpyware.com
2009-02-02 19:14 . 2001-07-09 04:50 176,128 -ra------ c:\windows\system32\NeroCheck.exe
2009-02-01 22:54 . 2009-02-01 22:54 0 --a------ c:\windows\system32\6CB.tmp
2009-01-31 19:39 . 2009-02-04 19:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- C:\Downloads
2009-01-29 19:10 . 2009-01-31 19:38 <DIR> d-------- c:\program files\IDA
2009-01-29 19:10 . 2009-01-31 19:38 <DIR> d-------- c:\documents and settings\andrew\Application Data\Internet Download Accelerator
2009-01-29 16:24 . 2009-01-31 19:38 <DIR> d-------- c:\program files\PicLensIE
2009-01-29 16:20 . 2009-01-29 16:20 <DIR> d--hs---- c:\documents and settings\andrew\IECompatCache
2009-01-29 16:15 . 2009-01-29 16:15 <DIR> d--hs---- c:\documents and settings\andrew\IETldCache
2009-01-27 20:36 . 2009-01-27 20:36 <DIR> d-------- c:\program files\JRE
2009-01-25 08:38 . 2009-01-25 08:38 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-24 19:49 . 2009-01-24 19:49 <DIR> d-------- c:\program files\Safari
2009-01-24 19:38 . 2009-01-24 19:38 <DIR> d-------- c:\program files\QuickTime
2009-01-24 19:38 . 2009-01-24 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-23 14:52 . 2009-02-06 04:43 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-01-23 14:12 . 2009-01-23 14:12 <DIR> d-------- c:\documents and settings\andrew\Application Data\Move Networks
2009-01-22 15:44 . 2009-01-22 15:44 <DIR> d-------- c:\program files\Alwil Software
2009-01-19 15:59 . 2009-01-29 17:28 <DIR> d-------- c:\program files\Flickr Uploadr
2009-01-19 14:51 . 2009-01-19 14:51 <DIR> d-------- c:\documents and settings\andrew\Application Data\Flickr
2009-01-17 16:55 . 2009-01-17 16:55 <DIR> d-------- c:\program files\AskBarDis
2009-01-17 16:55 . 2009-01-17 16:55 <DIR> d-------- c:\documents and settings\andrew\Application Data\Foxit
2009-01-17 16:42 . 2009-01-17 17:27 <DIR> d-------- c:\documents and settings\andrew\Contacts
2009-01-17 14:26 . 2009-01-17 14:26 268 --ah----- C:\sqmdata03.sqm
2009-01-17 14:26 . 2009-01-17 14:26 244 --ah----- C:\sqmnoopt03.sqm
2009-01-17 13:36 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-16 21:25 . 2009-02-05 16:03 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\program files\HP
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\program files\Common Files\HP
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\documents and settings\andrew\Application Data\Printer Info Cache
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\documents and settings\andrew\Application Data\Image Zone Express
2009-01-11 16:02 . 2009-01-11 16:02 <DIR> d-------- c:\documents and settings\andrew\Application Data\CyberLink
2009-01-11 16:00 . 2009-01-11 16:00 <DIR> d-------- c:\program files\CyberLink
2009-01-10 14:26 . 2009-01-16 21:26 <DIR> d-------- c:\program files\Real
2009-01-10 14:26 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 14:13 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Common Files\Real
2009-01-09 16:49 . 2009-01-09 16:49 <DIR> d-------- c:\program files\Stardock
2009-01-09 16:49 . 2009-01-09 16:49 <DIR> d-------- c:\program files\Common Files\Stardock
2009-01-09 16:48 . 2009-01-09 16:48 <DIR> d-------- c:\program files\Secunia
2009-01-09 16:46 . 2009-01-09 16:46 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-09 16:46 . 2009-01-09 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-01-09 15:35 . 2009-01-09 15:35 <DIR> d-------- C:\ATI(2)
2009-01-09 14:28 . 2009-02-05 19:55 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-09 12:53 . 2009-01-09 12:53 <DIR> d-------- c:\program files\Innovative Solutions
2009-01-09 12:36 . 2009-01-09 12:36 <DIR> d-------- c:\documents and settings\andrew\Application Data\Uniblue
2009-01-09 12:36 . 2009-01-09 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-09 12:34 . 2009-01-09 16:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 21:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 21:03 --------- d-----w c:\program files\Broadcom
2009-02-05 01:52 --------- d-----w c:\program files\Panda Security
2009-02-05 01:52 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-01 02:08 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-01 02:04 --------- d-----w c:\program files\hp deskjet 990c series
2009-02-01 02:04 --------- d-----w c:\program files\GemMaster
2009-02-01 02:03 --------- d-----w c:\program files\EnglishOtto
2009-01-31 13:27 --------- d-----w c:\program files\Foxit Software
2009-01-31 12:17 --------- d-----w c:\documents and settings\andrew\Application Data\Smart Panel
2009-01-25 14:38 --------- d-----w c:\program files\Java
2009-01-24 14:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 22:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 22:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 21:03 --------- d-----w c:\program files\Glary Utilities
2009-01-10 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-09 23:11 101,776 -c--a-w c:\windows\system32\drivers\cmdguard.sys
2009-01-09 22:51 --------- d-----w c:\program files\Bible
2009-01-09 22:49 --------- d-----w c:\program files\Garmin GPS Plugin
2009-01-09 22:48 --------- d-----w c:\program files\Secunia(2)
2009-01-09 22:46 --------- d-----w c:\program files\VS Revo Group
2009-01-09 22:46 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2009-01-09 22:46 --------- d-----w c:\program files\ATI Technologies
2009-01-09 22:46 --------- d-----w c:\program files\Amazon
2009-01-09 22:46 --------- d-----w c:\documents and settings\andrew\Application Data\Amazon
2009-01-09 22:45 --------- d-----w c:\program files\Mozilla Sunbird
2008-12-28 22:57 --------- d-----w c:\program files\Datel
2008-12-23 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-12-20 00:26 --------- d-----w c:\program files\Hewlett-Packard
2008-12-14 15:19 --------- d-----w c:\documents and settings\andrew\Application Data\MSNGames
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-29 13:43 1,704,944 -c--a-w c:\program files\mbam-setup.exe
2008-06-27 23:42 7,496,920 -c--a-w c:\program files\Firefox Setup 3.0.exe
.

------- Sigcheck -------

2008-04-13 18:12 31744 412008bb80a339dca9cd05d451d80eaa c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
2004-08-10 06:00 31744 ea4777ee8cd00ff40a40f75afe46e64e c:\windows\system32\svchost.exe
2004-08-10 06:00 31744 ba4f8715f8c249fc492505431e5c962d c:\windows\system32\dllcache\svchost.exe

2004-08-10 06:00 1049600 8db835008d5aac0dd020a13b2df328d0 c:\windows\explorer.exe
2007-06-13 05:26 1050624 c646bea88c7849d4fd10a0a15d67c3e3 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 06:00 1049600 70d861be44b5c2f4b9402d9146f19228 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-13 18:12 1051136 50fefc6f53e4917073699c0a93c01f9a c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
2004-08-10 06:00 1049600 52ade847a1364c2a161ac43613c043d3 c:\windows\system32\dllcache\explorer.exe

2008-04-13 18:12 32768 c51c383d18e7181bc6861f3f0f8b8009 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
2004-08-10 06:00 32768 4d55ee0db9fb3c97c8f4d6fafd98a1a4 c:\windows\system32\ctfmon.exe
2004-08-10 06:00 32768 c17a958e934c00de4e33884eb0ba6daa c:\windows\system32\dllcache\ctfmon.exe

2005-06-10 18:17 75264 b939dfc3d36cc5156e13e84a78fdea9f c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-10 06:00 75264 e431b763b0a883856fb84fe83fec0d73 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 18:12 75264 15d17af8f395e0cc7652cce98274b664 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
2004-08-10 06:00 75264 97c0348c89a4f729d855e90926953d78 c:\windows\system32\spoolsv.exe
2004-08-10 06:00 75264 38e2c7289b0e673ecd7a2eb1550243de c:\windows\system32\dllcache\spoolsv.exe

2008-04-13 18:12 43520 71d4c672d8524080e4d1f13286754796 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
2004-08-10 06:00 41984 28d83dac264f73050782a8e8ce6bdf54 c:\windows\system32\userinit.exe
2004-08-10 06:00 41984 eaacbfe425f06756fa102cb9cd29b247 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1850608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1425408]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-09 1797880]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-09 1797880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 176128]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 76800]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 389186]
"Asidadiw"="c:\windows\Wyoliveba.dll" [2009-02-06 41984]
"Qlozot"="c:\windows\idicekiriyi.dll" [2009-02-06 130048]

c:\documents and settings\andrew\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 401408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Enable Context Menu"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
--a------ 2009-01-07 13:10 5385560 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a--c--- 2007-02-26 00:01 437160 c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Motive SmartBridge"=c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-07-02 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-07-02 31504]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S4 Cdcolpcbadsi;Cdcolpcbadsi; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - f:\setup\sbcdsl.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]

2009-02-04 c:\windows\Tasks\User_Feed_Synchronization-{976D1549-DB5B-42A6-971C-6BB5DF727974}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKU-Default-Run-services - c:\windows\services.exe
HKU-Default-Run-hdizjwsi.exe - c:\windows\hdizjwsi.exe
HKU-Default-Run-phjmwfgy.exe - c:\windows\phjmwfgy.exe
HKU-Default-Run-hdhxjmfc.exe - c:\windows\hdhxjmfc.exe
HKCU-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\u4qzpz6c.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 19:41:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATI Smart]
"ImagePath"="c:\windows\TEMP\VRT8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ImagePath"="c:\windows\TEMP\VRT8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ImagePath"="c:\windows\TEMP\VRT8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="c:\windows\TEMP\VRT8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F9E8B93-350C-6BB4-C000-05C69F796531}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-02-06 19:44:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-07 01:44:31

Pre-Run: 89,997,979,648 bytes free
Post-Run: 90,709,065,728 bytes free

365 --- E O F --- 2009-02-06 00:04:36
  • 0

#18
gitcheegoomee
Posted 06 February 2009 - 10:29 PM

gitcheegoomee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Attached File  mbam_log_2009_02_06__22_21_15_.txt   1.09KB   199 downloads

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:46 PM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215048687258
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Dot3svc - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: EapHost - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\TEMP\VRT8.tmp (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7112 bytes
  • 0

#19
Fred21543
Posted 07 February 2009 - 05:33 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...09-t227418.html

Collect::
c:\windows\idicekiriyi.dll
c:\windows\Wyoliveba.dll
c:\windows\adobe.bat
c:\windows\_id.dat
c:\documents and settings\LocalService\qmhp.exe
c:\documents and settings\NetworkService\iapbc.exe
c:\windows\system32\67.tmp
c:\windows\system32\E4.tmp
c:\windows\system32\E3.tmp
c:\windows\system32\84.tmp
c:\windows\system32\83.tmp
c:\windows\system32\6D.tmp
c:\windows\system32\6F.tmp
c:\windows\TEMP\VRT8.tmp
c:\windows\system32\6CB.tmp
Driver::
Cdcolpcbadsi
ATI Smart
EapHost
Dot3svc
Eventlog
KillAll::
Folder::
c:\program files\AskBarDis
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Enable Context Menu"=1
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\userinit.exe"=-
"c:\\WINDOWS\\system32\\verclsid.exe"=-
Suspect::


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#20
gitcheegoomee
Posted 08 February 2009 - 01:44 PM

gitcheegoomee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:48 AM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2025429265-412668190-682003330-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-2025429265-412668190-682003330-1003 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1215048687258
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5840 bytes


ComboFix 09-02-06.01 - andrew 2009-02-08 7:36:18.3 - NTFSx86 MINIMAL
Running from: c:\documents and settings\andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andrew\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\00047878
c:\program files\AskBarDis\bar\Cache\00047CAE.bin
c:\program files\AskBarDis\bar\Cache\00047FBB.bin
c:\program files\AskBarDis\bar\Cache\000482B9.bin
c:\program files\AskBarDis\bar\Cache\0004845F.bin
c:\program files\AskBarDis\bar\Cache\0004878B.bin
c:\program files\AskBarDis\bar\Cache\00048A2B.bin
c:\program files\AskBarDis\bar\Cache\00048B25.bin
c:\program files\AskBarDis\bar\Cache\00048C1F.bin
c:\program files\AskBarDis\bar\Cache\00048D48.bin
c:\program files\AskBarDis\bar\Cache\00048E52.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI_SMART
-------\Legacy_DOT3SVC
-------\Legacy_EAPHOST
-------\Service_Cdcolpcbadsi
-------\Service_Eventlog


((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-07 08:14 . 2009-02-07 08:14 <DIR> d-------- c:\program files\ESET
2009-02-07 08:14 . 2009-02-07 08:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-07 05:42 . 2009-02-07 05:44 <DIR> d--h-c--- c:\windows\ie8
2009-02-07 05:40 . 2009-01-10 23:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-07 05:29 . 2009-02-07 05:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-06 13:33 . 2009-02-06 13:33 <DIR> d-------- c:\documents and settings\andrew\Application Data\Apple Computer
2009-02-06 04:45 . 2009-02-07 06:54 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-06 04:45 . 2009-02-07 06:55 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 04:45 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-02-05 18:01 . 2009-02-05 18:01 67,585 --a------ c:\windows\system32\67.tmp
2009-02-05 16:11 . 2009-02-06 15:44 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-05 16:10 . 2008-06-13 07:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-05 16:09 . 2009-02-05 16:09 67,585 --a------ c:\windows\system32\E4.tmp
2009-02-05 16:09 . 2009-02-05 16:09 23,553 --a------ c:\windows\system32\E3.tmp
2009-02-05 16:08 . 2008-08-14 04:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-05 16:08 . 2008-08-14 03:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-05 16:08 . 2008-08-14 03:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-05 16:08 . 2008-08-14 03:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-05 16:05 . 2008-10-24 05:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-05 16:04 . 2009-02-05 16:09 162,948 --a------ c:\windows\system32\84.tmp
2009-02-05 16:04 . 2009-02-05 16:04 168 --a------ c:\windows\system32\83.tmp
2009-02-05 16:03 . 2009-02-05 16:03 67,585 --a------ c:\windows\system32\6D.tmp
2009-02-05 16:03 . 2009-02-05 16:03 616 --a------ c:\windows\system32\6F.tmp
2009-02-05 16:03 . 2009-02-05 16:03 130 --a------ c:\windows\adobe.bat
2009-02-05 16:03 . 2009-02-05 16:03 0 --a------ c:\windows\_id.dat
2009-02-05 15:54 . 2004-08-10 04:13 73,728 --a--c--- c:\windows\system32\dllcache\ehresja.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresko.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresfr.dll
2009-02-05 15:54 . 2004-08-10 04:13 69,632 --a--c--- c:\windows\system32\dllcache\ehresde.dll
2009-02-05 15:52 . 2004-08-10 06:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-02-05 15:51 . 2004-08-10 06:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-02-05 15:50 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\WindowsShell.Manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-02-05 15:49 . 2009-02-05 15:49 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-02-05 15:48 . 2004-08-10 06:00 36,864 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-02-05 15:43 . 2007-06-26 02:27 363,520 --a--c--- c:\windows\system32\dllcache\w3svc.dll
2009-02-05 15:43 . 2004-08-10 06:00 25,088 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2009-02-05 09:19 . 2009-02-07 08:42 1,071,841,280 --a------ c:\windows\MEMORY.DMP
2009-02-04 19:52 . 2009-02-04 19:52 <DIR> d-------- c:\program files\Ahead
2009-02-04 19:52 . 2009-02-04 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-04 11:06 . 2009-02-04 11:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-04 05:03 . 2009-02-04 05:03 32,768 --ah----- c:\documents and settings\LocalService\qmhp.exe
2009-02-04 04:54 . 2004-03-22 11:24 4,272 -ra------ c:\windows\system32\drivers\bvrp_pci.sys.bak
2009-02-04 04:49 . 2009-02-05 16:03 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-04 04:49 . 2009-02-04 04:49 32,768 --ah----- c:\documents and settings\NetworkService\iapbc.exe
2009-02-03 04:55 . 2009-02-04 19:52 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-03 04:55 . 2009-02-03 04:55 <DIR> d-------- c:\documents and settings\andrew\Application Data\SUPERAntiSpyware.com
2009-02-02 19:14 . 2001-07-09 04:50 176,128 -ra------ c:\windows\system32\NeroCheck.exe
2009-02-01 22:54 . 2009-02-01 22:54 0 --a------ c:\windows\system32\6CB.tmp
2009-01-31 19:39 . 2009-02-04 19:52 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-31 19:39 . 2009-01-31 19:39 <DIR> d-------- C:\Downloads
2009-01-29 19:10 . 2009-01-31 19:38 <DIR> d-------- c:\program files\IDA
2009-01-29 19:10 . 2009-01-31 19:38 <DIR> d-------- c:\documents and settings\andrew\Application Data\Internet Download Accelerator
2009-01-29 16:24 . 2009-01-31 19:38 <DIR> d-------- c:\program files\PicLensIE
2009-01-29 16:20 . 2009-01-29 16:20 <DIR> d--hs---- c:\documents and settings\andrew\IECompatCache
2009-01-29 16:15 . 2009-01-29 16:15 <DIR> d--hs---- c:\documents and settings\andrew\IETldCache
2009-01-27 20:36 . 2009-01-27 20:36 <DIR> d-------- c:\program files\JRE
2009-01-25 08:38 . 2009-01-25 08:38 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-24 19:49 . 2009-01-24 19:49 <DIR> d-------- c:\program files\Safari
2009-01-24 19:38 . 2009-01-24 19:38 <DIR> d-------- c:\program files\QuickTime
2009-01-24 19:38 . 2009-01-24 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-23 14:52 . 2009-02-06 04:43 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-01-23 14:12 . 2009-01-23 14:12 <DIR> d-------- c:\documents and settings\andrew\Application Data\Move Networks
2009-01-22 15:44 . 2009-01-22 15:44 <DIR> d-------- c:\program files\Alwil Software
2009-01-19 15:59 . 2009-01-29 17:28 <DIR> d-------- c:\program files\Flickr Uploadr
2009-01-19 14:51 . 2009-01-19 14:51 <DIR> d-------- c:\documents and settings\andrew\Application Data\Flickr
2009-01-17 16:55 . 2009-01-17 16:55 <DIR> d-------- c:\documents and settings\andrew\Application Data\Foxit
2009-01-17 16:42 . 2009-01-17 17:27 <DIR> d-------- c:\documents and settings\andrew\Contacts
2009-01-17 14:26 . 2009-01-17 14:26 268 --ah----- C:\sqmdata03.sqm
2009-01-17 14:26 . 2009-01-17 14:26 244 --ah----- C:\sqmnoopt03.sqm
2009-01-17 13:36 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-16 21:25 . 2009-02-05 16:03 <DIR> d-------- c:\program files\MSN Messenger
2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\program files\HP
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\program files\Common Files\HP
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\documents and settings\andrew\Application Data\Printer Info Cache
2009-01-13 14:08 . 2009-01-13 14:08 <DIR> d-------- c:\documents and settings\andrew\Application Data\Image Zone Express
2009-01-11 16:02 . 2009-01-11 16:02 <DIR> d-------- c:\documents and settings\andrew\Application Data\CyberLink
2009-01-11 16:00 . 2009-01-11 16:00 <DIR> d-------- c:\program files\CyberLink
2009-01-10 14:26 . 2009-01-16 21:26 <DIR> d-------- c:\program files\Real
2009-01-10 14:26 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-10 14:13 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Common Files\Real
2009-01-09 16:49 . 2009-01-09 16:49 <DIR> d-------- c:\program files\Stardock
2009-01-09 16:49 . 2009-01-09 16:49 <DIR> d-------- c:\program files\Common Files\Stardock
2009-01-09 16:48 . 2009-01-09 16:48 <DIR> d-------- c:\program files\Secunia
2009-01-09 16:46 . 2009-01-09 16:46 <DIR> d-------- c:\program files\RogueRemover FREE
2009-01-09 16:46 . 2009-01-09 16:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-01-09 15:35 . 2009-01-09 15:35 <DIR> d-------- C:\ATI(2)
2009-01-09 14:28 . 2009-02-05 19:55 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-09 12:53 . 2009-01-09 12:53 <DIR> d-------- c:\program files\Innovative Solutions
2009-01-09 12:36 . 2009-01-09 12:36 <DIR> d-------- c:\documents and settings\andrew\Application Data\Uniblue
2009-01-09 12:36 . 2009-01-09 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-09 12:34 . 2009-01-09 16:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 21:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 21:03 --------- d-----w c:\program files\Broadcom
2009-02-05 01:52 --------- d-----w c:\program files\Panda Security
2009-02-05 01:52 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-01 02:08 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-01 02:04 --------- d-----w c:\program files\hp deskjet 990c series
2009-02-01 02:04 --------- d-----w c:\program files\GemMaster
2009-02-01 02:03 --------- d-----w c:\program files\EnglishOtto
2009-01-31 13:27 --------- d-----w c:\program files\Foxit Software
2009-01-31 12:17 --------- d-----w c:\documents and settings\andrew\Application Data\Smart Panel
2009-01-25 14:38 --------- d-----w c:\program files\Java
2009-01-24 14:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 22:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 22:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 21:03 --------- d-----w c:\program files\Glary Utilities
2009-01-10 13:51 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-09 23:11 101,776 -c--a-w c:\windows\system32\drivers\cmdguard.sys
2009-01-09 22:51 --------- d-----w c:\program files\Bible
2009-01-09 22:49 --------- d-----w c:\program files\Garmin GPS Plugin
2009-01-09 22:48 --------- d-----w c:\program files\Secunia(2)
2009-01-09 22:46 --------- d-----w c:\program files\VS Revo Group
2009-01-09 22:46 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2009-01-09 22:46 --------- d-----w c:\program files\ATI Technologies
2009-01-09 22:46 --------- d-----w c:\program files\Amazon
2009-01-09 22:46 --------- d-----w c:\documents and settings\andrew\Application Data\Amazon
2009-01-09 22:45 --------- d-----w c:\program files\Mozilla Sunbird
2008-12-28 22:57 --------- d-----w c:\program files\Datel
2008-12-23 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-12-20 00:26 --------- d-----w c:\program files\Hewlett-Packard
2008-12-14 15:19 --------- d-----w c:\documents and settings\andrew\Application Data\MSNGames
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-29 13:43 1,704,944 -c--a-w c:\program files\mbam-setup.exe
2008-06-27 23:42 7,496,920 -c--a-w c:\program files\Firefox Setup 3.0.exe
.

------- Sigcheck -------

2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-10 06:00 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2008-04-13 18:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 c:\windows\system32\dllcache\user32.dll

2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
2004-08-10 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-10 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll

2008-04-21 00:56 666624 2e7de1bf9418b071799eb53de8cc22f5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 00:44 666112 2b0c24aa747a93a28987b6d65a4a74bc c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 00:24 666624 26f240c250e5b4b395cb4b178ba75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-04-22 21:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 10:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 03:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 14:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-04-21 01:04 659456 1efb8a3ea8454aec1bb8a240a2845598 c:\windows\ie7\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-22 22:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 10:57 826368 8c13d4a7479fa0a026eda8abce82c0ed c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 01:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2004-08-10 06:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ie8\wininet.dll
2008-10-16 14:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2GDR\wininet.dll
2008-10-16 14:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2QFE\wininet.dll
2008-04-13 18:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wininet.dll
2009-01-15 02:05 911872 203c05a174a45270a30cdd593092d91e c:\windows\system32\wininet.dll
2009-01-15 02:05 911872 203c05a174a45270a30cdd593092d91e c:\windows\system32\dllcache\wininet.dll

2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 04:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-10 06:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys
2004-08-10 06:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys

2008-04-13 18:12 525312 568113d807a0acc496a90bc81c91e569 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
2004-08-10 06:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
2004-08-10 06:00 519680 f63316e5271ebda12a52a390c9636004 c:\windows\system32\dllcache\winlogon.exe

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
2004-08-10 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-10 06:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
2004-08-10 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-10 06:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 03:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 03:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 14:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2005-03-01 18:34 2015232 3cd941e472ddf3534e53038535719771 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2004-08-10 06:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 03:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 03:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
2008-08-14 03:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
2008-08-14 03:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
2008-04-13 12:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
2008-08-14 03:22 2015744 dc097a896a03b8277457d228fd12d4e6 c:\windows\system32\ntkrnlpa.exe
2008-08-14 03:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 03:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntkrnlpa.exe

2005-03-01 19:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 03:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 03:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 15:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2005-03-01 18:57 2135552 48b3e89af7074cee0314a3e0c7faffdb c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2004-08-10 06:00 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 04:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 04:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
2008-08-14 03:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
2008-08-14 04:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
2008-04-13 13:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
2008-08-14 03:58 2136064 dd31ab4b91c2605601a3c108af57a0c9 c:\windows\system32\ntoskrnl.exe
2008-08-14 04:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 04:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntoskrnl.exe

2007-06-13 04:23 1050624 2a42fef7dd93185d5755a08e70229191 c:\windows\explorer.exe
2007-06-13 05:26 1050624 ae041c5ee05dedfd6ce029ffa0d4f5a9 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 06:00 1049600 8db835008d5aac0dd020a13b2df328d0 c:\windows\$NtUninstallKB938828$\explorer.exe
2007-06-13 04:23 1050624 2a42fef7dd93185d5755a08e70229191 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 05:26 1050624 ae041c5ee05dedfd6ce029ffa0d4f5a9 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2008-04-13 18:12 1051136 50fefc6f53e4917073699c0a93c01f9a c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
2007-06-13 04:23 1050624 2a42fef7dd93185d5755a08e70229191 c:\windows\system32\dllcache\explorer.exe

2008-04-13 18:12 125952 b2bfe3a5681f10e24ee273fccd1f503d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\services.exe
2004-08-10 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
2004-08-10 06:00 125440 638e87c7f951ae5899586f6fcfd24ea2 c:\windows\system32\dllcache\services.exe

2008-04-13 18:12 30720 2024477d899ef02a0294cf3ca802d21d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
2004-08-10 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
2004-08-10 06:00 30720 f96f303dbf375a7811ef4ba244f7e05f c:\windows\system32\dllcache\lsass.exe

2008-04-13 18:12 32768 c51c383d18e7181bc6861f3f0f8b8009 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
2004-08-10 06:00 32768 4d55ee0db9fb3c97c8f4d6fafd98a1a4 c:\windows\system32\ctfmon.exe
2004-08-10 06:00 32768 c17a958e934c00de4e33884eb0ba6daa c:\windows\system32\dllcache\ctfmon.exe

2005-06-10 18:17 75264 88d68e59e353d188e2517789406e8d4b c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-10 06:00 75264 97c0348c89a4f729d855e90926953d78 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 17:53 75264 3c96ec6e66dc9680bb8ae543b6e2969b c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
2005-06-10 18:17 75264 88d68e59e353d188e2517789406e8d4b c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
2008-04-13 18:12 75264 15d17af8f395e0cc7652cce98274b664 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
2005-06-10 17:53 75264 3c96ec6e66dc9680bb8ae543b6e2969b c:\windows\system32\spoolsv.exe
2005-06-10 17:53 75264 3c96ec6e66dc9680bb8ae543b6e2969b c:\windows\system32\dllcache\spoolsv.exe

2008-04-13 18:12 43520 71d4c672d8524080e4d1f13286754796 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
2004-08-10 06:00 41984 28d83dac264f73050782a8e8ce6bdf54 c:\windows\system32\userinit.exe
2004-08-10 06:00 41984 eaacbfe425f06756fa102cb9cd29b247 c:\windows\system32\dllcache\userinit.exe

2004-08-10 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtUninstallKB895961$\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
2004-08-10 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2004-08-10 06:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll

2007-04-16 10:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-10 06:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB935839$\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2gdr\kernel32.dll
2008-04-13 18:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 09:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll

2008-04-13 18:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
2004-08-10 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-10 06:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-07_20.55.16.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-07-19 15:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
- 2009-02-08 02:51:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-08 13:42:19 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-08 02:51:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-08 13:42:19 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-08 02:51:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 13:42:19 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-19 15:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-07-19 15:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-01-17 17:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-07-19 15:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-07-19 15:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-07-19 15:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-07-19 15:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2004-08-10 12:00:00 36,096 ----a-w c:\windows\system32\drivers\intelppm.sys
+ 2004-08-04 04:59:20 36,096 ----a-w c:\windows\system32\drivers\intelppm.sys
- 2004-08-10 12:00:00 131,968 ----a-w c:\windows\system32\hal.dll
+ 2004-08-04 04:59:14 134,400 ----a-w c:\windows\system32\hal.dll
+ 2004-08-10 12:00:00 131,968 ----a-w c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\halaacpi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1850608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1425408]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-09 1797880]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-09 1797880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-09-24 206064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 176128]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 76800]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 389186]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Enable Context Menu"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
--a------ 2009-01-07 13:10 5385560 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a--c--- 2007-02-26 00:01 437160 c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"YBrowser"=c:\progra~1\Yahoo!\browser\ybrwicon.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Motive SmartBridge"=c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection; [x]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-01-09 101776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-21 31504]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - aswTdi
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - cmdHlp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - epfwtdir
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - Inspect
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PCIIde
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - sr
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - WS2IFSL
*Deregistered* - WudfPf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]

2009-02-07 c:\windows\Tasks\User_Feed_Synchronization-{976D1549-DB5B-42A6-971C-6BB5DF727974}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://yahoo.sbc.com/dsl
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\u4qzpz6c.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\documents and settings\andrew\Application Data\Mozilla\Firefox\Profiles\u4qzpz6c.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 07:44:03
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F9E8B93-350C-6BB4-C000-05C69F796531}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-08 7:47:04 - machine was rebooted [andrew]
ComboFix-quarantined-files.txt 2009-02-08 13:47:02
ComboFix2.txt 2009-02-08 02:56:07
ComboFix3.txt 2009-02-07 01:44:39

Pre-Run: 87,558,352,896 bytes free
Post-Run: 87,537,823,744 bytes free

539 --- E O F --- 2009-02-07 13:54:05

Don't understand how I can have internet and then I don't the next. Now when I boot up I see my desktop for a second a pop up comes up and says logging off and closing network connections and then computer reboots and the process starts all over again. I had to buy a external hard drive ( good price ) so I could transfer files to post.
  • 0

#21
Fred21543
Posted 10 February 2009 - 11:23 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Did you follow the instructions in my last post exactly as they appeared? It seems some of the files that should have been deleted by ComboFix were not deleted.
  • 0

#22
gitcheegoomee
Posted 10 February 2009 - 09:54 PM

gitcheegoomee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I thought I had but was having connection problems again so I had to transfer to external drive and place on laptop. Was not a good day. However I was able to download McAfee Security Center and it found W32Virut/n. It showed it cleaned and removed files on boot. If you would like I would be more than glad to repost HiJack and any other logs, so you could get more "practice". I"m actually having screen problems ( icons not fully shown, in the bottom bar a zfsearch popped up for a second. Haven't had a chance to research it yet. Here is my recent Combofix log:

ComboFix 09-02-10.03 - Andrew 2009-02-11 4:32:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.593 [GMT -6:00]
Running from: c:\documents and settings\Andrew\My Documents\My Downloads\Combo-Fix1.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI_SMART
-------\Service_ATI Smart
-------\Service_Dot3svc
-------\Service_EapHost
-------\Service_Eventlog


((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-10 20:05 . 2009-02-10 20:05 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-09 19:46 . 2009-02-09 19:46 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-02-09 19:46 . 2009-02-09 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-02-09 19:44 . 2009-02-09 19:46 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-09 19:30 . 2009-02-09 19:30 <DIR> d-------- C:\mfe
2009-02-09 19:18 . 2009-02-09 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2009-02-09 19:02 . 2009-02-09 19:02 <DIR> d-------- c:\documents and settings\Andrew\Application Data\McAfee
2009-02-09 18:13 . 2006-02-09 20:30 6,684,672 --a------ c:\windows\system32\atioglx1.dll
2009-02-09 18:13 . 2006-01-18 09:57 1,114,674 --a------ c:\windows\system32\drivers\ativcaxx.cpa
2009-02-09 18:13 . 2006-02-09 20:27 151,552 --a------ c:\windows\system32\atikvmag.dll
2009-02-09 18:13 . 2006-01-13 12:48 114,630 --a------ c:\windows\system32\atiicdxx.dat
2009-02-09 18:13 . 2005-10-14 09:10 58,560 --a------ c:\windows\system32\drivers\ativckxx.vp
2009-02-09 18:13 . 2006-02-09 20:26 40,960 --a------ c:\windows\system32\drivers\ati2erec.dll
2009-02-09 18:13 . 2006-02-09 22:01 27,232 --a------ c:\windows\system32\drivers\ativvpxx.vp
2009-02-09 18:13 . 2005-12-02 12:20 6,005 --a------ c:\windows\system32\atifglpf.xml
2009-02-09 18:13 . 2006-01-18 09:57 929 --a------ c:\windows\system32\drivers\ativcaxx.vp
2009-02-09 17:01 . 2009-02-09 17:01 <DIR> d-------- c:\program files\Trend Micro
2009-02-09 16:30 . 2009-02-09 16:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 16:30 . 2009-02-09 16:30 <DIR> d-------- c:\documents and settings\Andrew\Application Data\Malwarebytes
2009-02-09 16:30 . 2009-02-09 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 16:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 16:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 16:07 . 2009-02-09 16:07 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-09 16:07 . 2009-02-09 16:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-09 16:07 . 2009-02-09 16:07 <DIR> d-------- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com
2009-02-09 16:07 . 2009-02-09 16:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-09 15:20 . 2009-02-09 15:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-09 04:48 . 2009-02-09 04:48 <DIR> d-------- c:\program files\Seagate
2009-02-09 04:48 . 2009-02-09 04:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-09 04:47 . 2009-02-09 04:47 <DIR> d--hs---- c:\windows\ftpcache
2009-02-09 04:47 . 2009-02-09 04:47 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-09 04:13 . 2009-02-09 04:13 0 --a------ c:\windows\nsreg.dat
2009-02-08 21:59 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-02-08 21:59 . 2001-08-17 13:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2009-02-08 21:58 . 2009-02-08 21:58 <DIR> d-------- c:\program files\CONEXANT
2009-02-08 21:46 . 2009-02-08 21:46 <DIR> d-------- c:\windows\system32\scripting
2009-02-08 21:46 . 2009-02-08 21:46 <DIR> d-------- c:\windows\system32\en
2009-02-08 21:46 . 2009-02-08 21:46 <DIR> d-------- c:\windows\system32\bits
2009-02-08 21:46 . 2009-02-08 21:46 <DIR> d-------- c:\windows\l2schemas
2009-02-08 21:45 . 2009-02-08 21:45 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-08 21:26 . 2009-02-08 21:26 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-08 21:23 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-02-08 20:49 . 2009-02-08 20:49 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-08 20:49 . 2009-02-08 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-08 20:49 . 2009-02-11 04:35 10,283 --a------ c:\windows\system32\Config.MPF
2009-02-08 20:46 . 2009-02-08 20:46 <DIR> d-------- c:\program files\McAfee.com
2009-02-08 20:46 . 2009-02-09 15:22 <DIR> d-------- c:\program files\McAfee
2009-02-08 20:46 . 2009-02-08 20:46 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-08 20:46 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-02-08 20:46 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-02-08 20:46 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-02-08 20:46 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-02-08 20:46 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-02-08 20:46 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-02-08 20:38 . 2009-02-09 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-08 20:30 . 2009-02-08 20:30 <DIR> d-------- c:\documents and settings\Andrew\Application Data\Motive
2009-02-08 20:29 . 2009-02-08 20:29 <DIR> d-------- c:\windows\Motive
2009-02-08 20:29 . 2009-02-08 20:30 <DIR> d-------- c:\program files\SBC Self Support Tool
2009-02-08 20:29 . 2009-02-08 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
2009-02-08 20:24 . 2009-02-08 20:29 <DIR> d-------- c:\program files\Common Files\Motive
2009-02-08 20:24 . 2003-10-22 10:54 81,920 --a------ c:\windows\system32\W32n50.dll
2009-02-08 20:24 . 2003-10-22 10:54 17,162 --a------ c:\windows\system32\Pcandis5.sys
2009-02-08 20:24 . 2003-10-22 10:54 16,848 --a------ c:\windows\system32\Pcandis4.sys
2009-02-08 20:24 . 2003-10-22 10:54 16,073 --a------ c:\windows\system32\Pcandis3.vxd
2009-02-08 20:05 . 2008-04-13 12:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-08 20:03 . 2005-04-25 06:16 274,432 --------- c:\windows\SBCDSL.exe
2009-02-08 20:03 . 2002-02-13 20:53 6,345 -ra------ c:\windows\system32\DevMngr.vxd
2009-02-08 20:01 . 2009-02-08 20:01 <DIR> d-------- c:\program files\NewSoft
2009-02-08 20:01 . 2009-02-08 20:01 <DIR> d-------- c:\program files\ABBYY FineReader 5.0 Sprint
2009-02-08 20:01 . 2009-02-08 20:01 <DIR> d-------- c:\documents and settings\Andrew\Application Data\Leadertech
2009-02-08 20:00 . 2009-02-08 20:00 <DIR> d-------- c:\program files\Common Files\Python
2009-02-08 20:00 . 2001-10-19 12:18 708,696 --a------ c:\windows\system32\python21.dll
2009-02-08 20:00 . 2001-10-19 12:18 290,919 --a------ c:\windows\system32\pythoncom21.dll
2009-02-08 20:00 . 2001-10-19 12:19 57,344 --a------ c:\windows\system32\PyWinTypes21.dll
2009-02-08 19:59 . 2009-02-08 20:00 <DIR> d-------- c:\program files\Smart Panel
2009-02-08 19:59 . 2009-02-08 20:01 <DIR> d-------- c:\program files\EPSON
2009-02-08 19:59 . 2003-03-13 00:00 217,088 --a------ c:\windows\system32\ESDTR.dll
2009-02-08 19:59 . 2003-04-21 00:00 139,264 --a------ c:\windows\system32\Esint32.dll
2009-02-08 19:59 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2009-02-08 19:59 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2009-02-08 19:59 . 2003-06-06 00:00 65,793 --a------ c:\windows\system32\EsFw32.BIN
2009-02-08 19:59 . 2003-04-08 00:00 47,104 --a------ c:\windows\system32\escimgn.dll
2009-02-08 19:59 . 2003-04-08 00:00 32,768 --a------ c:\windows\system32\eswia32.dll
2009-02-08 19:59 . 2003-04-08 00:00 23,552 --a------ c:\windows\system32\esccmn.dll
2009-02-08 19:59 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2009-02-08 19:59 . 2009-02-08 19:59 111 --a------ c:\windows\EPSON Perfection 3170.ini
2009-02-08 19:59 . 2000-09-08 13:31 72 --------- c:\windows\system32\epDPE.ini
2009-02-08 19:45 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-08 19:45 . 2008-06-13 05:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-08 19:44 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-08 19:44 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-08 19:44 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-08 19:44 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-08 19:44 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-08 19:41 . 2008-04-11 13:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-08 19:41 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-08 19:41 . 2008-12-11 04:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-08 19:41 . 2008-05-08 08:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-08 19:40 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-08 19:39 . 2009-02-09 15:20 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-08 19:39 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-02-08 19:19 . 2009-02-08 19:19 <DIR> d-------- c:\program files\ATI Technologies
2009-02-08 19:17 . 2009-02-08 19:17 <DIR> d-------- c:\windows\VirtualEar
2009-02-08 19:17 . 2009-02-08 19:17 <DIR> d-------- c:\program files\Analog Devices
2009-02-08 19:16 . 2001-09-19 12:47 765,952 --a------ c:\windows\system\crlds3d.dll
2009-02-08 19:16 . 2004-09-17 09:02 732,928 --a------ c:\windows\system32\drivers\senfilt.sys
2009-02-08 19:16 . 2004-09-23 07:55 311,296 --a------ c:\windows\system32\Edcrypt.dll
2009-02-08 19:16 . 2005-01-27 15:31 260,352 --a------ c:\windows\system32\drivers\smwdm.sys
2009-02-08 19:16 . 2004-10-05 16:10 23,040 --a------ c:\windows\system32\PostProc.dll
2009-02-08 19:15 . 2009-02-09 19:44 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-08 19:15 . 2009-02-08 19:19 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-08 19:15 . 2009-02-08 19:15 <DIR> d-------- c:\program files\Broadcom
2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d-------- c:\program files\Linksys EasyLink Advisor
2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d--h----- c:\documents and settings\Andrew\Application Data\GTek
2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d-ah----- c:\documents and settings\All Users\Application Data\GTek
2009-02-08 19:08 . 2006-04-02 16:52 1,851,546 --a------ c:\windows\system32\gdql_lsa.dll
2009-02-08 19:08 . 2006-01-16 22:08 683,150 --a------ c:\windows\system32\qdiaglsa.ocx
2009-02-08 19:08 . 2005-08-30 12:23 208,896 --a------ c:\windows\system32\GTDownLS_125.ocx
2009-02-08 19:08 . 2005-11-21 13:17 135,168 --a------ c:\windows\system32\GoProto.dll
2009-02-08 19:08 . 2009-02-08 19:08 29,184 --a------ c:\windows\system32\drivers\goprot51.sys
2009-02-08 19:08 . 2004-06-09 09:29 6,977 --a------ c:\windows\system32\DDMI2.sys
2009-02-08 19:08 . 2005-03-13 16:54 6,656 --a------ c:\windows\system32\DLPT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 01:11 61,224 ----a-w c:\windows\java\GoToAssistDownloadHelper.exe
2009-02-09 02:04 155,995 ----a-w c:\windows\java\Packages\FNDJXFXN.ZIP
2009-02-09 00:59 --------- d-----w c:\program files\RGB
2009-02-09 00:58 --------- d-----w c:\program files\GemMaster
2009-02-09 00:58 --------- d-----w c:\program files\EnglishOtto
2009-02-09 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\SBSI
2009-02-09 00:48 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 00:44 --------- d-----w c:\program files\Windows Plus
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

2008-04-13 18:12 1051136 961a2ea4b6c7f140af5fddb3c2ad8689 c:\windows\explorer.exe
2004-08-10 06:00 1049600 36b10380c64231d690a453e1676e1b96 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 18:12 1051136 edb90decf0b1c0485c90bface58af299 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-13 18:12 1051136 f272144902b75092b8a2cc5e892d6318 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe

2004-08-10 06:00 32768 e2876cb4cc3d6d9d793340a25bdb6a04 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 18:12 32768 a06adf0260ecca3cdcdef7a181c325ab c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 18:12 32768 0e7c83be8b2b42b5274eb04d0a48b15b c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
2008-04-13 18:12 32768 dd7722e82bd9faf6e280a5ef09d9538c c:\windows\system32\ctfmon.exe

2004-08-10 06:00 75264 a117b86d5894d438d832b55c9f0198a0 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 18:12 75264 624242389515369369eb0a5255e6f52a c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 18:12 75264 0222f8399382aae7fb9fa761f07e0a82 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
2008-04-13 18:12 75264 4f284d2f2a6e0f1b02ccf206409c9f46 c:\windows\system32\spoolsv.exe

2004-08-10 06:00 41984 a347e851cd92033a7dcac2da31d1ad28 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 43520 2db63ed6a3d65c8b2800b5a6fedc9485 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 18:12 43520 366fe841643287d0757687f6329f7538 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
2008-04-13 18:12 43520 18e0ebad5fc4b82e35ec53b5a4e61c21 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 406528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 32768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1850608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 76800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1425408]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 364544]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 401408]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-09 131072]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-02-08 237568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-08 203280]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-02-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://sstsoftware.sbcglobal.net/sst/SBC_SST_Installer.exe
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\5ml8zr8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://dsl.sbc.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 04:37:03
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\ehome\ehmsas.exe
c:\program files\McAfee\VirusScan\mcvsmap.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system32\dllhost.exe
c:\progra~1\McAfee\MSC\mcshell.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-11 4:38:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 10:38:22

Pre-Run: 91,104,423,936 bytes free
Post-Run: 91,057,250,304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

286 --- E O F --- 2009-02-09 21:20:58


Here is most recent log file of HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:11 AM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sstsoftware.s...T_Installer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 5789 bytes

As of today 02\11\09 SuperAntiSpyware showed it found Trojan.unclassified. The location was C:\WINDOWS\SYSTEM32\MPFSERVICEFAILURECOUNT.TXT

Attached Files


Edited by gitcheegoomee, 11 February 2009 - 05:16 PM.

  • 0

#23
Fred21543
Posted 12 February 2009 - 10:27 AM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
I hate to be the bringer of such news, but as your system is compromised by Virut, you will have to reformat. Virut is an extremely relentless file infector virus, and trying to repair the many damages caused by it will likely leave the computer in an even worse state than it was before.

If you decide to make backups of your data, make sure you don't back up any files ending with the .exe or .scr extensions, Virut infects those type of files. A newer variant also infects .htm and .html files as well, so I'd be wary of backing up those types too.

Edited by Fred21543, 12 February 2009 - 10:31 AM.

  • 0

#24
gitcheegoomee
Posted 12 February 2009 - 03:02 PM

gitcheegoomee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I reformatted the partition that had Windows in it. And everything is running ok except for the web pages all have white backgrounds and I'm not able to change my home page background. I know it's petty but some of the buttons for programs aren't all there. The most recent scans above are from after the format. Have a great weekend.
  • 0

#25
Fred21543
Posted 12 February 2009 - 03:46 PM

Fred21543

    Member 1K

  • Member
  • PipPipPipPip
  • 1,351 posts
Since you've reformatted, I don't need to see any more logs, a reformat is a complete wipe of the system, there is no way any virus could have survived that on your hard drive. About your web browser problem, you can ask in the application forum at geekstogo.

Congrats! Your logs appear clean!

Below are a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
Windows Update
This will ensure your computer has always the latest security updates available installed on your computer.

Make Internet Explorer more secure

*Click Start > Run
* Type Inetcpl.cpl & click OK
* Click on the Security tab
* Click Reset all zones to default level
* Make sure the Internet Zone is selected & Click Custom level
* In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
* Next Click OK, then Apply button and then OK to exit the Internet Properties page.


* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX controls.

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

* Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Stay safe! :)
  • 0

Advertisements

#26
Rorschach112
Posted 17 February 2009 - 06:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP