Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unable to open malwarebytes or see hidden extensions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 20th, 2009, 12:00 pm

I posted previously and was not able to get into hijack this, well i was able to get into safe mode with networking and run an online virus scan, which then allowed me to get back to my normal settings and download hijack this

from there i was able to find a couple of the problems such as lister.exe and sxj2e.exe... both of them were hidden files though and whatever is wrong with my pc kept me from being able to see them and unhide any of the files or see any extensions when running the PC from normal boot

i went back into safemode and was able to remove them both, and was finally able to run super antispyware which cleaned up even more of the problem

after that i went back to normal boot updated superanti spyware and ran it again and was able to clean more up

next i used avg and updated it and ran a full system scan that found some more problems and cleaned them up

my pc is running very well again, but there are a couple small problems and i don't know if there is something still there or how to fix them... i can download malwarebytes but it will not execute or run on my computer... i tried downloading it to another computer, changing the name to mb.exe and running it but it still won't work... i read that changing running it at compatibility windows 2000 can work sometimes, but this still doesn't work... so i'm not sure why i can't open or run it... i also still cannot get into the tool bar and file options menu to unhide files... the option does not even exist for me

i know that is a lot, but wanted to give a good background of what i've personally done thus far... without further delay here is the hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:46 AM, on 6/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileBackup.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [getmail] "C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\Owner\LOCALS~1\Temp\system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{717FEF43-B71C-416A-8AC3-A8739EE88D79}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: eefddafcfafacd - C:\WINDOWS\system32\eefddafcfafacd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10989 bytes
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm
Advertisement
Register to Remove

Re: unable to open malwarebytes or see hidden extensions

Unread postby MWR 3 day Mod » June 23rd, 2009, 3:38 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 23rd, 2009, 9:54 pm

Hi,

I have bad news I'm afraid :(

One or more of the identified infections is a Backdoor Trojan plus evidence of Rootkit activity.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 23rd, 2009, 10:14 pm

i completely understand the ramifications of this, i would like to attempt to clean this before doing a full reformat and understand that you can't guarantee it ever being safe again, but if you can walk me through steps to clean it at this time, i'd greatly appreciate it
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 24th, 2009, 6:47 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi ernest787 and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Next:

OK I will respect your decision for myself to attempt a malware removal but please be aware I stick with my prior advice. Which is your computer in my opinion requires a reformat and reinstallation of the Windows operating system.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image
--------------------------------------------------------------------

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
  • How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs can be read here
  • Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Next:

I would like to view a list of currently installed software applications on you're PC. How to provide as follows:

Run HijackThis and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.
  • Uninstall List.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 24th, 2009, 6:58 pm

here is the stuff you asked for

as far as running is concerned... since doing these items... firefox is running soooooo slow i basically cannot do anything on it... IE is the same... i am currently using Safari which seems to be uneffected and allowing me to browse at normal speeds.

ComboFix 09-06-23.01 - Owner 06/24/2009 17:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.788 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\12345ab.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\recycler\S-1-5-21-3374373167-1834685640-3956726320-1003
c:\windows\system32\drivers\SKYNETeffhxusf.sys
c:\windows\system32\drivers\UACenydgguujmkoflp.sys
c:\windows\system32\lowsec
c:\windows\system32\sdra64.exe
c:\windows\system32\UACaharxnoqtknglxy.dll
c:\windows\system32\UACblkaadnmndxongc.log
c:\windows\system32\UAChuwnalcrpvhacxn.log
c:\windows\system32\UACiaxyfwemlfoqoec.dll
c:\windows\system32\UACmucevwrmdnfavub.dll
c:\windows\system32\UACnoiwnchkmvakufy.log
c:\windows\system32\UACpjvmdtgsrwxaaue.dll
c:\windows\system32\UACpkiusrvronbnyme.dat
c:\windows\system32\UACutaumeulbtxlyjj.db
c:\windows\system32\UACxnbrilqkfbtqvsp.dll
c:\windows\system32\UACykrorrjptudsalc.dll
c:\recycler\S-1-5-21-3374373167-1834685640-3956726320-1003\desktop.ini
c:\recycler\S-1-5-21-3374373167-1834685640-3956726320-1003\INFO2
c:\windows\system32\drivers\SKYNETeffhxusf.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\UACenydgguujmkoflp.sys
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\SKYNETedbpkgof.dll
c:\windows\system32\SKYNEThkaqxjld.dat
c:\windows\system32\SKYNETksenxqsw.dat
c:\windows\system32\SKYNEToqpwtbyp.dll
c:\windows\system32\UACaharxnoqtknglxy.dll
c:\windows\system32\UACblkaadnmndxongc.log
c:\windows\system32\UAChuwnalcrpvhacxn.log
c:\windows\system32\UACiaxyfwemlfoqoec.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmucevwrmdnfavub.dll
c:\windows\system32\UACnoiwnchkmvakufy.log
c:\windows\system32\UACpjvmdtgsrwxaaue.dll
c:\windows\system32\UACpkiusrvronbnyme.dat
c:\windows\system32\uactmp.db
c:\windows\system32\UACutaumeulbtxlyjj.db
c:\windows\system32\UACxnbrilqkfbtqvsp.dll
c:\windows\system32\UACykrorrjptudsalc.dll
c:\windows\zaponce52621.dat
c:\windows\zaponce52689.dat
D:\Autorun.inf
D:\Desktop.ini

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_driver
-------\Legacy_driverdrv
-------\Service_driver
-------\Service_driverdrv
-------\Service_SKYNETmlnwmueq


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 22:40 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-24 22:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-24 02:29 . 2009-06-24 02:30 -------- d-----w- c:\program files\AskBarDis
2009-06-24 02:28 . 2009-06-24 02:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-24 02:28 . 2008-11-13 20:18 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-06-24 02:28 . 2008-11-13 20:18 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-24 02:28 . 2009-06-24 02:28 -------- d-----w- c:\windows\system32\ZoneLabs
2009-06-24 02:28 . 2009-06-24 02:28 -------- d-----w- c:\program files\Zone Labs
2009-06-24 02:28 . 2008-11-13 20:18 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-24 02:27 . 2009-06-24 22:37 -------- d-----w- c:\windows\Internet Logs
2009-06-20 22:51 . 2009-06-14 21:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-20 17:23 . 2009-06-24 05:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Simplify Media
2009-06-20 17:23 . 2009-06-20 17:23 218616 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1906E2D5-62DD-46C9-A92C-B2D4AB81374D}\NewShortcut1_6DC4595DE47A4E6EA70352D9C4F77BA6.exe
2009-06-20 17:23 . 2009-06-20 17:23 218616 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1906E2D5-62DD-46C9-A92C-B2D4AB81374D}\ARPPRODUCTICON.exe
2009-06-20 17:23 . 2009-06-20 17:23 -------- d-----w- c:\program files\Simplify Media
2009-06-20 09:23 . 2009-06-20 09:23 -------- d-----w- c:\program files\AIM Toolbar
2009-06-20 06:10 . 2009-06-24 08:43 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 06:07 . 2009-06-20 06:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-06-20 06:05 . 2009-06-20 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 06:05 . 2009-06-20 06:05 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 06:05 . 2009-06-20 06:05 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 06:05 . 2009-06-20 06:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 06:05 . 2009-06-23 22:07 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 06:05 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-20 06:05 . 2009-06-20 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-20 06:05 . 2009-06-20 06:05 -------- d-----w- c:\program files\AVG
2009-06-20 05:53 . 2009-06-20 09:15 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 04:00 . 2009-06-20 05:23 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 04:00 . 2009-06-20 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 04:00 . 2009-06-20 04:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 00:00 . 2009-06-20 00:00 -------- d-----w- c:\program files\Trend Micro
2009-06-19 22:17 . 2009-06-19 23:46 -------- d-----w- c:\windows\BDOSCAN8
2009-06-19 12:15 . 2009-06-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-19 02:18 . 2009-06-19 02:18 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-19 02:18 . 2009-06-19 02:18 174 ----a-w- C:\nm8912.bat
2009-06-19 01:56 . 2009-06-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-18 05:23 . 2009-06-20 05:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 05:23 . 2009-06-18 05:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-18 05:22 . 2009-06-18 05:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 05:17 . 2009-06-18 05:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-18 05:12 . 2009-06-18 05:12 -------- d-----w- c:\program files\RegistryFix7
2009-06-18 04:28 . 2009-06-18 04:28 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-06-18 03:56 . 2009-06-18 03:56 -------- d-----w- c:\program files\CCleaner
2009-06-18 02:14 . 2009-06-18 02:14 1 ---h--w- c:\windows\jmmark2.dat
2009-06-18 02:13 . 2009-06-19 22:00 0 ----a-w- c:\windows\system32\drivers\7ac939fe.sys
2009-06-17 23:58 . 2009-06-17 03:56 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-17 23:58 . 2009-06-18 03:24 -------- d-----w- c:\documents and settings\Owner\.housecall6.6
2009-06-17 23:39 . 2009-06-17 23:41 -------- d-----w- c:\program files\Enigma Software Group
2009-06-17 23:00 . 2009-06-17 23:00 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-17 22:28 . 2009-06-17 22:28 -------- d-----w- c:\program files\Common Files\iS3
2009-06-17 22:13 . 2009-06-17 22:13 38536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 03:56 . 2009-06-18 04:54 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-06-17 03:46 . 2009-06-17 03:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-17 02:59 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-17 02:56 . 2009-06-17 02:56 -------- d-----w- c:\program files\Panda Security
2009-06-12 08:05 . 2009-06-12 08:05 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-11 22:14 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-11 22:14 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-10 22:37 . 2009-06-10 22:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-10 09:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-10 09:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-10 09:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-10 09:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-10 09:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-10 09:21 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-10 09:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-10 09:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-10 09:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-10 09:20 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-10 09:20 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-10 05:11 . 2009-06-10 05:11 -------- d-----w- c:\program files\iPod
2009-06-10 05:09 . 2009-06-10 05:09 -------- d-----w- c:\program files\Bonjour
2009-06-10 05:09 . 2009-06-10 05:09 -------- d-----w- c:\program files\QuickTime
2009-06-10 05:07 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 05:04 . 2009-06-10 05:04 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 05:02 . 2009-06-10 05:03 -------- d-----w- c:\program files\Safari
2009-06-10 04:30 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
2009-06-10 04:30 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
2009-06-10 04:30 . 2009-03-02 16:47 87456 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\FileModifiedDate.dll
2009-06-10 04:30 . 2009-03-02 16:47 972192 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\PhotoSharing.dll
2009-06-10 04:30 . 2009-01-27 18:53 323624 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\wiaaut.dll
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 09:23 . 2006-12-27 04:07 -------- d-----w- c:\program files\AIM6
2009-06-20 09:23 . 2006-08-29 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-07 15:32 . 2006-08-29 05:50 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-29 04:46 . 2006-08-29 05:51 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2006-08-29 05:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-08-29 05:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-08-29 05:50 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-27 15:56 . 2009-03-27 15:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 15:55 . 2009-03-27 15:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 15:55 . 2009-03-27 15:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 15:55 . 2009-03-27 15:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 15:54 . 2009-03-27 15:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 15:54 . 2009-03-27 15:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 15:54 . 2009-03-27 15:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 15:53 . 2009-03-27 15:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 15:50 . 2009-03-27 15:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 23:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"getmail"="c:\documents and settings\Owner\Desktop\getmail\GetMail.exe" [2007-06-20 1059328]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Simplify Media"="c:\program files\Simplify Media\SimplifyMedia.exe" [2009-04-29 8564232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-09 67584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/16/2009 9:59 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 1:05 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 1:05 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [6/23/2009 9:29 PM 464264]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 1:05 AM 298776]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:05 PM 24652]
S1 7ac939fe;7ac939fe;c:\windows\system32\drivers\7ac939fe.sys [6/17/2009 9:13 PM 0]
S2 18618007fbda52f341d993763f033a81;18618007fbda52f341d993763f033a81;c:\windows\system32\18618007fbda52f341d993763f033a81.sys --> c:\windows\system32\18618007fbda52f341d993763f033a81.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
TCP: {717FEF43-B71C-416A-8AC3-A8739EE88D79} = 192.168.1.254
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 17:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(732)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-24 17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 22:51

Pre-Run: 44,190,085,120 bytes free
Post-Run: 45,282,697,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

317 --- E O F --- 2009-06-17 03:17



_______ uninstall list ______________

2WIRE Wireless LAN - USB Driver
7-Zip 4.42
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AIM 6
AIM Toolbar
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Belkin 54g USB Network Adapter
Bonjour
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
Download Updater (AOL LLC)
FreeRIP v2.945
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterActual Player
iSproggler
iTunes
J2SE Runtime Environment 5.0 Update 2
Last.fm 1.5.4.24567
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office 2000 Professional
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
oggcodecs 0.71.0946
Panda ActiveScan 2.0
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RegistryFix v7.1
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Simplify Media
SoftV92 Data Fax Modem with SmartCP
SoulSeek Client 156c
STOPzilla
SUPERAntiSpyware Free Edition
Supreme Adder
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.5
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Music Jukebox
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

________ hijack this ____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:46 PM, on 6/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [getmail] "C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{717FEF43-B71C-416A-8AC3-A8739EE88D79}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10627 bytes
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 25th, 2009, 5:33 am

Hi :)

It would be of help this time if you do provide a answer for this:
How is you computer performing now, any further symptoms and or problems encountered?
Thank you.

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

Viewpoint Software Advice:

This is just to make you aware of the nature of the aforementioned applications. Though not exactly classed as malware they do have some undersirible characteristics. However there is not point uninstalling as the AIM 6(plus other AOL software) application you have installed, next time used will download/install the aforementioned again with out your knowledge. Isn't that nice of AOL and their applications :roll:

Next:

At present your STOPzilla application is causing a system conflict plus it is not particularly effective anyway. Also the ZoneAlarm Spy Blocker Toolbar is actually the Ask-Bar in disguise and has similar undesirable characteristics as the aforementioned Viewpoint software.

Also older installations of both Adobe and Java pose a security risk and a back-door for malware to reinfect a system, we will update both in due course.

I would also like you to consider uninstalling RegistryFix v7.1 also, as I don't personally recommend the use of ANY registry cleaners. This is deemed optional however and will be highlighted in red.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
J2SE Runtime Environment 5.0 Update 2
RegistryFix v7.1
STOPzilla
ZoneAlarm Spy Blocker Toolbar


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Now Reboot(restart) your computer.

Custom ComboFix-Script:

Note: please make sure that oth AVG and ZoneAlarm are disabled as Zonealarm was not during the last ComboFix run:
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: Select all
    Driver::
    7ac939fe
    
    File::
    c:\windows\010112010146118114.dat
    C:\nm8912.bat
    c:\windows\jmmark2.dat
    c:\windows\system32\drivers\7ac939fe.sys
    
    Folder::
    c:\program files\AskBarDis
    c:\documents and settings\All Users\Application Data\STOPzilla!
    c:\program files\Enigma Software Group
    c:\windows\SxsCaPendDel
    c:\program files\Common Files\iS3
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8085:TCP"= -
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{03402f96-3dc7-4285-bc50-9e81fefafe43}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766b-9f49-4854-8034-f6ee26fcb1ec}]
    [-HKEY_CLASSES_ROOT\CLSID\{1827766b-9f49-4854-8034-f6ee26fcb1ec}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [-HKEY_CLASSES_ROOT\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3215f20-3212-11d6-9f8b-00d0b743919d}]
    [-HKEY_CLASSES_ROOT\CLSID\{e3215f20-3212-11d6-9f8b-00d0b743919d}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{98828DED-A591-462F-83BA-D2F62A68B8B8}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{98828DED-A591-462F-83BA-D2F62A68B8B8}]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.
  • Malwarebytes' Anti-Malware Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 26th, 2009, 11:36 pm

so far the system seems to be running very very smoothly, i was not able to remove stopzilla though... i tried several times and kept getting an error that a file was missing, but i was able to get rid of everything else... here are the logs

ComboFix 09-06-26.02 - Owner 06/26/2009 21:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.657 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\12345ab.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"C:\nm8912.bat"
"c:\windows\010112010146118114.dat"
"c:\windows\jmmark2.dat"
"c:\windows\system32\drivers\7ac939fe.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdefs.db
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdwc.db
c:\documents and settings\All Users\Application Data\STOPzilla!\sztrgwc.db
c:\documents and settings\All Users\Application Data\STOPzilla!\target.log
c:\documents and settings\All Users\Application Data\STOPzilla!\targets.db
c:\documents and settings\All Users\Application Data\STOPzilla!\targets.sav
c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
C:\nm8912.bat
c:\program files\Common Files\iS3
c:\program files\Common Files\iS3\Anti-Spyware\detoured.dll
c:\program files\Common Files\iS3\Anti-Spyware\fullupd.rsf
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3SiteBlocker.dll
c:\program files\Common Files\iS3\Anti-Spyware\iS3SploitChecker.dll
c:\program files\Common Files\iS3\Anti-Spyware\IS3Updater.exe
c:\program files\Common Files\iS3\Anti-Spyware\sgdfull.rsf
c:\program files\Common Files\iS3\Anti-Spyware\SGPrxy.dll
c:\program files\Common Files\iS3\Anti-Spyware\SGSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SGTargetUpdate.Exe
c:\program files\Common Files\iS3\Anti-Spyware\SZBrCom.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZCfgSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZClientCom.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZClLic.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZEXIT.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZExtrSS.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZHistory.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZJustice.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZPAHost.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZQrntn.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZScanner.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZSchSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZScnSvc.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZSnsrSv.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZSvcHost.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe
c:\program files\Common Files\iS3\Anti-Spyware\SZTrgSS.dll
c:\program files\Common Files\iS3\Anti-Spyware\SZUniTrg.dll
c:\program files\Common Files\iS3\Anti-Spyware\updcsz.dll
c:\program files\Enigma Software Group
c:\windows\010112010146118114.dat
c:\windows\jmmark2.dat
c:\windows\SxsCaPendDel
c:\windows\system32\drivers\7ac939fe.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_7ac939fe


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-26 04:03 . 2009-06-20 06:05 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-25 03:04 . 2009-06-25 03:04 33980 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-24 22:50 . 2009-06-24 22:50 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-24 22:40 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-24 22:40 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-24 02:28 . 2009-06-24 02:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-24 02:28 . 2008-11-13 20:18 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-06-24 02:28 . 2008-11-13 20:18 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-24 02:28 . 2009-06-24 02:28 -------- d-----w- c:\windows\system32\ZoneLabs
2009-06-24 02:28 . 2009-06-24 02:28 -------- d-----w- c:\program files\Zone Labs
2009-06-24 02:28 . 2008-11-13 20:18 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-24 02:27 . 2009-06-27 03:06 -------- d-----w- c:\windows\Internet Logs
2009-06-20 22:51 . 2009-06-14 21:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-20 17:23 . 2009-06-27 02:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Simplify Media
2009-06-20 17:23 . 2009-06-20 17:23 218616 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1906E2D5-62DD-46C9-A92C-B2D4AB81374D}\NewShortcut1_6DC4595DE47A4E6EA70352D9C4F77BA6.exe
2009-06-20 17:23 . 2009-06-20 17:23 218616 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1906E2D5-62DD-46C9-A92C-B2D4AB81374D}\ARPPRODUCTICON.exe
2009-06-20 17:23 . 2009-06-20 17:23 -------- d-----w- c:\program files\Simplify Media
2009-06-20 09:23 . 2009-06-20 09:23 -------- d-----w- c:\program files\AIM Toolbar
2009-06-20 06:10 . 2009-06-26 09:32 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-20 06:07 . 2009-06-20 06:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-06-20 06:05 . 2009-06-20 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-20 06:05 . 2009-06-20 06:05 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-20 06:05 . 2009-06-20 06:05 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-20 06:05 . 2009-06-20 06:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 06:05 . 2009-06-26 23:40 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-20 06:05 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-20 06:05 . 2009-06-20 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-20 06:05 . 2009-06-20 06:05 -------- d-----w- c:\program files\AVG
2009-06-20 05:53 . 2009-06-25 02:25 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 04:00 . 2009-06-20 05:23 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 04:00 . 2009-06-20 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 04:00 . 2009-06-20 04:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 00:00 . 2009-06-20 00:00 -------- d-----w- c:\program files\Trend Micro
2009-06-19 22:17 . 2009-06-19 23:46 -------- d-----w- c:\windows\BDOSCAN8
2009-06-19 01:56 . 2009-06-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-18 05:23 . 2009-06-20 05:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 05:23 . 2009-06-18 05:23 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-18 05:22 . 2009-06-18 05:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 05:17 . 2009-06-18 05:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-18 04:28 . 2009-06-18 04:28 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-06-18 03:56 . 2009-06-18 03:56 -------- d-----w- c:\program files\CCleaner
2009-06-17 23:58 . 2009-06-17 03:56 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-17 23:58 . 2009-06-18 03:24 -------- d-----w- c:\documents and settings\Owner\.housecall6.6
2009-06-17 22:13 . 2009-06-17 22:13 38536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 03:56 . 2009-06-18 04:54 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-06-17 03:46 . 2009-06-17 03:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-17 02:59 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-17 02:56 . 2009-06-17 02:56 -------- d-----w- c:\program files\Panda Security
2009-06-12 08:05 . 2009-06-12 08:05 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-11 22:14 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-11 22:14 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-10 22:37 . 2009-06-10 22:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-10 09:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-10 09:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-10 09:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-10 09:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-10 09:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-10 09:21 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-10 09:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-10 09:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-10 09:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-10 09:20 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-10 09:20 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-10 05:11 . 2009-06-10 05:11 -------- d-----w- c:\program files\iPod
2009-06-10 05:09 . 2009-06-10 05:09 -------- d-----w- c:\program files\Bonjour
2009-06-10 05:09 . 2009-06-10 05:09 -------- d-----w- c:\program files\QuickTime
2009-06-10 05:07 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 05:04 . 2009-06-10 05:04 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 05:02 . 2009-06-10 05:03 -------- d-----w- c:\program files\Safari
2009-06-10 04:30 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
2009-06-10 04:30 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
2009-06-10 04:30 . 2009-03-02 16:47 87456 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\FileModifiedDate.dll
2009-06-10 04:30 . 2009-03-02 16:47 972192 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\PhotoSharing.dll
2009-06-10 04:30 . 2009-01-27 18:53 323624 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.9.0\SkinEngine\features\photoview\wiaaut.dll
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 02:22 . 2006-08-29 06:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-20 09:23 . 2006-12-27 04:07 -------- d-----w- c:\program files\AIM6
2009-06-20 09:23 . 2006-08-29 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-07 15:32 . 2006-08-29 05:50 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-29 04:46 . 2006-08-29 05:51 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2006-08-29 05:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-08-29 05:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-08-29 05:50 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_22.44.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 22:50 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-24 22:50 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-24 22:50 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-24 22:50 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-24 22:50 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-24 22:50 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-24 22:50 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-24 22:50 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-24 22:50 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-24 22:50 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-24 22:50 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-24 22:50 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-24 22:50 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-24 22:50 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-24 22:50 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-24 22:50 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-24 22:50 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-24 22:50 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"getmail"="c:\documents and settings\Owner\Desktop\getmail\GetMail.exe" [2007-06-20 1059328]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Simplify Media"="c:\program files\Simplify Media\SimplifyMedia.exe" [2009-04-29 8564232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-20 1948440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-12-09 67584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-20 06:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/16/2009 9:59 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2009 1:05 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2009 1:05 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/20/2009 1:05 AM 298776]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 11:05 PM 24652]
S2 18618007fbda52f341d993763f033a81;18618007fbda52f341d993763f033a81;c:\windows\system32\18618007fbda52f341d993763f033a81.sys --> c:\windows\system32\18618007fbda52f341d993763f033a81.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {717FEF43-B71C-416A-8AC3-A8739EE88D79} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\slf67oku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#restore
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... rab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll

---- FIREFOX POLICIES ----

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-27 22:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 03:14
ComboFix2.txt 2009-06-24 22:51

Pre-Run: 45,277,020,160 bytes free
Post-Run: 45,530,894,336 bytes free

317 --- E O F --- 2009-06-24 23:36



Malwarebytes' Anti-Malware 1.38
Database version: 2340
Windows 5.1.2600 Service Pack 3

6/26/2009 10:26:16 PM
mbam-log-2009-06-26 (22-26-16).txt

Scan type: Quick Scan
Objects scanned: 90968
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Documents\gifnoc.xtx (Trojan.Agent) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:19 PM, on 6/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {e3215f20-3212-11d6-9f8b-00d0b743919d} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [getmail] "C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{717FEF43-B71C-416A-8AC3-A8739EE88D79}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9231 bytes
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 27th, 2009, 8:43 am

Hi :)

so far the system seems to be running very very smoothly
Good to know and thanks for the update.

I was not able to remove stopzilla though... i tried several times and kept getting an error that a file was missing, but i was able to get rid of everything else... here are the logs
OK not a problem we can address this shortly.

Windows Installer Cleanup Utility:

Download the Windows Installer Cleanup Utility and save it to your Desktop.

  • Double-click msicuu2.exe to install the utility.
  • Next, click Start >> All Programs >> Windows Install Clean UP
  • Once the program is open select:

    STOPzilla (If present)

  • Any other entry relating to software applications no longer installed.
  • Now click Remove, then click OK
  • Reboot your computer.

Disable ZoneAlarm:

We need to temp disable ZoneAlarm so it does not hinder the HijackThis fixes below. It will start again as normal after the system reboot.

How to do so as follows:

  • Right click on the system tray ZoneAlarm icon and select Shutdown ZoneAlarm
  • Click Yes at the prompt.

Next:

Please re-open HiJackThis and select Scan. Check the boxes next to all the entries listed below (if present):

R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - (no file)
O2 - BHO: (no name) - {e3215f20-3212-11d6-9f8b-00d0b743919d} - (no file)


Now click on Fix Checked. Close HiJackThis.

Now Reboot(restart) your computer.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start -->Run..., copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert
Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Blacklight Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 27th, 2009, 12:00 pm

so far my computer is running great. no further problems as far as being redirected, i can access my hidden folders, it seems to be good

06/27/09 10:47:54 [Info]: BlackLight Engine 2.2.1092 initialized
06/27/09 10:47:54 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/27/09 10:47:54 [Note]: 7019 4
06/27/09 10:47:54 [Note]: 7005 0
06/27/09 10:48:03 [Note]: 7006 0
06/27/09 10:48:03 [Note]: 7022 0
06/27/09 10:48:03 [Note]: 7011 1472
06/27/09 10:48:03 [Note]: 7035 0
06/27/09 10:48:03 [Note]: 7026 0
06/27/09 10:48:03 [Note]: 7026 0
06/27/09 10:48:03 [Note]: FSRAW library version 1.7.1024
06/27/09 10:48:54 [Note]: 4013 286
06/27/09 10:48:54 [Note]: 4020 22514 327680
06/27/09 10:48:54 [Note]: 4018 22514 327680
06/27/09 10:48:54 [Note]: 4013 286
06/27/09 10:48:54 [Note]: 4020 22514 327680
06/27/09 10:48:54 [Note]: 4018 22514 327680
06/27/09 10:52:36 [Note]: 4013 5944
06/27/09 10:52:36 [Note]: 4020 35361 327680
06/27/09 10:52:36 [Note]: 4018 35361 327680
06/27/09 10:52:36 [Note]: 4013 5944
06/27/09 10:52:36 [Note]: 4020 35361 327680
06/27/09 10:52:36 [Note]: 4018 35361 327680
06/27/09 10:58:29 [Note]: 7007 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:53 AM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [getmail] "C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{717FEF43-B71C-416A-8AC3-A8739EE88D79}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8831 bytes
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 27th, 2009, 4:42 pm

Hi :)

so far my computer is running great. no further problems as far as being redirected, i can access my hidden folders, it seems to be good
Good news! :thumbup:

New Adobe Reader Installation:

  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE Runtime Environment (JRE) 6 Update 14. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u14-windows-i586-p.exe link to download it and save this to a convenient location.
  • Double click on jre-6u14-windows-i586-p.exe to install Java.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: Use Internet Explorer for this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 29th, 2009, 4:21 am

Hi :)

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 29th, 2009, 8:24 am

Yes I'm sorry, I have been busy but will get this done tonight and post everything
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm

Re: unable to open malwarebytes or see hidden extensions

Unread postby Dakeyras » June 29th, 2009, 5:25 pm

OK fine :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: unable to open malwarebytes or see hidden extensions

Unread postby ernest787 » June 30th, 2009, 5:58 pm

the machine still seems to be running fine. i haven't had any problems lately

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 03:38:35
Records in database: 2403678
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 77964
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:21:27


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\click.exe.bac_a01988 Infected: Trojan-Dropper.Win32.Agent.atzd 1
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\click.exe.bac_a01996 Infected: Trojan-Dropper.Win32.Agent.atzd 1
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\click[1].exe.bac_a01988 Infected: Trojan-Dropper.Win32.Agent.atzd 1
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\click[1].exe.bac_a01996 Infected: Trojan-Dropper.Win32.Agent.atzd 1
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:37 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [getmail] "C:\Documents and Settings\Owner\Desktop\getmail\GetMail.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{717FEF43-B71C-416A-8AC3-A8739EE88D79}: NameServer = 192.168.1.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9746 bytes
ernest787
Active Member
 
Posts: 10
Joined: June 18th, 2009, 11:56 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware